sudo fwupdmgr update manually and performed the update. Everything was as expected. No errors only "Update successful"

sudo sdbootutil --ask-pin update-predictions Entered my password (not the key) and all seemed good. No unexpected messages no errors

sudo sdbootutil unenroll --method=tpm2 dracut-install: ERROR: installing 'grub2-editenv' dracut[E]: FAILED: /usr/lib/dracut/dracut-install -D /var/tmp/dracut.FBHI0O/initramfs -a date btrfs awk grub2-editenv Cleaning /boot/efi Removed /aeon/6.11.8-1-default/initrd-45f6758dc12fca1deebe84d7d6af9abafc75cf10 No slots to remove selected. Nothing I seemed wrong to me. Grub makes sense because Aeon does not use GRUB and I knew this message from my first re-enrollment as I setted up the system sudo systemd-cryptenroll No device specified, defaulting to '/dev/nvme0n1p2'. SLOT TYPE 0 recovery 1 password Nothing suspicious I suppose sudo sdbootutil enroll --method=tpm2 dracut-install: ERROR: installing 'grub2-editenv' dracut[E]: FAILED: /usr/lib/dracut/dracut-install -D /var/tmp/dracut.M7EqLz/initramfs -a date btrfs awk grub2-editenv Cleaning /boot/efi Removed /aeon/6.11.8-1-default/initrd-f6a6ad1b0a2f511a784675b06e1339a8d04110e0 Recovery PIN: <REDACTED> You can also scan it with your mobile phone: <REDACTED> keyctl_set_timeout: Permission denied I was surprised receiving a new QR Code and a new recovery key which wasn't the

https://bugzilla.suse.com/show_bug.cgi?id=1234234 Bug ID: 1234234 Summary: Enrollemnt of TPM2 no longer functional Classification: openSUSE Product: openSUSE Aeon Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Installation Assignee: rbrown@suse.com Reporter: vortex@z-ray.de QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- Hello there I didn't had any issues with the TPM2 FDE until yesterday. Everything was working fine until now. Here is what happened: 1) I booted up the PC as usual and noticed Gnome-Software was opposing a secureboot sdx update 2) At first I tried to perform this update using Gnome-Software itself but the "Download and Install" button did nothing. Formerly it worked, downloaded the firmnware and prompted my to restart the computer. 3) As Gnome-Software didn't worked I ran 4) I rebooted the system as I now expected the TPM prediction to be invalid as it was usually the case with these kind of updates. 5) Got asked for either my recovery key or the user defined password I once set as I setted up the computer. 6) At first I tried to just update the TPM predictions as described in the Encryption guide of Aeon: 7) Rebooted to verify it has worked. It didn't I was prompted to enter my key or the password 8) I then attempted a full re-enrollment of my TPM as I did after installing the nvidia dirver as I setted up the PC. Hence I knew this worked because it did so in the past old one. Nevertheless I wrote it down and rebooted. Also the "Permission Denied" message is new to me. 9) Got ask for either the recovery key or my password. However the key shown on screen before did not worked. I tired this 2 times, the system rebooted, ask for the key or the password and I tired the recovery key once more to no avail. I then used my password which still was functional Is there anything else I can add to this bug report , any logs to help down track down the issue? Other things I tired in the mean time: 1) Forcefully removing the recovery key using:

sudo systemd-cryptenroll --wipe-slot=2 /dev/nvme0n1p2 Back the the recovery key was in slot 2 This worked and then set a recovery key manually using the key I had noted down. sudo systemd-cryptenroll /dev/nvme0n1p2 --recovery-key This worked as well But re-enrolling the TPM afterwards didn't worked either

2) Reset the TPM via the BIOS and doing a full re-enrollment again. No success. 3) Reverting the secure boot update, doing a full re-enrollment. No success. 4) Re-doing the secure boot update, doing a full re-enrollment. No success. 5) Performing a full BIOS updated the old fashioned way as the mainboard vendor had a new update out as of NOv. 12 2024, doing a full re-enrollment. No success. The board is a Gigabyte B650 GAMING X AX V2 (rev. 1.x) with the latest BIOS version F32e: https://www.gigabyte.com/Motherboard/B650-GAMING-X-AX-V2-rev-1x/support#supp... Kind regards, V. -- You are receiving this mail because: You are on the CC list for the bug.