Unattended boot with TPM 2.0: Still being prompted for password at boot

English Install/Boot/Login
1

On a fresh install of Tumbleweed, I used guided partitioning to configure encrypted LUKS2 PBKDF2 root (BTRFS) and swap partitions, with Secure Boot and Trusted Boot enabled, and subsequently I’ve been trying to set up unattended boot via TPM2. My problem is that I receive an error on boot and Grub just prompts for the password.

Here’s the lsblk:

NAME        MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS            UUID
nvme0n1     259:0    0 931.5G  0 disk                         
└─nvme0n1p1 259:1    0 931.5G  0 part                         d9993d57-ed9a-4c28-86a6-b7065da2bac2
nvme1n1     259:2    0 931.5G  0 disk                         
├─nvme1n1p1 259:3    0   512M  0 part  /boot/efi              8082-0D9F
├─nvme1n1p2 259:4    0 915.5G  0 part                         3f87dfc2-c1a2-41f5-8713-d98871e1ecda
│ └─cr_root 254:0    0 915.4G  0 crypt /var                   129d540c-2224-4798-aa1a-9c685bfce322
│                                      /usr/local             
│                                      /srv                   
│                                      /root                  
│                                      /opt                   
│                                      /home                  
│                                      /boot/grub2/x86_64-efi 
│                                      /boot/grub2/i386-pc    
│                                      /.snapshots            
│                                      /                      
└─nvme1n1p3 259:5    0  15.6G  0 part                         38e2eaaa-7f31-417d-b6c8-c55d4b7baa31
  └─cr_swap 254:1    0  15.5G  0 crypt [SWAP]                 22badd67-573c-43f8-b6c0-d3e2c378294b

(The additional nvme0n1p1 should be mounted and auto-decrypted as well, but to keep things simple I opted to get root+swap working before setting up decryption+mounting for that one).

I’ve been following this guide: SDB:Encrypted root file system - openSUSE Wiki . Specifically, here are my notes:

  1. sudo zypper install fde-tools tpm2.0-tools
  2. Verify presence of TPM 2: sudo fdectl tpm-present
  3. Ensure that TPM persistent handle is cleared
    1. Check for it with sudo tpm2_getcap handles-persistent |grep 0x81000001
    2. Evict it with sudo tpm2_evictcontrol -C o -c 0x81000001
  4. sudo vi /etc/sysconfig/fde-tools, add /dev/disk/by-uuid/{UUID of swap partition} to FDE_DEVS
  5. sudo fdectl regenerate-key
  6. sudo vi /etc/crypttab, make 3rd and 4th columns /.fde-virtual.key x-initrd.attach for both root and swap
  7. Update booloader and initrd: sudo dracut -f && sudo update-bootloader --refresh

When I boot, it spends about 25 seconds on the mainboard splash screen, after which I see the following error:

error: ../../grub-core/disk/cryptodisk.c:1197:no key protector provided a usable key for hd0,gpt2 (3f87dfc2-c1a2-41f5-8713-d98871e1ecda).
error: ../../grub-core/cryptodisk:1519:no such cryptodisk found, perhaps a needed disk or cryptodisk module is not loaded.
Enter passphrase for hd0,gpt2 (3f87dfc2-c1a2-41f5-8713-d98871e1ecda):
Slot "0" opened
Please press 't' to show the boot menu on this console

When I input the password once, it advances to a screen mentioning that it’s loading the initial ramdisk, and it proceeds all the way to the KDE Plasma login screen.

Things I’ve tried:

  1. Various combinations of sudo tpm-enable, sudo tpm-authorize, sudo dracut -f and sudo update-bootloader --refresh just in case something hadn’t been enabled/rebuilt
  2. This reddit thread is the only one I found based on the error message, which suggested adding a snippet with insmod tpm into the Grub config (I had to use the Wayback machine to find the old Wiki page to find the snippet since Reddit mangled the formatting). It had no effect for me.

Could anyone help me figure out what’s going wrong here? Thanks!

Some addition config/output in case it’s helpful:

/boot/efi/EFI/opensuse/grub.cfg:

set btrfs_relative_path="yes"
tpm_record_pcrs 0-9
tpm2_key_protector_init -T $prefix/sealed.tpm
if ! cryptomount -u 3f87dfc2c1a241f58713d98871e1ecda --protector tpm2; then
    cryptomount -u 3f87dfc2c1a241f58713d98871e1ecda
fi
search --fs-uuid --set=root 129d540c-2224-4798-aa1a-9c685bfce322
set prefix=(${root})/boot/grub2
source "${prefix}/grub.cfg"

/etc/sysconfig/fde-tools:

# Tunables for full disk encryption

# Configure whether to use old-style PCR policies, or TPMv2 authorized policies.
# Set to yes/no
FDE_USE_AUTHORIZED_POLICIES=yes

# List of PCRs to seal the LUKS key to
FDE_SEAL_PCR_LIST=0,2,4,7,9
FDE_SEAL_PCR_BANK=sha256

# It appears that 128 is the maximum size of what TPM2_Load is willing to handle
FDE_KEY_SIZE_BYTES=128

# These need to match exactly what grub2 uses to create the SRK
FDE_TPM2_SRK_ATTRS="userwithauth|restricted|decrypt|fixedtpm|fixedparent|noda|sensitivedataorigin"

# The PBKDF algorithm to use for deriving LUKS keys from a given password
# For grub2 based schemes, you have to use pbkdf2 for now.
FDE_LUKS_PBKDF="pbkdf2"

# Enable/disable tracing output
FDE_TRACING=true

# This is used by the installer to inform "fdectl tpm-enable" about a key
# to enroll on the next reboot
FDE_ENROLL_NEW_KEY=""

# Specify the devices to be managed by fdectl
# NOTE: Those devices must use the same recovery password.
FDE_DEVS="/dev/disk/by-uuid/38e2eaaa-7f31-417d-b6c8-c55d4b7baa31"

# [DEPRECATED] Use FDE_DEVS instead
# FDE_EXTRA_DEVS=""

# Configure whether to update the authorized policy in the sealed key after
# the bootloader update
# Set to yes/no
FDE_TPM_AUTO_UPDATE="yes"
FDE_AUTHORIZED_POLICY="authorized-policy"

/etc/crypttab:

cr_swap  UUID=38e2eaaa-7f31-417d-b6c8-c55d4b7baa31  /.fde-virtual.key  x-initrd.attach
cr_root  UUID=3f87dfc2-c1a2-41f5-8713-d98871e1ecda  /.fde-virtual.key  x-initrd.attach

Output of sudo fdectl regenerate-key:

Authorized policy written to /etc/fde/authorized-policy/authorized-policy.tpm
Please enter LUKS recovery password: 
Verifying LUKS recovery password (/dev/disk/by-uuid/38e2eaaa-7f31-417d-b6c8-c55d4b7baa31)
Sealing secret - this may take a moment
Sealed secret written to /etc/fde/authorized-policy/sealed.tpm
copying /usr/share/efi/x86_64/grub.efi to /boot/efi/EFI/opensuse/grub.efi
BootCurrent: 0000
Timeout: 1 seconds
BootOrder: 000F,0002,0007
Boot0002* Samsung SSD 970 EVO Plus 1TB  BBS(HD,,0x0)0000424f
Boot0007* WD_BLACK SN750 SE 1TB BBS(HD,,0x0)0000424f
Boot000F* opensuse      HD(1,GPT,10158f8e-3c7e-44db-9eb4-66c8c3c319ed,0x800,0x100000)/File(\EFI\OPENSUSE\GRUBX64.EFI)0000424f
BootCurrent: 0000
Timeout: 1 seconds
BootOrder: 0000,000F,0002,0007
Boot0002* Samsung SSD 970 EVO Plus 1TB  BBS(HD,,0x0)0000424f
Boot0007* WD_BLACK SN750 SE 1TB BBS(HD,,0x0)0000424f
Boot000F* opensuse      HD(1,GPT,10158f8e-3c7e-44db-9eb4-66c8c3c319ed,0x800,0x100000)/File(\EFI\OPENSUSE\GRUBX64.EFI)0000424f
Boot0000* opensuse-secureboot   HD(1,GPT,10158f8e-3c7e-44db-9eb4-66c8c3c319ed,0x800,0x100000)/File(\EFI\opensuse\shim.efi)
Signed PCR policy written to /boot/efi/EFI/opensuse/sealed.tpm
copying /usr/share/efi/x86_64/grub.efi to /boot/efi/EFI/opensuse/grub.efi
BootCurrent: 0000
Timeout: 1 seconds
BootOrder: 000F,0002,0007
Boot0002* Samsung SSD 970 EVO Plus 1TB  BBS(HD,,0x0)0000424f
Boot0007* WD_BLACK SN750 SE 1TB BBS(HD,,0x0)0000424f
Boot000F* opensuse      HD(1,GPT,10158f8e-3c7e-44db-9eb4-66c8c3c319ed,0x800,0x100000)/File(\EFI\OPENSUSE\GRUBX64.EFI)0000424f
BootCurrent: 0000
Timeout: 1 seconds
BootOrder: 0000,000F,0002,0007
Boot0002* Samsung SSD 970 EVO Plus 1TB  BBS(HD,,0x0)0000424f
Boot0007* WD_BLACK SN750 SE 1TB BBS(HD,,0x0)0000424f
Boot000F* opensuse      HD(1,GPT,10158f8e-3c7e-44db-9eb4-66c8c3c319ed,0x800,0x100000)/File(\EFI\OPENSUSE\GRUBX64.EFI)0000424f
Boot0000* opensuse-secureboot   HD(1,GPT,10158f8e-3c7e-44db-9eb4-66c8c3c319ed,0x800,0x100000)/File(\EFI\opensuse\shim.efi)
1 Like