https://bugzilla.suse.com/show_bug.cgi?id=1228863 https://bugzilla.suse.com/show_bug.cgi?id=1228863#c31 --- Comment #31 from Marc Thomas <opensuse@radok.me> --- (In reply to Alberto Planas Dominguez from comment #30)
Ah my bad, Marc. I got busy with other tasks. All good, did not want to be pushy - I just thought maybe I can reproduce in TW so we'd have more information if it's an Aeon only thing.
I am a bit lost with your issue, so let me retake it thinking out of loud.
A)
localhost:~ # sdbootutil unenroll --method=tpm2 dracut-install: ERROR: installing 'grub2-editenv' dracut[E]: FAILED: /usr/lib/dracut/dracut-install -D /var/tmp/dracut.aGwm26/initramfs -a date btrfs awk grub2-editenv
Dracut should not complain with anything related with GRUB, as should not be installed. Can you check that this is the case? (zypper se grub2, or rpm -qa | grep grub2) zypper se grub2 shows no packages with an 'i'.
# Remove the pcrlock files rm -fr /var/lib/pcrlock.d Done.
# Take note of the active default boot entry sdbootutil list-entries --only-default localhost:~ # sdbootutil list-entries --only-default aeon-6.10.3-1-default-10.conf
# Check the contents. # Replace 6.10.3-1-default with the output from last command # Take note of the initrd name. There is a hash at the end. sdbootutil show-entry 6.10.3-1-default OK. Gave me back the expected entry with his hash: initrd /aeon/6.10.3-1-default/initrd-a67e4f4c8aca4aa4f1b50919c64448ccb79b13b3
# Do the unenroll / enroll dancing. # No error message should appear when calling dracut. # This should generate a new initrd sdbootutil unenroll --method=tpm2 Dracut shows an error immediately. localhost:/var/tmp # sdbootutil unenroll --method=tpm2 dracut-install: ERROR: installing 'grub2-editenv' dracut[E]: FAILED: /usr/lib/dracut/dracut-install -D /var/tmp/dracut.vhLGSX/initramfs -a date btrfs awk grub2-editenv Wiped slot 0.
I checked and the destination directory is not created. localhost:/var/tmp # ll /var/tmp/dracut.vhLGSX/initramfs ls: cannot access '/var/tmp/dracut.vhLGSX/initramfs': No such file or directory
sdbootutil enroll --ask-pin --method=tpm2 localhost:/var/tmp # sdbootutil enroll --ask-pin --method=tpm2 dracut-install: ERROR: installing 'grub2-editenv' dracut[E]: FAILED: /usr/lib/dracut/dracut-install -D /var/tmp/dracut.7ZJw15/initramfs -a date btrfs awk grub2-editenv Garbage after device path end, ignoring. Garbage after device path end, ignoring. Recovery PIN: Garbage after device path end, ignoring. NVIndex policy created Enrolling with TPM2 (pcrlock): /dev/nvme0n1p2 No slots to remove selected. 🔐 Please enter current passphrase for disk /dev/nvme0n1p2: ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• New TPM2 token enrolled as key slot 0.
Same issue, but with a different folder name that also is not created. I did a reboot after this step.
# Check again the last initrd # Pbly the hash will be different. Check that the initrd is in place sdbootutil show-entry 6.10.3-1-default The hash has not changed initrd /aeon/6.10.3-1-default/initrd-a67e4f4c8aca4aa4f1b50919c64448ccb79b13b3
So probably dracut can't do it's thing as the dir is missing. I could create the dir and run it again, but I don't understand what it really does so I would not mess with it. Thanks for all your help so far, really appreciate it. -- You are receiving this mail because: You are on the CC list for the bug.