9 Apr
2024
9 Apr
'24
09:26
aplanas wrote:
On 2024-04-08 17:30, Andrei Borzenkov wrote:
On 08.04.2024 09:16, Ludwig Nussel wrote:
Andrei Borzenkov wrote:
Any pointers how I can reinitialize whatever is needed to be reinitialized so automatic unlocking works again?
# pcrlock remove-policy # systemd-cryptenroll --wipe=tpm2 /dev/yourdev # sdbootutil update-predictions # systemd-cryptenroll --tpm2-device=auto /dev/yourdev
Yes, that works. Thank you!
That lock one NVIndex slot in the TPM2. After the wipe I would do a `tpm2_clear` to free it.
systemd-pcrlock remove-policy clears the nvindex cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.com/ SUSE Software Solutions Germany GmbH; GF: Ivo Totev, Andrew McDonald, Werner Knoblich; HRB 36809 (AG Nürnberg)