MicroOS seems to have moved into systemd-pcrlock, which requires TPM2 revision >= 1.38 per this post. The server I tried setting up TPM unlock with sadly is stuck on rev 1.16 as you can see:
# tpm2_getcap properties-fixed | grep TPM2_PT_REVISION -A2
TPM2_PT_REVISION:
raw: 0x74
value: 1.16
I mostly got into MicroOS because of its support for TPM automatic unlock. However now I’m not sure what options I have. I tried setting up Ubuntu Server with Clevis but apparently anything beyond PCR7 is too unreliable. PCR7 to my understanding is basically placebo-level security, so that’s not a good solution. This post also provides some info, but not much beyond noting on being stricter with system changes when using stricter PCRs. I appreciate any suggestions. Besides changing/upgrading hardware or loosening security of course :P. Thanks!