From 8f58ce378d4810faa529ad8ec821f0d4c98b0e39 Mon Sep 17 00:00:00 2001
From: grydz <grydz@pm.me>
Date: Thu, 21 Mar 2024 18:59:31 +0400
Subject: [PATCH] Fix: try to not bind PCR-7 to systemd-cryptenroll

See bug: https://github.com/systemd/systemd/issues/24906
---
 resources/scripts/cosmian_fstool | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/scripts/cosmian_fstool b/resources/scripts/cosmian_fstool
index af2946ef..2b715298 100644
--- a/resources/scripts/cosmian_fstool
+++ b/resources/scripts/cosmian_fstool
@@ -134,7 +134,7 @@ fi
 
 # Enroll the TPM to decrypt the luks without password (a password is required to run this command)
 echo "Enrolling the TPM for this container..."
-PASSWORD=$PASSWORD systemd-cryptenroll --tpm2-device=/dev/tpmrm0 --tpm2-pcrs=7 "$BLOCK_DEVICE"
+PASSWORD=$PASSWORD systemd-cryptenroll --tpm2-device=/dev/tpmrm0 "$BLOCK_DEVICE"
 
 # Remove previous entry from the fstab and crypttab (create a .bak file to ease the rollback)
 echo "Removing previous obsolete auto mounting rules..."