Hi Everyone! I just did a clean install of Leap 16 using the Agama installer. During the installation I encrypted my drive and setting up auto-unlocking using TPM.
I have a Lenovo ThinkPad with a TPM2.0 (It is enabled I checked in BIOS). It seems to have worked right after installation but when I tried to reboot I got the following error:
error: …/…/grub-core/commands/tpm2_key_protector/module.c:183:could not open file: (hd0,gpt1)/EFI/opensuse/sealed.tpm
error: …/…/grub-core/fs/fshelp.c:257:file /EFI/opensuse/sealed.tpm not found
error: …/…/grub-core/disk/cryptodisk.c:1199: no key protector provided a usable key for hd0,gpt2.
Then it prompts for the decryption password.
I did some digging around and found that when I disable Secure Boot in BIOS and run tpm-authorize and regenerate-key it works no problem. But when I enable Secure Boot again and do the same I get:
$ sudo fdectl tpm-authorize
Error: Unable to open TPM event log /sys/kernel/security/tpm0/binary_bios_measurements: No such file or directory
Fatal: Failed to open TPM event log, giving up.
$ sudo fdectl tpm-present
Error: TPM2 Lockout Authorization set
This system does not have a TPM2 chip. Full disk encryption with TPM protection not available
Everything works fine with secure boot disabled.
Could please some help me resolve this?
Thank you in advance for any suggestions.