systemd-cryptsetup fails to unseal secret from TPM #30546

Faerbit · 2023-12-20T13:54:58Z

systemd version the issue has been seen with

255.1-1-arch

Used distribution

Arch Linux

Linux kernel version used

6.6.7-arch1-1

CPU architectures issue was seen on

x86_64

Component

systemd-cryptsetup

Expected behaviour you didn't see

systemd-cryptsetup unseals secret from TPM to use with systemd-cryptenroll TPM2 signed PCR to unlock my rootfs.

(I'm unsure what additional details might be relevant, so please just ask for them)

Unexpected behaviour you saw

systemd-cryptsetup[290]: Failed to unseal secret using TPM2: Operation not permitted

from journald

(again if additional log entries are relevant, please ask)

Steps to reproduce the problem

Setup UKI as mentioned in Example 2 of man systemd-measure
Try to boot it
Get prompted for password

Downgrade to systemd 254.6-2-arch fixes my setup, so this seems to be a regression.

Note to self: Use journalctl -b 7a36c04369b14c7f8fa959fb2bdc4c3c for additional details if necessary

Additional program output to the terminal or log subsystem illustrating the issue

No response

The text was updated successfully, but these errors were encountered:

poettering · 2023-12-20T16:36:28Z

Not actionable. please provide debug logs of the cryptsetup part of the boot.

Faerbit · 2023-12-20T19:55:22Z

I added systemd.log_level=debug to my kernel cmdline and then extracted logs with journalctl -b _EXE=/usr/lib/systemd/systemd-cryptsetup. Is that what you wanted?

Working example (systemd 254.6)

Dez 20 20:41:57 archlinux systemd-cryptsetup[311]: [sha256(7)]: b0f12e2126573cd0c4eb3d6d5d31914472a23a3eeeb68d76eb143ee4e137c194
Dez 20 20:41:57 archlinux systemd-cryptsetup[311]: [sha256(11)]: 6c437b32998a876e49a7989b00c92f8f86bc492ccc69931ed2c5fa40c345ebda
Dez 20 20:41:57 archlinux systemd-cryptsetup[311]: Adding PCR signature policy.
Dez 20 20:41:57 archlinux systemd-cryptsetup[311]: Loading external key into TPM.
Dez 20 20:41:58 archlinux systemd-cryptsetup[311]: Object name: 000b3394ebbf401e6709be8f5d872b38851634a1fee67b0915fc1fba945f3c78147f
Dez 20 20:41:58 archlinux systemd-cryptsetup[311]: Adding PCR hash policy.
Dez 20 20:41:58 archlinux systemd-cryptsetup[311]: Acquiring policy digest.
Dez 20 20:41:58 archlinux systemd-cryptsetup[311]: Session policy digest: 45cb443b1f4701bf28fdc3bbafec57ecafed50f59c92996543294c953aa1b0a0
Dez 20 20:41:59 archlinux systemd-cryptsetup[311]: Acquiring policy digest.
Dez 20 20:41:59 archlinux systemd-cryptsetup[311]: Session policy digest: 4fd4bd9c1255dcaa2192196dceb37513bf580508af4c077d6bced9aef8e3b365
Dez 20 20:42:00 archlinux systemd-cryptsetup[311]: Adding PCR hash policy.
Dez 20 20:42:00 archlinux systemd-cryptsetup[311]: Acquiring policy digest.
Dez 20 20:42:00 archlinux systemd-cryptsetup[311]: Session policy digest: 3fe886b004519ada9c7084cbc8bb5a6e3b42b338eedd292632b400d0ce7dfc54
Dez 20 20:42:00 archlinux systemd-cryptsetup[311]: Acquiring policy digest.
Dez 20 20:42:00 archlinux systemd-cryptsetup[311]: Session policy digest: 3fe886b004519ada9c7084cbc8bb5a6e3b42b338eedd292632b400d0ce7dfc54
Dez 20 20:42:00 archlinux systemd-cryptsetup[311]: Unsealing HMAC key.
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Completed TPM2 key unsealing in 4.590261s.
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Trying to open keyslot 3 with token 1 (type systemd-tpm2).
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Trying to open LUKS2 keyslot 3.
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Running keyslot key derivation.
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Reading keyslot area [0x68000].
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Acquiring read lock for device /dev/disk/by-uuid/9c2db4b3-9f23-42f7-856a-3459b6b874f7.
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Opening lock resource file /run/cryptsetup/L_259:4
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Verifying lock handle for /dev/disk/by-uuid/9c2db4b3-9f23-42f7-856a-3459b6b874f7.
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Device /dev/disk/by-uuid/9c2db4b3-9f23-42f7-856a-3459b6b874f7 READ lock taken.
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Reusing open ro fd on device /dev/disk/by-uuid/9c2db4b3-9f23-42f7-856a-3459b6b874f7
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Device /dev/disk/by-uuid/9c2db4b3-9f23-42f7-856a-3459b6b874f7 READ lock released.
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Verifying key from keyslot 3, digest 0.
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: dm target-version crypt  [ opencount flush ]   [16384] (*1)
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: dm versions   [ opencount flush ]   [16384] (*1)
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Detected dm-crypt version 1.24.0.
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Loading key (32 bytes, type logon) in thread keyring.
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Using persistent flag no-read-workqueue.
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Using persistent flag no-write-workqueue.
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: dm versions   [ opencount flush ]   [16384] (*1)
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: dm status luks-root  [ opencount noflush ]   [16384] (*1)
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Calculated device size is 935599759 sectors (RW), offset 4096.
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: DM-UUID is CRYPT-LUKS2-9c2db4b39f2342f7856a3459b6b874f7-luks-root
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Udev cookie 0xd4dfafb (semid 7) created
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Udev cookie 0xd4dfafb (semid 7) incremented to 1
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Udev cookie 0xd4dfafb (semid 7) incremented to 2
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Udev cookie 0xd4dfafb (semid 7) assigned to CREATE task(0) with flags DISABLE_LIBRARY_FALLBACK         (0x20)
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: dm create luks-root CRYPT-LUKS2-9c2db4b39f2342f7856a3459b6b874f7-luks-root [ opencount flush ]   [16384] (*1)
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: dm reload   (254:13) [ opencount flush securedata ]   [16384] (*1)
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: dm resume luks-root  [ opencount flush securedata ]   [16384] (*1)
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: luks-root: Stacking NODE_ADD (254,13) 0:0 0600 [trust_udev]
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: luks-root: Stacking NODE_READ_AHEAD 256 (flags=1)
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Udev cookie 0xd4dfafb (semid 7) decremented to 1
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Udev cookie 0xd4dfafb (semid 7) waiting for zero
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Udev cookie 0xd4dfafb (semid 7) destroyed
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: luks-root: Skipping NODE_ADD (254,13) 0:0 0600 [trust_udev]
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: luks-root: Processing NODE_READ_AHEAD 256 (flags=1)
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: luks-root (254:13): read ahead is 256
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: luks-root: retaining kernel read ahead of 256 (requested 256)
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Volume luks-root activated with LUKS token id 0.
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Releasing crypt device /dev/disk/by-uuid/9c2db4b3-9f23-42f7-856a-3459b6b874f7 context.
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Releasing device-mapper backend.
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Closing read only fd for /dev/disk/by-uuid/9c2db4b3-9f23-42f7-856a-3459b6b874f7.
Dez 20 20:42:01 archlinux systemd-cryptsetup[311]: Unloading systemd-tpm2 token handler.

Broken example (systemd 255.1)

Dez 20 20:19:50 archlinux systemd-cryptsetup[293]: Starting HMAC encryption session.
Dez 20 20:19:50 archlinux systemd-cryptsetup[293]: Starting policy session.
Dez 20 20:19:50 archlinux systemd-cryptsetup[293]: Building sealing policy.
Dez 20 20:19:50 archlinux systemd-cryptsetup[293]: Reading PCR selection: [sha256(7+11)]
Dez 20 20:19:50 archlinux systemd-cryptsetup[293]: Read PCR selection: [sha256(7+11)]
Dez 20 20:19:50 archlinux systemd-cryptsetup[293]: PCR value: 7:sha256=b0f12e2126573cd0c4eb3d6d5d31914472a23a3eeeb68d76eb143ee4e137c194
Dez 20 20:19:50 archlinux systemd-cryptsetup[293]: PCR value: 11:sha256=a69016269350bf683531496de5d0136ce11f48dd6c8592516aaaa37b67a99389
Dez 20 20:19:50 archlinux systemd-cryptsetup[293]: Adding PCR signature policy.
Dez 20 20:19:50 archlinux systemd-cryptsetup[293]: Loading external key into TPM.
Dez 20 20:19:51 archlinux systemd-cryptsetup[293]: Object name: 000b8c17cfd94e6c50fc478e0a02dd1f1d55241eadb2266b621a5e572b6d332b28d5
Dez 20 20:19:51 archlinux systemd-cryptsetup[293]: Submitting PCR hash policy.
Dez 20 20:19:51 archlinux systemd-cryptsetup[293]: Acquiring policy digest.
Dez 20 20:19:51 archlinux systemd-cryptsetup[293]: Session policy digest: 497386013583097333d8149802678626af8010bc027788d5ff840d26a74068fb
Dez 20 20:19:52 archlinux systemd-cryptsetup[293]: Acquiring policy digest.
Dez 20 20:19:52 archlinux systemd-cryptsetup[293]: Session policy digest: 632e3b0bf86c6c055fdd1f4bde0d461a1c7b4e13ced566d4edb2143207e09090
Dez 20 20:19:53 archlinux systemd-cryptsetup[293]: Submitting PCR hash policy.
Dez 20 20:19:53 archlinux systemd-cryptsetup[293]: Acquiring policy digest.
Dez 20 20:19:53 archlinux systemd-cryptsetup[293]: Session policy digest: 0309d18841fdfcf511b9b2448f25162cb600611f68ec45c197fd874ef2d43dc0
Dez 20 20:19:53 archlinux systemd-cryptsetup[293]: Acquiring policy digest.
Dez 20 20:19:53 archlinux systemd-cryptsetup[293]: Session policy digest: 0309d18841fdfcf511b9b2448f25162cb600611f68ec45c197fd874ef2d43dc0
Dez 20 20:19:53 archlinux systemd-cryptsetup[293]: Current policy digest does not match stored policy digest, cancelling TPM2 authentication attempt.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Failed to unseal secret using TPM2: Operation not permitted
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: systemd-tpm2 open failed: Operation not permitted.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: systemd-tpm2 token handler returned -1. Changing to -2.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Token 1 (systemd-tpm2) open failed with -2.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Token activation unsuccessful for device /dev/disk/by-uuid/9c2db4b3-9f23-42f7-856a-3459b6b874f7: No such file or directory
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 0.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 1.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 2.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 3.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 4.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 5.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 6.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 7.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 8.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 9.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 10.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 11.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 12.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 13.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 14.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 15.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 16.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 17.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 18.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 19.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 20.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 21.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 22.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 23.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 24.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 25.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 26.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 27.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 28.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 29.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 30.
Dez 20 20:19:54 archlinux systemd-cryptsetup[293]: Requesting JSON for token 31.
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Added key to kernel keyring as 287805096.
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Set cipher aes, mode xts-plain64, key size 256 bits for device /dev/disk/by-uuid/9c2db4b3-9f23-42f7-856a-3459b6b874f7.
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Not measuring volume key, deactivated.
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Activating volume luks-root [keyslot -1] using passphrase.
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: dm versions   [ opencount flush ]   [16384] (*1)
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: dm status luks-root  [ opencount noflush ]   [16384] (*1)
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Keyslot 3 priority 1 != 2 (required), skipped.
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Keyslot 0 priority 1 != 2 (required), skipped.
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Trying to open LUKS2 keyslot 3.
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Running keyslot key derivation.
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Reading keyslot area [0x68000].
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Acquiring read lock for device /dev/disk/by-uuid/9c2db4b3-9f23-42f7-856a-3459b6b874f7.
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Opening lock resource file /run/cryptsetup/L_259:4
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Verifying lock handle for /dev/disk/by-uuid/9c2db4b3-9f23-42f7-856a-3459b6b874f7.
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Device /dev/disk/by-uuid/9c2db4b3-9f23-42f7-856a-3459b6b874f7 READ lock taken.
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Reusing open ro fd on device /dev/disk/by-uuid/9c2db4b3-9f23-42f7-856a-3459b6b874f7
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Device /dev/disk/by-uuid/9c2db4b3-9f23-42f7-856a-3459b6b874f7 READ lock released.
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Verifying key from keyslot 3, digest 0.
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Digest 0 (pbkdf2) verify failed with -1.
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Trying to open LUKS2 keyslot 0.
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Taking global memory-hard access serialization lock.
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Acquiring blocking write lock for resource memory-hard-access.
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Opening lock resource file /run/cryptsetup/LN_memory-hard-access
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Verifying lock handle for memory-hard-access.
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: WRITE lock for resource memory-hard-access taken.
Dez 20 20:20:00 archlinux systemd-cryptsetup[293]: Running keyslot key derivation.
Dez 20 20:20:01 archlinux systemd-cryptsetup[293]: Unlocking WRITE lock for resource memory-hard-access.
Dez 20 20:20:01 archlinux systemd-cryptsetup[293]: Reading keyslot area [0x28000].
Dez 20 20:20:01 archlinux systemd-cryptsetup[293]: Acquiring read lock for device /dev/disk/by-uuid/9c2db4b3-9f23-42f7-856a-3459b6b874f7.
Dez 20 20:20:01 archlinux systemd-cryptsetup[293]: Opening lock resource file /run/cryptsetup/L_259:4
Dez 20 20:20:01 archlinux systemd-cryptsetup[293]: Verifying lock handle for /dev/disk/by-uuid/9c2db4b3-9f23-42f7-856a-3459b6b874f7.
Dez 20 20:20:01 archlinux systemd-cryptsetup[293]: Device /dev/disk/by-uuid/9c2db4b3-9f23-42f7-856a-3459b6b874f7 READ lock taken.
Dez 20 20:20:01 archlinux systemd-cryptsetup[293]: Reusing open ro fd on device /dev/disk/by-uuid/9c2db4b3-9f23-42f7-856a-3459b6b874f7
Dez 20 20:20:01 archlinux systemd-cryptsetup[293]: Device /dev/disk/by-uuid/9c2db4b3-9f23-42f7-856a-3459b6b874f7 READ lock released.
Dez 20 20:20:01 archlinux systemd-cryptsetup[293]: Verifying key from keyslot 0, digest 0.
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: dm target-version crypt  [ opencount flush ]   [16384] (*1)
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: dm versions   [ opencount flush ]   [16384] (*1)
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: Detected dm-crypt version 1.24.0.
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: Loading key (32 bytes, type logon) in thread keyring.
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: Using persistent flag no-read-workqueue.
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: Using persistent flag no-write-workqueue.
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: dm versions   [ opencount flush ]   [16384] (*1)
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: dm status luks-root  [ opencount noflush ]   [16384] (*1)
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: Calculated device size is 935599759 sectors (RW), offset 4096.
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: DM-UUID is CRYPT-LUKS2-9c2db4b39f2342f7856a3459b6b874f7-luks-root
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: Udev cookie 0xd4d61b5 (semid 7) created
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: Udev cookie 0xd4d61b5 (semid 7) incremented to 1
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: Udev cookie 0xd4d61b5 (semid 7) incremented to 2
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: Udev cookie 0xd4d61b5 (semid 7) assigned to CREATE task(0) with flags DISABLE_LIBRARY_FALLBACK         (0x20)
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: dm create luks-root CRYPT-LUKS2-9c2db4b39f2342f7856a3459b6b874f7-luks-root [ opencount flush ]   [16384] (*1)
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: dm reload   (254:13) [ opencount flush securedata ]   [16384] (*1)
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: dm resume luks-root  [ opencount flush securedata ]   [16384] (*1)
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: luks-root: Stacking NODE_ADD (254,13) 0:0 0600 [trust_udev]
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: luks-root: Stacking NODE_READ_AHEAD 256 (flags=1)
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: Udev cookie 0xd4d61b5 (semid 7) decremented to 1
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: Udev cookie 0xd4d61b5 (semid 7) waiting for zero
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: Udev cookie 0xd4d61b5 (semid 7) destroyed
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: luks-root: Skipping NODE_ADD (254,13) 0:0 0600 [trust_udev]
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: luks-root: Processing NODE_READ_AHEAD 256 (flags=1)
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: luks-root (254:13): read ahead is 256
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: luks-root: retaining kernel read ahead of 256 (requested 256)
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: Releasing crypt device /dev/disk/by-uuid/9c2db4b3-9f23-42f7-856a-3459b6b874f7 context.
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: Releasing device-mapper backend.
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: Closing read only fd for /dev/disk/by-uuid/9c2db4b3-9f23-42f7-856a-3459b6b874f7.
Dez 20 20:20:02 archlinux systemd-cryptsetup[293]: Unloading systemd-tpm2 token handler.

poettering · 2023-12-21T09:58:06Z

Current policy digest does not match stored policy digest, cancelling TPM2 authentication attempt.

So it appears your PCR 11 and PCR 7 have changed and no matching signature for them are available.

Faerbit · 2023-12-21T15:22:21Z

Are you implying that the problem is with my setup/config? Because I can reliably fix/reproduce the problem by changing just the systemd packages on my system (systemd, systemd-libs and systemd-ukify to be precise). So I'm not quite sure, what I might need to do, to get this working with the new version. I rechecked the changelog and my initrd, and everything, seems to be how it should be.

PCR 7 is the same. And I use the same tooling (ukify/systemd-measure) to precompute PRC 11.

Do you have any suggestions on how I might debug this further?

Faerbit · 2023-12-22T18:21:17Z

I bisected this problem to this commit.

thesamesam · 2023-12-23T18:03:34Z

cc @ddstreet

ddstreet · 2024-01-04T20:08:10Z

Are you implying that the problem is with my setup/config? Because I can reliably fix/reproduce the problem by changing just the systemd packages on my system (systemd, systemd-libs and systemd-ukify to be precise). So I'm not quite sure, what I might need to do, to get this working with the new version. I rechecked the changelog and my initrd, and everything, seems to be how it should be.

PCR 7 is the same. And I use the same tooling (ukify/systemd-measure) to precompute PRC 11.

So, your PCR 11 is definitely different between the two logs; are you saying that you are separately enrolling for each setup, and only one fails to unlock your drive? Or are you saying that you enrolled using one setup, which correctly unlocks, but the other setup (with different PCR 11 value) fails to unlock the previously-enrolled drive?

It would help if you provided the specific command(s) you used to enroll the TPM in your LUKS drive, as that's a very important part of this.

Faerbit · 2024-01-04T20:26:04Z

PCR 11 is necessarily different, since there are different systemd binaries present in the initrd. So yes, I am regenerating the initrd, and creating different TPM2 PCR signature JSONs, and only one fails to unlock the drive.
Here is my bisect script for illustrative purposes:

bisect.sh

#!/bin/bash

set -euxo pipefail

sudo -v

pushd ~/pkgbuild/systemd/
pushd src/systemd-stable
git reset --hard
#if journalctl -b _EXE=/usr/bin/systemd-cryptsetup _EXE=/usr/lib/systemd/systemd-cryptsetup --grep "Failed to unseal secret using TPM2"; then
if journalctl -b _EXE=/usr/bin/systemd-cryptsetup _EXE=/usr/lib/systemd/systemd-cryptsetup --grep "Current policy digest does not match stored policy digest"; then
    echo bad
    git bisect bad
elif journalctl -b _EXE=/usr/bin/systemd-cryptsetup _EXE=/usr/lib/systemd/systemd-cryptsetup --grep "Completed TPM2 key unsealing in"; then
    echo good
    git bisect good
else
    echo "Cannot determine wether boot was good or bad"
    exit 1
fi
read -p "... waiting for confirmation ..."
patch -Np1 -i ../0001-Use-Arch-Linux-device-access-groups.patch
popd

rm -rf pkg
rm -rf src/build
rm -rf src/systemd-libs
makepkg -efsi --noconfirm
sudo kernel-install add 6.6.7-arch1-1 /usr/lib/modules/6.6.7-arch1-1/vmlinuz
reboot

kernel-install uses the upstream ukify hook (60-ukify.install) from systemd version 255 (I put it under /etc/kernel/install.d)

My /etc/kernel/install.conf:

layout=uki
initrd_generator=mkinitcpio
uki_generator=ukify

My /etc/kernel/uki.conf:

[UKI]
OSRelease=@/usr/lib/os-release
Splash=/usr/share/systemd/bootctl/splash-arch.bmp
Cmdline=@/etc/kernel/cmdline
PCRPKey=/etc/systemd/tpm2-pcr-public-key.pem
PCRBanks=sha256

[PCRSignature:initrd]
PCRPublicKey=/etc/systemd/tpm2-pcr-public-key.pem
PCRPrivateKey=/etc/systemd/tpm2-pcr-private-key.pem

For key enrollment I just used sudo systemd-cryptenroll --tpm2-device=auto /dev/nvme1n1p2, which automatically picks up /etc/systemd/tpm2-pcr-public-key.pem

I hope this all the info you need :)

ddstreet · 2024-01-05T16:01:29Z

Ah, ok, so yes that commit did alter the signing key public header which would then alter the key "name" (which is the hash of TPM header fields and RSA public key data) for the public key used for signature verification, which would change the session policy digest (since tpm_authorize uses the key name for the digest hash).

The differences are that previously the parameters.rsaDetail keys scheme.details.anySig.hashAlg and symmetric.mode.sym were set to TPM2_ALG_NULL, while they are now set to 0. I believe that technically they should be 0 since their fields are unused (because scheme.scheme and symmetric.algorithm are both set to TPM2_ALG_NULL meaning the rest of the fields are unused) but I'm pretty sure setting them to TPM2_ALG_NULL is fine too, as long as they are set consistently between calculation and verification.

@poettering so unfortunately it looks like my commit is causing a bit of a problem, due to above-described PEM->TPM2B_PUBLIC difference between v254 and v255. If we change it to use the old field values (i.e. TPM2_ALG_NULL, which is 0x10, for the 2 fields mentioned above, instead of their current value of 0) then it will break users who used systemd-cryptenroll --tpm2-public-key from v255, while currently users of systemd-cryptenroll --tpm2-public-key from v254 (or earlier) are broken when upgrading to v255.

We could add a fallback check when unsealing to try again with the previous PEM->TPM2B_PUBLIC method, which might be the best way to handle it. I'll work on a patch to add this, to see if it's possible without too much added complexity.

ddstreet · 2024-01-05T16:03:40Z

@Faerbit since you already have the setup to rebuild and test this, can you do a quick check with this patch:

diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index bec84a3f03..d311628f9e 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -4208,6 +4208,8 @@ int tpm2_tpm2b_public_from_openssl_pkey(const EVP_PKEY *pkey, TPM2B_PUBLIC *ret)
                 .parameters.asymDetail = {
                         .symmetric.algorithm = TPM2_ALG_NULL,
                         .scheme.scheme = TPM2_ALG_NULL,
+                        .symmetric.mode.sym = TPM2_ALG_NULL,
+                        .scheme.details.anySig.hashAlg = TPM2_ALG_NULL,
                 },
         };

Faerbit · 2024-01-05T17:08:48Z

@ddstreet I applied your patch on top of v255.2 and sadly this does not seem to be sufficient to solve the problem.

ddstreet · 2024-01-05T20:43:06Z

@ddstreet I applied your patch on top of v255.2 and sadly this does not seem to be sufficient to solve the problem.

use this as well:

@@ -4274,8 +4282,10 @@ int tpm2_tpm2b_public_from_openssl_pkey(const EVP_PKEY *pkey, TPM2B_PUBLIC *ret)
                 uint32_t exponent = 0;
                 memcpy(&exponent, e, e_size);
                 exponent = be32toh(exponent) >> (32 - e_size * 8);
+                /*
                 if (exponent == TPM2_RSA_DEFAULT_EXPONENT)
                         exponent = 0;
+                */
                 public.parameters.rsaDetail.exponent = exponent;
 
                 break;

Faerbit · 2024-01-05T22:59:25Z

Using the second patch as well seems to solve the problem! Do you still need logs, if so of what configuration?

ddstreet · 2024-01-12T20:26:30Z

After reviewing the tpm2-tss marshal/unmarshal code, the first patch shouldn't be needed, because marshalling for a TPM2_ALG_NULL field elides the entire rest of the field, so when scheme.scheme is TPM2_ALG_NULL then any value of scheme.details.anySig.hashAlg is ignored during marshalling (and same with symmetric).

…B_PUBLIC conversion The TPM specification defines a special case "default" exponent value, which can be indicated by an exponent value of 0 in the TPM2B_PUBLIC struct; however we have no need to special-case it in our conversion, and in fact doing so breaks backwards compatibility, since it changes the "name" of the TPM2B_PUBLIC key, which then changes the policy hash for any sealed data that used the policy Authorize. Fixes: systemd#30546

…B_PUBLIC conversion The TPM specification defines a special case "default" exponent value, which can be indicated by an exponent value of 0 in the TPM2B_PUBLIC struct; however we have no need to special-case it in our conversion, and in fact doing so breaks backwards compatibility, since it changes the "name" of the TPM2B_PUBLIC key, which then changes the policy hash for any sealed data that used the policy Authorize. Fixes a bug introduced by commit e3acb4d. Fixes: systemd#30546

…B_PUBLIC conversion The openssl default value for an RSA key exponent value is 0x10001, and the TPM specification defines a exponent value of 0 as representing this value. The systemd code that converted an RSA PEM public key to a TPM2B_PUBLIC object previously used the exponent value directly, but commit e3acb4d changed the conversion to use the special case exponent value of 0 for any RSA key with an exponent value of 0x10001. Because the entire TPM2B_PUBLIC object is used to calculate its "name", this difference in exponent value (0x10001 vs 0) introduced a change in the key "name". Since the Authorize policy uses the key "name" directly in its policy session hash value, this change resulted in new systemd code being unable to properly unseal any data (e.g. a LUKS volume) that was previously sealed. This reverts the code to no longer override an RSA exponent value of 0x10001 with the special case value of 0. Fixes a bug introduced by commit e3acb4d. Fixes: systemd#30546

…ests Check the calculated TPM2B_PUBLIC key "name" to verify our PEM->TPM2B_PUBLIC function remains consistent with previous code. This is important as the TPM2B_PUBLIC "name" is used in the Authorize policy and so any change to a key "name" would break unsealing for previously-sealed objects (see bug systemd#30546).

…ests Check the calculated TPM2B_PUBLIC key "name" to verify our PEM->TPM2B_PUBLIC function remains consistent with previous code. This is important as the TPM2B_PUBLIC "name" is used in the Authorize policy and so any change to a key "name" would break unsealing for previously-sealed objects (see bug systemd#30546). Note that the tpm2_tpm2b_public_from_openssl_pkey() function results in a TPM2B_PUBLIC with the same "name" as using the tpm2-tools program tpm2_loadexternal, at least as of tpm2-tools version 5.6.18, with the test keys from TEST(tpm2b_public_from_openssl_pkey) in src/test/test-tpm2.

ddstreet · 2024-01-16T19:42:28Z

This should be fixed with #30971 which should cover both situations (sealed data using systemd < commit e3acb4d as well as sealed data using systemd >= e3acb4d).

…B_PUBLIC conversion The openssl default value for an RSA key exponent value is 0x10001, and the TPM specification defines a exponent value of 0 as representing this value. The systemd code that converted an RSA PEM public key to a TPM2B_PUBLIC object previously used the exponent value directly, but commit e3acb4d changed the conversion to use the special case exponent value of 0 for any RSA key with an exponent value of 0x10001. Because the entire TPM2B_PUBLIC object is used to calculate its "name", this difference in exponent value (0x10001 vs 0) introduced a change in the key "name". Since the Authorize policy uses the key "name" directly in its policy session hash value, this change resulted in new systemd code being unable to properly unseal any data (e.g. a LUKS volume) that was previously sealed. This reverts the code to no longer override an RSA exponent value of 0x10001 with the special case value of 0. Fixes a bug introduced by commit e3acb4d. Fixes: systemd#30546

…ests Check the calculated TPM2B_PUBLIC key "name" to verify our PEM->TPM2B_PUBLIC function remains consistent with previous code. This is important as the TPM2B_PUBLIC "name" is used in the Authorize policy and so any change to a key "name" would break unsealing for previously-sealed objects (see bug systemd#30546). Note that the tpm2_tpm2b_public_from_openssl_pkey() function results in a TPM2B_PUBLIC with the same "name" as using the tpm2-tools program tpm2_loadexternal, at least as of tpm2-tools version 5.6.18, with the test keys from TEST(tpm2b_public_from_openssl_pkey) in src/test/test-tpm2.

…B_PUBLIC conversion The openssl default value for an RSA key exponent value is 0x10001, and the TPM specification defines a exponent value of 0 as representing this value. The systemd code that converted an RSA PEM public key to a TPM2B_PUBLIC object previously used the exponent value directly, but commit e3acb4d changed the conversion to use the special case exponent value of 0 for any RSA key with an exponent value of 0x10001. Because the entire TPM2B_PUBLIC object is used to calculate its "name", this difference in exponent value (0x10001 vs 0) introduced a change in the key "name". Since the Authorize policy uses the key "name" directly in its policy session hash value, this change resulted in new systemd code being unable to properly unseal any data (e.g. a LUKS volume) that was previously sealed. This reverts the code to no longer override an RSA exponent value of 0x10001 with the special case value of 0. Fixes a bug introduced by commit e3acb4d. Fixes: systemd#30546 (cherry picked from commit 1242b9a)

…ests Check the calculated TPM2B_PUBLIC key "name" to verify our PEM->TPM2B_PUBLIC function remains consistent with previous code. This is important as the TPM2B_PUBLIC "name" is used in the Authorize policy and so any change to a key "name" would break unsealing for previously-sealed objects (see bug systemd#30546). Note that the tpm2_tpm2b_public_from_openssl_pkey() function results in a TPM2B_PUBLIC with the same "name" as using the tpm2-tools program tpm2_loadexternal, at least as of tpm2-tools version 5.6.18, with the test keys from TEST(tpm2b_public_from_openssl_pkey) in src/test/test-tpm2. (cherry picked from commit e2e8d8f)

treeshateorcs · 2024-05-18T17:16:31Z

this is the only google result if you search for "Failed to unseal secret using TPM2: Operation not permitted", so someone please help me, my partition won't decrypt automatically

journalctl -b | grep systemd

May 18 13:03:57 archlinux kernel: Command line: rd.luks.name=3ce8de15-2727-44a4-b16b-f2c08eca781e=root rd.luks.options=3ce8de15-2727-44a4-b16b-f2c08eca781e=tpm2-device=auto,discard root=/dev/mapper/root zswap.enabled=0 rw rootfstype=ext4 quiet loglevel=3 systemd.show_status=auto amdgpu.sg_display=0 amdgpu.dcdebugmask=0x10
May 18 13:03:57 archlinux kernel: Kernel command line: rd.luks.name=3ce8de15-2727-44a4-b16b-f2c08eca781e=root rd.luks.options=3ce8de15-2727-44a4-b16b-f2c08eca781e=tpm2-device=auto,discard root=/dev/mapper/root zswap.enabled=0 rw rootfstype=ext4 quiet loglevel=3 systemd.show_status=auto amdgpu.sg_display=0 amdgpu.dcdebugmask=0x10
May 18 13:03:57 archlinux systemd[1]: systemd 255.6-1-arch running in system mode (+PAM +AUDIT -SELINUX -APPARMOR -IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP -SYSVINIT default-hierarchy=unified)
May 18 13:03:57 archlinux systemd[1]: Detected architecture x86-64.
May 18 13:03:57 archlinux systemd[1]: Running in initrd.
May 18 13:03:57 archlinux systemd[1]: Initializing machine ID from random generator.
May 18 13:03:57 archlinux systemd[1]: Queued start job for default target Initrd Default Target.
May 18 13:03:57 archlinux systemd[1]: Created slice Slice /system/systemd-cryptsetup.
May 18 13:03:57 archlinux systemd[1]: Started Dispatch Password Requests to Console Directory Watch.
May 18 13:03:57 archlinux systemd[1]: Expecting device /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e...
May 18 13:03:57 archlinux systemd[1]: Expecting device /dev/mapper/root...
May 18 13:03:57 archlinux systemd[1]: Reached target Path Units.
May 18 13:03:57 archlinux systemd[1]: Reached target Slice Units.
May 18 13:03:57 archlinux systemd[1]: Reached target Swaps.
May 18 13:03:57 archlinux systemd[1]: Reached target Timer Units.
May 18 13:03:57 archlinux systemd[1]: Listening on Journal Socket (/dev/log).
May 18 13:03:57 archlinux systemd[1]: Listening on Journal Socket.
May 18 13:03:57 archlinux systemd[1]: Listening on udev Control Socket.
May 18 13:03:57 archlinux systemd[1]: Listening on udev Kernel Socket.
May 18 13:03:57 archlinux systemd[1]: Reached target Socket Units.
May 18 13:03:57 archlinux systemd[1]: Starting Create List of Static Device Nodes...
May 18 13:03:57 archlinux systemd[1]: Starting Check battery level during early boot...
May 18 13:03:57 archlinux systemd[1]: Starting Journal Service...
May 18 13:03:57 archlinux systemd[1]: Starting Load Kernel Modules...
May 18 13:03:57 archlinux systemd[1]: Starting TPM2 PCR Barrier (initrd)...
May 18 13:03:57 archlinux systemd[1]: Starting Create Static Device Nodes in /dev...
May 18 13:03:57 archlinux systemd[1]: Starting Coldplug All udev Devices...
May 18 13:03:57 archlinux systemd[1]: Finished Create List of Static Device Nodes.
May 18 13:03:57 archlinux systemd[1]: Finished Check battery level during early boot.
May 18 13:03:57 archlinux systemd[1]: Started Displays emergency message in full screen..
May 18 13:03:57 archlinux systemd[1]: Finished Load Kernel Modules.
May 18 13:03:57 archlinux systemd[1]: Finished Create Static Device Nodes in /dev.
May 18 13:03:57 archlinux systemd[1]: Reached target Preparation for Local File Systems.
May 18 13:03:57 archlinux systemd[1]: Reached target Local File Systems.
May 18 13:03:57 archlinux systemd[1]: Starting Rule-based Manager for Device Events and Files...
May 18 13:03:57 archlinux systemd-journald[187]: Collecting audit messages is disabled.
May 18 13:03:57 archlinux systemd[1]: Started Rule-based Manager for Device Events and Files.
May 18 13:03:57 archlinux systemd-journald[187]: Journal started
May 18 13:03:57 archlinux systemd-journald[187]: Runtime Journal (/run/log/journal/662e664b89834f0f94bfb2cbefa6fadd) is 8.0M, max 627.9M, 619.9M free.
May 18 13:03:57 archlinux systemd-udevd[198]: Using default interface naming scheme 'v255'.
May 18 13:03:57 archlinux systemd[1]: Started Journal Service.
May 18 13:03:57 archlinux systemd-pcrextend[189]: Extended PCR index 11 with 'enter-initrd' (banks sha256).
May 18 13:03:57 archlinux systemd[1]: Finished TPM2 PCR Barrier (initrd).
May 18 13:03:57 archlinux systemd[1]: Finished Coldplug All udev Devices.
May 18 13:03:57 archlinux systemd[1]: Starting Virtual Console Setup...
May 18 13:03:57 archlinux systemd-vconsole-setup[254]: setfont: ERROR kdfontop.c:183 put_font_kdfontop: Unable to load such font with such kernel version
May 18 13:03:57 archlinux systemd-vconsole-setup[249]: /usr/bin/setfont failed with a "system error" (EX_OSERR), ignoring.
May 18 13:03:57 archlinux systemd-vconsole-setup[249]: Setting source virtual console failed, ignoring remaining ones.
May 18 13:03:57 archlinux systemd[1]: Found device Samsung SSD 980 PRO 2TB 2.
May 18 13:03:57 archlinux systemd[1]: Finished Virtual Console Setup.
May 18 13:03:57 archlinux systemd[1]: Starting Cryptography Setup for root...
May 18 13:03:59 archlinux systemd-cryptsetup[258]: Failed to unseal secret using TPM2: Operation not permitted
May 18 13:03:59 archlinux systemd-cryptsetup[258]: Set cipher aes, mode xts-plain64, key size 512 bits for device /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e.
May 18 13:04:00 archlinux systemd-cryptsetup[258]: Failed to unseal secret using TPM2: Operation not permitted
May 18 13:04:00 archlinux systemd[1]: Started Dispatch Password Requests to Console.
May 18 13:04:00 archlinux systemd-tty-ask-password-agent[269]: Starting password query on /dev/tty1.
May 18 13:04:00 archlinux systemd[1]: systemd-vconsole-setup.service: Deactivated successfully.
May 18 13:04:00 archlinux systemd[1]: Stopped Virtual Console Setup.
May 18 13:04:00 archlinux systemd[1]: Stopping Virtual Console Setup...
May 18 13:04:00 archlinux systemd[1]: Starting Virtual Console Setup...
May 18 13:04:00 archlinux systemd[1]: Finished Virtual Console Setup.
May 18 13:04:15 archlinux systemd-tty-ask-password-agent[269]: Password query on /dev/tty1 finished successfully.
May 18 13:04:15 archlinux systemd-cryptsetup[258]: Set cipher aes, mode xts-plain64, key size 512 bits for device /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e.
May 18 13:04:27 archlinux systemd[1]: Found device /dev/mapper/root.
May 18 13:04:27 archlinux systemd[1]: Reached target Initrd Root Device.
May 18 13:04:27 archlinux systemd[1]: Starting File System Check on /dev/mapper/root...
May 18 13:04:27 archlinux systemd[1]: Finished Cryptography Setup for root.
May 18 13:04:27 archlinux systemd[1]: Reached target Local Encrypted Volumes.
May 18 13:04:27 archlinux systemd[1]: Reached target System Initialization.
May 18 13:04:27 archlinux systemd[1]: Reached target Basic System.
May 18 13:04:27 archlinux systemd-fsck[1461]: /dev/mapper/root: clean, 174357/122028032 files, 10490938/488111894 blocks
May 18 13:04:27 archlinux systemd[1]: Finished File System Check on /dev/mapper/root.
May 18 13:04:27 archlinux systemd[1]: Mounting /sysroot...
May 18 13:04:27 archlinux systemd[1]: Mounted /sysroot.
May 18 13:04:27 archlinux systemd[1]: Reached target Initrd Root File System.
May 18 13:04:27 archlinux systemd[1]: Starting Mountpoints Configured in the Real Root...
May 18 13:04:27 archlinux systemd[1]: initrd-parse-etc.service: Deactivated successfully.
May 18 13:04:27 archlinux systemd[1]: Finished Mountpoints Configured in the Real Root.
May 18 13:04:27 archlinux systemd[1]: Reached target Initrd File Systems.
May 18 13:04:27 archlinux systemd[1]: Reached target Initrd Default Target.
May 18 13:04:27 archlinux systemd[1]: Starting Cleaning Up and Shutting Down Daemons...
May 18 13:04:27 archlinux systemd[1]: Stopped target Initrd Default Target.
May 18 13:04:27 archlinux systemd[1]: Stopped target Basic System.
May 18 13:04:27 archlinux systemd[1]: Stopped target Initrd Root Device.
May 18 13:04:27 archlinux systemd[1]: Stopped target Path Units.
May 18 13:04:27 archlinux systemd[1]: Stopped target Slice Units.
May 18 13:04:27 archlinux systemd[1]: Stopped target Socket Units.
May 18 13:04:27 archlinux systemd[1]: Stopped target System Initialization.
May 18 13:04:27 archlinux systemd[1]: Stopped target Local Encrypted Volumes.
May 18 13:04:27 archlinux systemd[1]: Stopped target Local File Systems.
May 18 13:04:27 archlinux systemd[1]: Stopped target Preparation for Local File Systems.
May 18 13:04:27 archlinux systemd[1]: Stopped target Swaps.
May 18 13:04:27 archlinux systemd[1]: Stopped target Timer Units.
May 18 13:04:27 archlinux systemd[1]: kmod-static-nodes.service: Deactivated successfully.
May 18 13:04:27 archlinux systemd[1]: Stopped Create List of Static Device Nodes.
May 18 13:04:27 archlinux systemd[1]: Stopping Dispatch Password Requests to Console...
May 18 13:04:27 archlinux systemd[1]: Stopping Displays emergency message in full screen....
May 18 13:04:27 archlinux systemd[1]: systemd-modules-load.service: Deactivated successfully.
May 18 13:04:27 archlinux systemd[1]: Stopped Load Kernel Modules.
May 18 13:04:27 archlinux systemd[1]: Stopping TPM2 PCR Barrier (initrd)...
May 18 13:04:27 archlinux systemd[1]: systemd-udev-trigger.service: Deactivated successfully.
May 18 13:04:27 archlinux systemd[1]: Stopped Coldplug All udev Devices.
May 18 13:04:27 archlinux systemd[1]: Stopping Rule-based Manager for Device Events and Files...
May 18 13:04:27 archlinux systemd[1]: systemd-bsod.service: Deactivated successfully.
May 18 13:04:27 archlinux systemd[1]: Stopped Displays emergency message in full screen..
May 18 13:04:27 archlinux systemd[1]: systemd-ask-password-console.service: Deactivated successfully.
May 18 13:04:27 archlinux systemd[1]: Stopped Dispatch Password Requests to Console.
May 18 13:04:27 archlinux systemd[1]: initrd-cleanup.service: Deactivated successfully.
May 18 13:04:27 archlinux systemd[1]: Finished Cleaning Up and Shutting Down Daemons.
May 18 13:04:27 archlinux systemd[1]: systemd-ask-password-console.path: Deactivated successfully.
May 18 13:04:27 archlinux systemd[1]: Stopped Dispatch Password Requests to Console Directory Watch.
May 18 13:04:27 archlinux systemd[1]: systemd-battery-check.service: Deactivated successfully.
May 18 13:04:27 archlinux systemd[1]: Stopped Check battery level during early boot.
May 18 13:04:27 archlinux systemd[1]: systemd-vconsole-setup.service: Deactivated successfully.
May 18 13:04:27 archlinux systemd[1]: Stopped Virtual Console Setup.
May 18 13:04:27 archlinux systemd[1]: systemd-udevd.service: Deactivated successfully.
May 18 13:04:27 archlinux systemd[1]: Stopped Rule-based Manager for Device Events and Files.
May 18 13:04:27 archlinux systemd[1]: systemd-udevd-control.socket: Deactivated successfully.
May 18 13:04:27 archlinux systemd[1]: Closed udev Control Socket.
May 18 13:04:27 archlinux systemd[1]: systemd-udevd-kernel.socket: Deactivated successfully.
May 18 13:04:27 archlinux systemd[1]: Closed udev Kernel Socket.
May 18 13:04:27 archlinux systemd[1]: Starting Cleanup udev Database...
May 18 13:04:27 archlinux systemd[1]: systemd-tmpfiles-setup-dev.service: Deactivated successfully.
May 18 13:04:27 archlinux systemd[1]: Stopped Create Static Device Nodes in /dev.
May 18 13:04:27 archlinux systemd[1]: initrd-udevadm-cleanup-db.service: Deactivated successfully.
May 18 13:04:27 archlinux systemd-pcrextend[1476]: Extended PCR index 11 with 'leave-initrd' (banks sha256).
May 18 13:04:27 archlinux systemd[1]: Finished Cleanup udev Database.
May 18 13:04:27 archlinux systemd[1]: systemd-pcrphase-initrd.service: Deactivated successfully.
May 18 13:04:27 archlinux systemd[1]: Stopped TPM2 PCR Barrier (initrd).
May 18 13:04:27 archlinux systemd[1]: Reached target Switch Root.
May 18 13:04:27 archlinux systemd[1]: Starting Switch Root...
May 18 13:04:27 archlinux systemd[1]: Switching root.
May 18 13:04:27 archlinux systemd-journald[187]: Journal stopped
May 18 13:04:28 unix systemd-journald[187]: Received SIGTERM from PID 1 (systemd).
May 18 13:04:28 unix systemd[1]: systemd 255.6-1-arch running in system mode (+PAM +AUDIT -SELINUX -APPARMOR -IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP -SYSVINIT default-hierarchy=unified)
May 18 13:04:28 unix systemd[1]: Detected architecture x86-64.
May 18 13:04:28 unix systemd[1]: Hostname set to <unix>.
May 18 13:04:28 unix systemd[1]: bpf-lsm: LSM BPF program attached
May 18 13:04:28 unix systemd[1]: initrd-switch-root.service: Deactivated successfully.
May 18 13:04:28 unix systemd[1]: Stopped Switch Root.
May 18 13:04:28 unix systemd[1]: systemd-journald.service: Scheduled restart job, restart counter is at 1.
May 18 13:04:28 unix systemd[1]: Created slice Slice /system/dirmngr.
May 18 13:04:28 unix systemd[1]: Created slice Slice /system/getty.
May 18 13:04:28 unix systemd[1]: Created slice Slice /system/gpg-agent.
May 18 13:04:28 unix systemd[1]: Created slice Slice /system/gpg-agent-browser.
May 18 13:04:28 unix systemd[1]: Created slice Slice /system/gpg-agent-extra.
May 18 13:04:28 unix systemd[1]: Created slice Slice /system/gpg-agent-ssh.
May 18 13:04:28 unix systemd[1]: Created slice Slice /system/keyboxd.
May 18 13:04:28 unix systemd[1]: Created slice Slice /system/modprobe.
May 18 13:04:28 unix systemd[1]: Created slice Slice /system/qbittorrent-nox.
May 18 13:04:28 unix systemd[1]: Created slice Slice /system/systemd-zram-setup.
May 18 13:04:28 unix systemd[1]: Created slice Slice /system/wg-quick.
May 18 13:04:28 unix systemd[1]: Created slice User and Session Slice.
May 18 13:04:28 unix systemd[1]: Started Dispatch Password Requests to Console Directory Watch.
May 18 13:04:28 unix systemd[1]: Started Forward Password Requests to Wall Directory Watch.
May 18 13:04:28 unix systemd[1]: Set up automount Arbitrary Executable File Formats File System Automount Point.
May 18 13:04:28 unix systemd[1]: Expecting device /dev/disk/by-uuid/C963-2C6B...
May 18 13:04:28 unix systemd[1]: Expecting device /dev/zram0...
May 18 13:04:28 unix systemd[1]: Reached target Local Encrypted Volumes.
May 18 13:04:28 unix systemd[1]: Stopped target Switch Root.
May 18 13:04:28 unix systemd[1]: Stopped target Initrd File Systems.
May 18 13:04:28 unix systemd[1]: Stopped target Initrd Root File System.
May 18 13:04:28 unix systemd[1]: Reached target Local Integrity Protected Volumes.
May 18 13:04:28 unix systemd[1]: Reached target Path Units.
May 18 13:04:28 unix systemd[1]: Reached target Remote File Systems.
May 18 13:04:28 unix systemd[1]: Reached target Slice Units.
May 18 13:04:28 unix systemd[1]: Reached target Local Verity Protected Volumes.
May 18 13:04:28 unix systemd[1]: Listening on Device-mapper event daemon FIFOs.
May 18 13:04:28 unix systemd[1]: Listening on Process Core Dump Socket.
May 18 13:04:28 unix systemd[1]: Listening on Network Service Netlink Socket.
May 18 13:04:28 unix systemd[1]: Listening on TPM2 PCR Extension (Varlink).
May 18 13:04:28 unix systemd[1]: Listening on udev Control Socket.
May 18 13:04:28 unix systemd[1]: Listening on udev Kernel Socket.
May 18 13:04:28 unix systemd[1]: Listening on User Database Manager Socket.
May 18 13:04:28 unix systemd[1]: Mounting Huge Pages File System...
May 18 13:04:28 unix systemd[1]: Mounting POSIX Message Queue File System...
May 18 13:04:28 unix systemd[1]: Mounting Kernel Debug File System...
May 18 13:04:28 unix systemd[1]: Mounting Kernel Trace File System...
May 18 13:04:28 unix systemd[1]: Starting Create List of Static Device Nodes...
May 18 13:04:28 unix systemd[1]: Starting Load Kernel Module configfs...
May 18 13:04:28 unix systemd[1]: Starting Load Kernel Module dm_mod...
May 18 13:04:28 unix systemd[1]: Starting Load Kernel Module drm...
May 18 13:04:28 unix systemd[1]: Starting Load Kernel Module fuse...
May 18 13:04:28 unix systemd[1]: Starting Load Kernel Module loop...
May 18 13:04:28 unix systemd[1]: systemd-cryptsetup@root.service: Deactivated successfully.
May 18 13:04:28 unix systemd[1]: Stopped systemd-cryptsetup@root.service.
May 18 13:04:28 unix systemd[1]: systemd-cryptsetup@root.service: Consumed 44.618s CPU time.
May 18 13:04:28 unix systemd[1]: Starting Journal Service...
May 18 13:04:28 unix systemd[1]: Starting Load Kernel Modules...
May 18 13:04:28 unix systemd[1]: Starting Generate network units from Kernel command line...
May 18 13:04:28 unix systemd[1]: Starting TPM2 PCR Machine ID Measurement...
May 18 13:04:28 unix systemd[1]: Starting Remount Root and Kernel File Systems...
May 18 13:04:28 unix systemd[1]: Starting TPM2 SRK Setup (Early)...
May 18 13:04:28 unix systemd[1]: Starting Coldplug All udev Devices...
May 18 13:04:28 unix systemd[1]: Mounted Huge Pages File System.
May 18 13:04:28 unix systemd[1]: Mounted POSIX Message Queue File System.
May 18 13:04:28 unix systemd[1]: Mounted Kernel Debug File System.
May 18 13:04:28 unix systemd[1]: Mounted Kernel Trace File System.
May 18 13:04:28 unix systemd[1]: Finished Create List of Static Device Nodes.
May 18 13:04:28 unix systemd[1]: modprobe@configfs.service: Deactivated successfully.
May 18 13:04:28 unix systemd[1]: Finished Load Kernel Module configfs.
May 18 13:04:28 unix systemd[1]: modprobe@dm_mod.service: Deactivated successfully.
May 18 13:04:28 unix systemd[1]: Finished Load Kernel Module dm_mod.
May 18 13:04:28 unix systemd[1]: modprobe@drm.service: Deactivated successfully.
May 18 13:04:28 unix systemd[1]: Finished Load Kernel Module drm.
May 18 13:04:28 unix systemd[1]: modprobe@fuse.service: Deactivated successfully.
May 18 13:04:28 unix systemd[1]: Finished Load Kernel Module fuse.
May 18 13:04:28 unix systemd[1]: Mounting FUSE Control File System...
May 18 13:04:28 unix systemd[1]: Mounting Kernel Configuration File System...
May 18 13:04:28 unix systemd[1]: Starting Create Static Device Nodes in /dev gracefully...
May 18 13:04:28 unix systemd[1]: modprobe@loop.service: Deactivated successfully.
May 18 13:04:28 unix systemd[1]: Finished Load Kernel Module loop.
May 18 13:04:28 unix systemd[1]: Finished Generate network units from Kernel command line.
May 18 13:04:28 unix systemd[1]: Reached target Preparation for Network.
May 18 13:04:28 unix systemd[1]: Repartition Root Disk was skipped because no trigger condition checks were met.
May 18 13:04:28 unix systemd-journald[1517]: Collecting audit messages is disabled.
May 18 13:04:28 unix systemd[1]: Mounted FUSE Control File System.
May 18 13:04:28 unix systemd[1]: Mounted Kernel Configuration File System.
May 18 13:04:28 unix systemd[1]: Finished Load Kernel Modules.
May 18 13:04:28 unix systemd[1]: Starting Apply Kernel Variables...
May 18 13:04:28 unix systemd-journald[1517]: Journal started
May 18 13:04:28 unix systemd-journald[1517]: Runtime Journal (/run/log/journal/d62c93b8db074e819bb79fb68eb9bf35) is 8.0M, max 627.9M, 619.9M free.
May 18 13:04:28 unix systemd[1]: Queued start job for default target Graphical Interface.
May 18 13:04:28 unix systemd[1]: systemd-journald.service: Deactivated successfully.
May 18 13:04:28 unix systemd-modules-load[1518]: Inserted module 'crypto_user'
May 18 13:04:28 unix systemd-modules-load[1518]: Inserted module 'pkcs8_key_parser'
May 18 13:04:28 unix systemd[1]: Started Journal Service.
May 18 13:04:28 unix systemd[1]: Starting User Database Manager...
May 18 13:04:28 unix systemd[1]: Finished Apply Kernel Variables.
May 18 13:04:28 unix systemd[1]: Starting CLI Netfilter Manager...
May 18 13:04:28 unix systemd-tpm2-setup[1522]: SRK already stored in the TPM.
May 18 13:04:28 unix systemd-tpm2-setup[1522]: SRK fingerprint is ec66dc7cc7004c773546645a1199aedb3ab1ef4bd95b2245d7f08cfeb2af9248.
May 18 13:04:28 unix systemd-tpm2-setup[1522]: SRK public key saved to '/run/systemd/tpm2-srk-public-key.pem' in PEM format.
May 18 13:04:28 unix systemd-tpm2-setup[1522]: SRK public key saved to '/run/systemd/tpm2-srk-public-key.tpm2b_public' in TPM2B_PUBLIC format.
May 18 13:04:28 unix systemd-pcrextend[1520]: Extended PCR index 15 with 'machine-id:d62c93b8db074e819bb79fb68eb9bf35' (banks sha256).
May 18 13:04:28 unix systemd[1]: Finished TPM2 SRK Setup (Early).
May 18 13:04:28 unix systemd[1]: Finished TPM2 PCR Machine ID Measurement.
May 18 13:04:28 unix systemd[1]: Finished Remount Root and Kernel File Systems.
May 18 13:04:28 unix systemd[1]: Rebuild Hardware Database was skipped because of an unmet condition check (ConditionNeedsUpdate=/etc).
May 18 13:04:28 unix systemd[1]: Starting Flush Journal to Persistent Storage...
May 18 13:04:28 unix systemd[1]: Starting Load/Save OS Random Seed...
May 18 13:04:28 unix systemd[1]: Starting TPM2 SRK Setup...
May 18 13:04:28 unix systemd-journald[1517]: Time spent on flushing to /var/log/journal/d62c93b8db074e819bb79fb68eb9bf35 is 62.657ms for 1287 entries.
May 18 13:04:28 unix systemd-journald[1517]: System Journal (/var/log/journal/d62c93b8db074e819bb79fb68eb9bf35) is 267.0M, max 4.0G, 3.7G free.
May 18 13:04:28 unix systemd-journald[1517]: Received client request to flush runtime journal.
May 18 13:04:28 unix systemd-journald[1517]: /var/log/journal/d62c93b8db074e819bb79fb68eb9bf35/system.journal: Journal file uses a different sequence number ID, rotating.
May 18 13:04:28 unix systemd-journald[1517]: Rotating system journal.
May 18 13:04:28 unix systemd[1]: Started User Database Manager.
May 18 13:04:28 unix systemd-tpm2-setup[1560]: SRK already stored in the TPM.
May 18 13:04:28 unix systemd-tpm2-setup[1560]: SRK fingerprint is ec66dc7cc7004c773546645a1199aedb3ab1ef4bd95b2245d7f08cfeb2af9248.
May 18 13:04:28 unix systemd-tpm2-setup[1560]: SRK saved in '/var/lib/systemd/tpm2-srk-public-key.pem' matches SRK in TPM2.
May 18 13:04:28 unix systemd[1]: Finished TPM2 SRK Setup.
May 18 13:04:28 unix systemd[1]: Finished Create Static Device Nodes in /dev gracefully.
May 18 13:04:28 unix systemd[1]: Create System Users was skipped because no trigger condition checks were met.
May 18 13:04:28 unix systemd[1]: Starting Create Static Device Nodes in /dev...
May 18 13:04:28 unix systemd[1]: Finished Create Static Device Nodes in /dev.
May 18 13:04:28 unix systemd[1]: Reached target Preparation for Local File Systems.
May 18 13:04:28 unix systemd[1]: Virtual Machine and Container Storage (Compatibility) was skipped because of an unmet condition check (ConditionPathExists=/var/lib/machines.raw).
May 18 13:04:28 unix systemd[1]: Starting Rule-based Manager for Device Events and Files...
May 18 13:04:28 unix systemd[1]: Finished Load/Save OS Random Seed.
May 18 13:04:28 unix systemd-udevd[1585]: Using default interface naming scheme 'v255'.
May 18 13:04:28 unix systemd[1]: Finished Coldplug All udev Devices.
May 18 13:04:28 unix systemd[1]: Started Rule-based Manager for Device Events and Files.
May 18 13:04:28 unix systemd[1]: Starting Network Configuration...
May 18 13:04:28 unix systemd[1]: Starting Load Kernel Module configfs...
May 18 13:04:28 unix systemd[1]: Starting Load Kernel Module fuse...
May 18 13:04:28 unix systemd[1]: Found device /dev/zram0.
May 18 13:04:28 unix systemd[1]: Starting Create swap on /dev/zram0...
May 18 13:04:28 unix systemd[1]: modprobe@configfs.service: Deactivated successfully.
May 18 13:04:28 unix systemd[1]: Finished Load Kernel Module configfs.
May 18 13:04:28 unix systemd[1]: modprobe@fuse.service: Deactivated successfully.
May 18 13:04:28 unix systemd[1]: Finished Load Kernel Module fuse.
May 18 13:04:28 unix systemd[1]: Finished CLI Netfilter Manager.
May 18 13:04:28 unix systemd-makefs[1656]: /dev/zram0 successfully formatted as swap (label "zram0", uuid 61d002e1-cc7f-495a-940d-c6bfc8ac7595)
May 18 13:04:28 unix systemd[1]: Finished Create swap on /dev/zram0.
May 18 13:04:28 unix systemd[1]: Activating swap Compressed Swap on /dev/zram0...
May 18 13:04:28 unix systemd[1]: Condition check resulted in Samsung SSD 980 PRO 2TB 1 being skipped.
May 18 13:04:28 unix systemd[1]: Activated swap Compressed Swap on /dev/zram0.
May 18 13:04:28 unix systemd[1]: Reached target Swaps.
May 18 13:04:28 unix systemd[1]: Mounting /boot...
May 18 13:04:28 unix systemd[1]: Mounting Temporary Directory /tmp...
May 18 13:04:28 unix systemd[1]: Mounted Temporary Directory /tmp.
May 18 13:04:28 unix systemd[1]: Finished Flush Journal to Persistent Storage.
May 18 13:04:28 unix systemd[1]: Mounted /boot.
May 18 13:04:28 unix systemd[1]: Reached target Local File Systems.
May 18 13:04:28 unix systemd[1]: Listening on System Extension Image Management (Varlink).
May 18 13:04:28 unix systemd[1]: Rebuild Dynamic Linker Cache was skipped because no trigger condition checks were met.
May 18 13:04:28 unix systemd[1]: Set Up Additional Binary Formats was skipped because no trigger condition checks were met.
May 18 13:04:28 unix systemd-networkd[1616]: lo: Link UP
May 18 13:04:28 unix systemd-networkd[1616]: lo: Gained carrier
May 18 13:04:28 unix systemd-networkd[1616]: Enumeration completed
May 18 13:04:28 unix systemd[1]: Starting Update Boot Loader Random Seed...
May 18 13:04:28 unix systemd[1]: Starting Create Volatile Files and Directories...
May 18 13:04:28 unix systemd[1]: Started Network Configuration.
May 18 13:04:28 unix systemd[1]: Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
May 18 13:04:28 unix systemd[1]: Starting Wait for Network to be Configured...
May 18 13:04:28 unix systemd[1]: Starting Virtual Console Setup...
May 18 13:04:28 unix systemd[1]: systemd-vconsole-setup.service: Deactivated successfully.
May 18 13:04:28 unix systemd[1]: Stopped Virtual Console Setup.
May 18 13:04:28 unix systemd[1]: Starting Virtual Console Setup...
May 18 13:04:28 unix systemd[1]: Finished Update Boot Loader Random Seed.
May 18 13:04:28 unix systemd[1]: Finished Create Volatile Files and Directories.
May 18 13:04:28 unix systemd[1]: Rebuild Journal Catalog was skipped because of an unmet condition check (ConditionNeedsUpdate=/var).
May 18 13:04:28 unix systemd[1]: Starting Network Name Resolution...
May 18 13:04:28 unix systemd[1]: Starting Network Time Synchronization...
May 18 13:04:28 unix systemd[1]: Update is Completed was skipped because no trigger condition checks were met.
May 18 13:04:28 unix systemd[1]: Starting Record System Boot/Shutdown in UTMP...
May 18 13:04:28 unix systemd[1]: Finished Virtual Console Setup.
May 18 13:04:28 unix systemd[1]: First Boot Wizard was skipped because of an unmet condition check (ConditionFirstBoot=yes).
May 18 13:04:28 unix systemd[1]: First Boot Complete was skipped because of an unmet condition check (ConditionFirstBoot=yes).
May 18 13:04:28 unix systemd[1]: Commit a transient machine-id on disk was skipped because of an unmet condition check (ConditionPathIsMountPoint=/etc/machine-id).
May 18 13:04:28 unix systemd[1]: Finished Record System Boot/Shutdown in UTMP.
May 18 13:04:28 unix systemd[1]: Started Network Time Synchronization.
May 18 13:04:28 unix systemd[1]: Reached target System Time Set.
May 18 13:04:28 unix systemd-resolved[1852]: Positive Trust Anchors:
May 18 13:04:28 unix systemd-resolved[1852]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
May 18 13:04:28 unix systemd-resolved[1852]: Negative trust anchors: home.arpa 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 170.0.0.192.in-addr.arpa 171.0.0.192.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa ipv4only.arpa resolver.arpa corp home internal intranet lan local private test
May 18 13:04:28 unix systemd-resolved[1852]: Using system hostname 'unix'.
May 18 13:04:28 unix systemd[1]: Started Network Name Resolution.
May 18 13:04:28 unix systemd[1]: Reached target Host and Network Name Lookups.
May 18 13:04:28 unix systemd[1]: Reached target System Initialization.
May 18 13:04:28 unix systemd[1]: Started Refresh existing PGP keys of archlinux-keyring regularly.
May 18 13:04:28 unix systemd[1]: Started Discard unused filesystem blocks once a week.
May 18 13:04:28 unix systemd[1]: Started Daily man-db regeneration.
May 18 13:04:28 unix systemd[1]: Started Discard unused packages weekly.
May 18 13:04:28 unix systemd[1]: Started Weekly pkgstats submission.
May 18 13:04:28 unix systemd[1]: Started Daily verification of password and group files.
May 18 13:04:28 unix systemd[1]: Started Daily Cleanup of Temporary Directories.
May 18 13:04:28 unix systemd[1]: Reached target Timer Units.
May 18 13:04:28 unix systemd[1]: Listening on D-Bus System Message Bus Socket.
May 18 13:04:28 unix systemd[1]: Listening on GnuPG network certificate management daemon for /etc/pacman.d/gnupg.
May 18 13:04:28 unix systemd[1]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers) for /etc/pacman.d/gnupg.
May 18 13:04:28 unix systemd[1]: Listening on GnuPG cryptographic agent and passphrase cache (restricted) for /etc/pacman.d/gnupg.
May 18 13:04:28 unix systemd[1]: Listening on GnuPG cryptographic agent (ssh-agent emulation) for /etc/pacman.d/gnupg.
May 18 13:04:28 unix systemd[1]: Listening on GnuPG cryptographic agent and passphrase cache for /etc/pacman.d/gnupg.
May 18 13:04:28 unix systemd[1]: Listening on GnuPG public key management service for /etc/pacman.d/gnupg.
May 18 13:04:28 unix systemd[1]: Reached target Socket Units.
May 18 13:04:29 unix systemd[1]: Starting D-Bus System Message Bus...
May 18 13:04:29 unix systemd[1]: Starting TPM2 PCR Barrier (Initialization)...
May 18 13:04:29 unix systemd[1]: Reached target Sound Card.
May 18 13:04:29 unix systemd-pcrextend[1870]: Extended PCR index 11 with 'sysinit' (banks sha256).
May 18 13:04:29 unix systemd[1]: Finished TPM2 PCR Barrier (Initialization).
May 18 13:04:29 unix systemd[1]: Started D-Bus System Message Bus.
May 18 13:04:29 unix systemd[1]: Reached target Basic System.
May 18 13:04:29 unix systemd[1]: Starting Wireless service...
May 18 13:04:29 unix systemd[1]: Starting User Login Management...
May 18 13:04:29 unix systemd[1]: Starting TPM2 PCR Barrier (User)...
May 18 13:04:29 unix systemd-logind[1904]: Watching system buttons on /dev/input/event0 (Power Button)
May 18 13:04:29 unix systemd-logind[1904]: Watching system buttons on /dev/input/event1 (Lid Switch)
May 18 13:04:29 unix systemd-logind[1904]: Watching system buttons on /dev/input/event2 (AT Translated Set 2 keyboard)
May 18 13:04:29 unix systemd-logind[1904]: New seat seat0.
May 18 13:04:29 unix systemd-pcrextend[1905]: Extended PCR index 11 with 'ready' (banks sha256).
May 18 13:04:29 unix systemd[1]: Started User Login Management.
May 18 13:04:29 unix systemd[1]: Finished TPM2 PCR Barrier (User).
May 18 13:04:30 unix systemd-networkd[1616]: wlan0: found matching network '/etc/systemd/network/20-wlan.network', based on potentially unpredictable interface name.
May 18 13:04:30 unix systemd-networkd[1616]: wlan0: Configuring with /etc/systemd/network/20-wlan.network.
May 18 13:04:30 unix systemd[1]: Starting Load/Save RF Kill Switch Status...
May 18 13:04:30 unix systemd[1]: Started Load/Save RF Kill Switch Status.
May 18 13:04:30 unix systemd[1]: Started Wireless service.
May 18 13:04:30 unix systemd[1]: Reached target Network.
May 18 13:04:30 unix systemd[1]: Starting Permit User Sessions...
May 18 13:04:30 unix systemd[1]: Finished Permit User Sessions.
May 18 13:04:30 unix systemd[1]: Started Getty on tty1.
May 18 13:04:30 unix systemd[1]: Reached target Login Prompts.
May 18 13:04:30 unix systemd[1]: Starting Bluetooth service...
May 18 13:04:30 unix systemd[1]: Started Bluetooth service.
May 18 13:04:30 unix systemd[1]: Reached target Bluetooth Support.
May 18 13:04:30 unix systemd[1]: Starting Hostname Service...
May 18 13:04:30 unix systemd-networkd[1616]: wlan0: Link UP
May 18 13:04:30 unix systemd[1]: Started Hostname Service.
May 18 13:04:30 unix systemd-networkd[1616]: wlan0: Link DOWN
May 18 13:04:30 unix systemd-networkd[1616]: wlan0: Link UP
May 18 13:04:30 unix systemd-networkd[1616]: wlan0: Configuring with /etc/systemd/network/20-wlan.network.
May 18 13:04:31 unix systemd-networkd[1616]: wlan0: Connected WiFi access point: MTS_Router_5_112 (f0:b4:d2:d2:8a:0e)
May 18 13:04:32 unix systemd-networkd[1616]: wlan0: Gained carrier
May 18 13:04:32 unix systemd-networkd[1616]: wlan0: DHCPv4 address 192.168.1.132/24, gateway 192.168.1.1 acquired from 192.168.1.1
May 18 13:04:32 unix systemd-timesyncd[1853]: Network configuration changed, trying to establish connection.
May 18 13:04:32 unix systemd[1]: Starting Authorization Manager...
May 18 13:04:32 unix systemd[1]: Created slice Slice /system/systemd-backlight.
May 18 13:04:32 unix systemd[1]: Starting Load/Save Screen Backlight Brightness of backlight:amdgpu_bl1...
May 18 13:04:32 unix systemd[1]: Finished Load/Save Screen Backlight Brightness of backlight:amdgpu_bl1.
May 18 13:04:32 unix systemd[1]: Started Authorization Manager.
May 18 13:04:33 unix systemd-networkd[1616]: wlan0: Gained IPv6LL
May 18 13:04:33 unix systemd-timesyncd[1853]: Network configuration changed, trying to establish connection.
May 18 13:04:33 unix systemd[1]: Finished Wait for Network to be Configured.
May 18 13:04:33 unix systemd[1]: Reached target Network is Online.
May 18 13:04:33 unix systemd[1]: Started qBittorrent-nox service for user tho.
May 18 13:04:33 unix systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
May 18 13:04:33 unix systemd-timesyncd[1853]: Network configuration changed, trying to establish connection.
May 18 13:04:33 unix systemd-timesyncd[1853]: Network configuration changed, trying to establish connection.
May 18 13:04:33 unix systemd-timesyncd[1853]: Network configuration changed, trying to establish connection.
May 18 13:04:33 unix systemd-journald[1517]: /var/log/journal/d62c93b8db074e819bb79fb68eb9bf35/user-1000.journal: Journal file uses a different sequence number ID, rotating.
May 18 13:04:33 unix systemd-timesyncd[1853]: Network configuration changed, trying to establish connection.
May 18 13:04:33 unix systemd-networkd[1616]: wg0: Link UP
May 18 13:04:33 unix systemd-networkd[1616]: wg0: Gained carrier
May 18 13:04:33 unix systemd-timesyncd[1853]: Network configuration changed, trying to establish connection.
May 18 13:04:33 unix systemd-resolved[1852]: wg0: Bus client set DNS server list to: 1.1.1.1, 1.0.0.1
May 18 13:04:33 unix systemd-resolved[1852]: wg0: Bus client set search domain list to: ~.
May 18 13:04:33 unix systemd[1]: Finished WireGuard via wg-quick(8) for wg0.
May 18 13:04:33 unix systemd[1]: Reached target Multi-User System.
May 18 13:04:33 unix systemd[1]: Reached target Graphical Interface.
May 18 13:04:33 unix systemd[1]: Starting TLP system startup/shutdown...
May 18 13:04:33 unix systemd[1]: Finished TLP system startup/shutdown.
May 18 13:04:33 unix systemd[1]: Startup finished in 5.485s (firmware) + 939ms (loader) + 639ms (kernel) + 30.215s (initrd) + 5.987s (userspace) = 43.268s.
May 18 13:04:34 unix systemd-timesyncd[1853]: Network configuration changed, trying to establish connection.
May 18 13:04:34 unix systemd-timesyncd[1853]: Contacted time server 162.159.200.1:123 (2.arch.pool.ntp.org).
May 18 13:04:34 unix systemd-timesyncd[1853]: Initial clock synchronization to Sat 2024-05-18 13:04:33.940330 EDT.
May 18 13:04:34 unix dbus-broker-launch[1862]: Activation request for 'org.freedesktop.home1' failed: The systemd unit 'dbus-org.freedesktop.home1.service' could not be found.
May 18 13:04:35 unix systemd[1]: systemd-rfkill.service: Deactivated successfully.
May 18 13:04:40 unix systemd-logind[1904]: New session 1 of user tho.
May 18 13:04:40 unix systemd[1]: Created slice User Slice of UID 1000.
May 18 13:04:40 unix systemd[1]: Starting User Runtime Directory /run/user/1000...
May 18 13:04:40 unix systemd[1]: Finished User Runtime Directory /run/user/1000.
May 18 13:04:40 unix systemd[1]: Starting User Manager for UID 1000...
May 18 13:04:40 unix (systemd)[2508]: pam_warn(systemd-user:setcred): function=[pam_sm_setcred] flags=0x8002 service=[systemd-user] terminal=[] user=[tho] ruser=[<unknown>] rhost=[<unknown>]
May 18 13:04:40 unix (systemd)[2508]: pam_unix(systemd-user:session): session opened for user tho(uid=1000) by tho(uid=0)
May 18 13:04:40 unix systemd[2508]: Queued start job for default target Main User Target.
May 18 13:04:40 unix systemd[2508]: Created slice User Application Slice.
May 18 13:04:40 unix systemd[2508]: Reached target Paths.
May 18 13:04:40 unix systemd[2508]: Reached target Timers.
May 18 13:04:40 unix systemd[2508]: Starting D-Bus User Message Bus Socket...
May 18 13:04:40 unix systemd[2508]: Listening on GnuPG network certificate management daemon.
May 18 13:04:40 unix systemd[2508]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers).
May 18 13:04:40 unix systemd[2508]: Listening on GnuPG cryptographic agent and passphrase cache (restricted).
May 18 13:04:40 unix systemd[2508]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
May 18 13:04:40 unix systemd[2508]: Listening on GnuPG cryptographic agent and passphrase cache.
May 18 13:04:40 unix systemd[2508]: Listening on GnuPG public key management service.
May 18 13:04:40 unix systemd[2508]: Listening on p11-kit server.
May 18 13:04:40 unix systemd[2508]: Listening on PipeWire PulseAudio.
May 18 13:04:40 unix systemd[2508]: Listening on PipeWire Multimedia System Sockets.
May 18 13:04:40 unix systemd[2508]: Listening on D-Bus User Message Bus Socket.
May 18 13:04:40 unix systemd[2508]: Reached target Sockets.
May 18 13:04:40 unix systemd[2508]: Reached target Basic System.
May 18 13:04:40 unix systemd[2508]: Reached target Main User Target.
May 18 13:04:40 unix systemd[2508]: Startup finished in 73ms.
May 18 13:04:40 unix systemd[1]: Started User Manager for UID 1000.
May 18 13:04:40 unix systemd[1]: Started Session 1 of User tho.
May 18 13:04:41 unix systemd[2508]: Created slice User Core Session Slice.
May 18 13:04:41 unix systemd[2508]: Starting D-Bus User Message Bus...
May 18 13:04:41 unix systemd[2508]: Started GnuPG cryptographic agent and passphrase cache.
May 18 13:04:41 unix systemd[2508]: Started D-Bus User Message Bus.
May 18 13:04:41 unix systemd[2508]: Starting Portal service...
May 18 13:04:41 unix systemd[1]: Starting RealtimeKit Scheduling Policy Service...
May 18 13:04:41 unix systemd[2508]: Started PipeWire Multimedia Service.
May 18 13:04:41 unix systemd[2508]: Started Multimedia Service Session Manager.
May 18 13:04:41 unix systemd[2508]: Starting flatpak document portal service...
May 18 13:04:41 unix systemd[1]: Started RealtimeKit Scheduling Policy Service.
May 18 13:04:41 unix systemd[2508]: Starting sandboxed app permission store...
May 18 13:04:41 unix systemd[2508]: Started PipeWire PulseAudio.
May 18 13:04:41 unix systemd[2508]: Started sandboxed app permission store.
May 18 13:04:41 unix systemd[2508]: Started flatpak document portal service.
May 18 13:04:41 unix systemd[2508]: Starting Portal service (wlroots implementation)...
May 18 13:04:41 unix systemd[2508]: Started Portal service (wlroots implementation).
May 18 13:04:41 unix systemd[2508]: Started Portal service.
May 18 13:04:41 unix systemd[2508]: Starting Accessibility services bus...
May 18 13:04:41 unix systemd[2508]: Started Accessibility services bus.
May 18 13:04:41 unix systemd[1]: Starting Time & Date Service...
May 18 13:04:41 unix systemd[1]: Started Time & Date Service.
May 18 13:05:02 unix systemd[1]: systemd-hostnamed.service: Deactivated successfully.
May 18 13:05:03 unix systemd-timesyncd[1853]: Contacted time server 109.197.199.120:123 (2.arch.pool.ntp.org).
May 18 13:05:11 unix systemd[1]: systemd-timedated.service: Deactivated successfully.

treeshateorcs · 2024-05-18T17:44:15Z

journalctl -b | grep systemd-crypt (after enabling debug logs)

May 18 13:39:26 archlinux (sd-e[175]: About to execute /usr/lib/systemd/system-generators/systemd-cryptsetup-generator (null)
May 18 13:39:26 archlinux (sd-e[175]: /usr/lib/systemd/system-generators/systemd-cryptsetup-generator succeeded.
May 18 13:39:26 archlinux systemd[1]: unit_file_build_name_map: normal unit file: /run/systemd/generator/systemd-cryptsetup@root.service
May 18 13:39:26 archlinux systemd[1]: cryptsetup.target: starting held back, waiting for: systemd-cryptsetup@root.service
May 18 13:39:26 archlinux systemd[1]: systemd-cryptsetup@root.service: Will spawn child (service_enter_start): /usr/bin/systemd-cryptsetup
May 18 13:39:26 archlinux systemd[1]: systemd-cryptsetup@root.service: Passing 0 fds to service
May 18 13:39:26 archlinux systemd[1]: systemd-cryptsetup@root.service: About to execute: /usr/bin/systemd-cryptsetup attach root /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e none tpm2-device=auto,discard
May 18 13:39:26 archlinux systemd[1]: systemd-cryptsetup@root.service: Forked /usr/bin/systemd-cryptsetup as 254
May 18 13:39:26 archlinux systemd[1]: systemd-cryptsetup@root.service: Changed dead -> start
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Loaded 'libcryptsetup.so.12' via dlopen()
May 18 13:39:26 archlinux systemd-cryptsetup[254]: run root ← /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e type= cipher=
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Allocating context for crypt device /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Trying to open and read device /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e with direct-io.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Initialising device-mapper backend library.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: dm version   [ opencount flush ]   [16384] (*1)
May 18 13:39:26 archlinux systemd-cryptsetup[254]: dm versions   [ opencount flush ]   [16384] (*1)
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Detected dm-ioctl version 4.48.0.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Device-mapper backend running with UDEV support enabled.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: dm status root  [ opencount noflush ]   [16384] (*1)
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Trying to load any crypt type from device /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Crypto backend (OpenSSL 3.3.0 9 Apr 2024 [default][legacy][threads][argon2]) initialized in cryptsetup library version 2.7.2.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Detected kernel Linux 6.9.1-arch1-1 x86_64.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Loading LUKS2 header (repair disabled).
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Acquiring read lock for device /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Locking directory /run/cryptsetup will be created with default compiled-in permissions.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Opening lock resource file /run/cryptsetup/L_259:2
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Verifying lock handle for /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Device /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e READ lock taken.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Trying to read primary LUKS2 header at offset 0x0.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Opening locked device /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Verifying locked device handle (bdev)
May 18 13:39:26 archlinux systemd-cryptsetup[254]: LUKS2 header version 2 of size 16384 bytes, checksum sha256.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Checksum:8267eb6d494006805af37d05139c9e5d3e21ada67bf7f10bd0334e0a0846d753 (on-disk)
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Checksum:8267eb6d494006805af37d05139c9e5d3e21ada67bf7f10bd0334e0a0846d753 (in-memory)
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Trying to read secondary LUKS2 header at offset 0x4000.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Reusing open ro fd on device /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e
May 18 13:39:26 archlinux systemd-cryptsetup[254]: LUKS2 header version 2 of size 16384 bytes, checksum sha256.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Checksum:540661c6e3da3c93e9ecb7105bd904393672eb2c333f5228a35dbd8637bd7f8d (on-disk)
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Checksum:540661c6e3da3c93e9ecb7105bd904393672eb2c333f5228a35dbd8637bd7f8d (in-memory)
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Device size 1999323095040, offset 16777216.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Device /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e READ lock released.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: PBKDF argon2id, time_ms 2000 (iterations 0), max_memory_kb 1048576, parallel_threads 4.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Activating volume root [keyslot -1] using token.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: dm versions   [ opencount flush ]   [16384] (*1)
May 18 13:39:26 archlinux systemd-cryptsetup[254]: dm status root  [ opencount noflush ]   [16384] (*1)
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Token 0 unusable for segment 0 with desired keyslot priority 2.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Trying to load /usr/lib/cryptsetup/libcryptsetup-token-systemd-tpm2.so.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Loading symbol cryptsetup_token_open@CRYPTSETUP_TOKEN_1.0.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Loading symbol cryptsetup_token_buffer_free@CRYPTSETUP_TOKEN_1.0.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Loading symbol cryptsetup_token_validate@CRYPTSETUP_TOKEN_1.0.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Loading symbol cryptsetup_token_dump@CRYPTSETUP_TOKEN_1.0.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Loading symbol cryptsetup_token_open_pin@CRYPTSETUP_TOKEN_1.0.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Loading symbol cryptsetup_token_version@CRYPTSETUP_TOKEN_1.0.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Token handler systemd-tpm2-1.0 systemd-v255 (255.6-1-arch) loaded successfully.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Requesting JSON for token 0.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Loaded 'libtss2-esys.so.0' via dlopen()
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Loaded 'libtss2-rc.so.0' via dlopen()
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Loaded 'libtss2-mu.so.0' via dlopen()
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Using TPM2 TCTI driver 'device' with device '/dev/tpmrm0'.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Loaded 'libtss2-tcti-device.so.0' via dlopen()
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Loaded TCTI module 'tcti-device' (TCTI module for communication with Linux kernel interface.) [Version 2]
May 18 13:39:26 archlinux systemd-cryptsetup[254]: TPM successfully started up.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Getting TPM2 capability 0x0000 property 0x0001 count 127.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Getting TPM2 capability 0x0002 property 0x011f count 256.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Getting TPM2 capability 0x0008 property 0x0000 count 508.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Getting TPM2 capability 0x0005 property 0x0000 count 1.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Loading HMAC key into TPM.
May 18 13:39:26 archlinux systemd-cryptsetup[254]: Loading object into TPM.
May 18 13:39:27 archlinux systemd-cryptsetup[254]: Starting HMAC encryption session.
May 18 13:39:27 archlinux systemd-cryptsetup[254]: Starting policy session.
May 18 13:39:27 archlinux systemd-cryptsetup[254]: Building sealing policy.
May 18 13:39:27 archlinux systemd-cryptsetup[254]: Reading PCR selection: [sha256(0+2+3+4+5+6+7+9+11+15)]
May 18 13:39:27 archlinux systemd-cryptsetup[254]: Read PCR selection: [sha256(0+2+3+4+5+6+7+9)]
May 18 13:39:27 archlinux systemd-cryptsetup[254]: PCR value: 0:sha256=8acff3632f1ac382f25351679abda72e848b6c801584378d5a219fdf4ab6022d
May 18 13:39:27 archlinux systemd-cryptsetup[254]: PCR value: 2:sha256=3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969
May 18 13:39:27 archlinux systemd-cryptsetup[254]: PCR value: 3:sha256=3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969
May 18 13:39:27 archlinux systemd-cryptsetup[254]: PCR value: 4:sha256=5df2c4ea236a2602c5d6abfa59a647ff8c64ade433ba91e028b0d97da79371c5
May 18 13:39:27 archlinux systemd-cryptsetup[254]: PCR value: 5:sha256=153a414665a0fddbe364993f96f43c1b317ebedd72b10e8dbc6ce44faa68c80a
May 18 13:39:27 archlinux systemd-cryptsetup[254]: PCR value: 6:sha256=3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969
May 18 13:39:27 archlinux systemd-cryptsetup[254]: PCR value: 7:sha256=62b80e0db94078f0a28f0a26f9ed0969eb29c52e5461872e591e1a516be04e96
May 18 13:39:27 archlinux systemd-cryptsetup[254]: PCR value: 9:sha256=9179904140baaf894b52669a252a04647aa843b9681befcfd46087cfe3610294
May 18 13:39:27 archlinux systemd-cryptsetup[254]: Reading PCR selection: [sha256(11+15)]
May 18 13:39:27 archlinux systemd-cryptsetup[254]: Read PCR selection: [sha256(11+15)]
May 18 13:39:27 archlinux systemd-cryptsetup[254]: PCR value: 11:sha256=ee48ec59e0b1afb834e6eba803ba0d1dccded140c165c9b80fc60c8ec3dbde3c
May 18 13:39:27 archlinux systemd-cryptsetup[254]: PCR value: 15:sha256=0000000000000000000000000000000000000000000000000000000000000000
May 18 13:39:27 archlinux systemd-cryptsetup[254]: Submitting PCR hash policy.
May 18 13:39:27 archlinux systemd-cryptsetup[254]: Acquiring policy digest.
May 18 13:39:27 archlinux systemd-cryptsetup[254]: Session policy digest: a9a17648f11e6d3411fa88e2dc230bad9ce975c9c13c7589c8cea55b2694e95c
May 18 13:39:27 archlinux systemd-cryptsetup[254]: Acquiring policy digest.
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Session policy digest: a9a17648f11e6d3411fa88e2dc230bad9ce975c9c13c7589c8cea55b2694e95c
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Current policy digest does not match stored policy digest, cancelling TPM2 authentication attempt.
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Failed to unseal secret using TPM2: Operation not permitted
May 18 13:39:28 archlinux systemd-cryptsetup[254]: systemd-tpm2 open failed: Operation not permitted.
May 18 13:39:28 archlinux systemd-cryptsetup[254]: systemd-tpm2 token handler returned -1. Changing to -2.
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Token 0 (systemd-tpm2) open failed with -2.
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Token activation unsuccessful for device /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e: No such file or directory
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Set cipher aes, mode xts-plain64, key size 512 bits for device /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e.
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Activating volume root [keyslot -1] using token.
May 18 13:39:28 archlinux systemd-cryptsetup[254]: dm versions   [ opencount flush ]   [16384] (*1)
May 18 13:39:28 archlinux systemd-cryptsetup[254]: dm status root  [ opencount noflush ]   [16384] (*1)
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Token 0 unusable for segment 0 with desired keyslot priority 2.
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Requesting JSON for token 0.
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Using TPM2 TCTI driver 'device' with device '/dev/tpmrm0'.
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Loaded 'libtss2-tcti-device.so.0' via dlopen()
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Loaded TCTI module 'tcti-device' (TCTI module for communication with Linux kernel interface.) [Version 2]
May 18 13:39:28 archlinux systemd-cryptsetup[254]: TPM successfully started up.
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Getting TPM2 capability 0x0000 property 0x0001 count 127.
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Getting TPM2 capability 0x0002 property 0x011f count 256.
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Getting TPM2 capability 0x0008 property 0x0000 count 508.
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Getting TPM2 capability 0x0005 property 0x0000 count 1.
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Loading HMAC key into TPM.
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Loading object into TPM.
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Starting HMAC encryption session.
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Starting policy session.
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Building sealing policy.
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Reading PCR selection: [sha256(0+2+3+4+5+6+7+9+11+15)]
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Read PCR selection: [sha256(0+2+3+4+5+6+7+9)]
May 18 13:39:28 archlinux systemd-cryptsetup[254]: PCR value: 0:sha256=8acff3632f1ac382f25351679abda72e848b6c801584378d5a219fdf4ab6022d
May 18 13:39:28 archlinux systemd-cryptsetup[254]: PCR value: 2:sha256=3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969
May 18 13:39:28 archlinux systemd-cryptsetup[254]: PCR value: 3:sha256=3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969
May 18 13:39:28 archlinux systemd-cryptsetup[254]: PCR value: 4:sha256=5df2c4ea236a2602c5d6abfa59a647ff8c64ade433ba91e028b0d97da79371c5
May 18 13:39:28 archlinux systemd-cryptsetup[254]: PCR value: 5:sha256=153a414665a0fddbe364993f96f43c1b317ebedd72b10e8dbc6ce44faa68c80a
May 18 13:39:28 archlinux systemd-cryptsetup[254]: PCR value: 6:sha256=3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969
May 18 13:39:28 archlinux systemd-cryptsetup[254]: PCR value: 7:sha256=62b80e0db94078f0a28f0a26f9ed0969eb29c52e5461872e591e1a516be04e96
May 18 13:39:28 archlinux systemd-cryptsetup[254]: PCR value: 9:sha256=9179904140baaf894b52669a252a04647aa843b9681befcfd46087cfe3610294
May 18 13:39:28 archlinux systemd-cryptsetup[254]: Reading PCR selection: [sha256(11+15)]
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Read PCR selection: [sha256(11+15)]
May 18 13:39:29 archlinux systemd-cryptsetup[254]: PCR value: 11:sha256=ee48ec59e0b1afb834e6eba803ba0d1dccded140c165c9b80fc60c8ec3dbde3c
May 18 13:39:29 archlinux systemd-cryptsetup[254]: PCR value: 15:sha256=0000000000000000000000000000000000000000000000000000000000000000
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Submitting PCR hash policy.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Acquiring policy digest.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Session policy digest: a9a17648f11e6d3411fa88e2dc230bad9ce975c9c13c7589c8cea55b2694e95c
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Acquiring policy digest.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Session policy digest: a9a17648f11e6d3411fa88e2dc230bad9ce975c9c13c7589c8cea55b2694e95c
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Current policy digest does not match stored policy digest, cancelling TPM2 authentication attempt.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Failed to unseal secret using TPM2: Operation not permitted
May 18 13:39:29 archlinux systemd-cryptsetup[254]: systemd-tpm2 open failed: Operation not permitted.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: systemd-tpm2 token handler returned -1. Changing to -2.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Token 0 (systemd-tpm2) open failed with -2.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: No TPM2 metadata enrolled in LUKS2 header or TPM2 support not available, falling back to traditional unlocking.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 0.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 1.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 2.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 3.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 4.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 5.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 6.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 7.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 8.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 9.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 10.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 11.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 12.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 13.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 14.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 15.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 16.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 17.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 18.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 19.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 20.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 21.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 22.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 23.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 24.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 25.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 26.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 27.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 28.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 29.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 30.
May 18 13:39:29 archlinux systemd-cryptsetup[254]: Requesting JSON for token 31.
May 18 13:42:14 archlinux systemd-cryptsetup[254]: Added key to kernel keyring as 586106581.
May 18 13:42:14 archlinux systemd-cryptsetup[254]: Set cipher aes, mode xts-plain64, key size 512 bits for device /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e.
May 18 13:42:14 archlinux systemd-cryptsetup[254]: Not measuring volume key, deactivated.
May 18 13:42:14 archlinux systemd-cryptsetup[254]: Activating volume root [keyslot -1] using passphrase.
May 18 13:42:14 archlinux systemd-cryptsetup[254]: dm versions   [ opencount flush ]   [16384] (*1)
May 18 13:42:14 archlinux systemd-cryptsetup[254]: dm status root  [ opencount noflush ]   [16384] (*1)
May 18 13:42:14 archlinux systemd-cryptsetup[254]: Keyslot 0 priority 1 != 2 (required), skipped.
May 18 13:42:14 archlinux systemd-cryptsetup[254]: Keyslot 1 priority 1 != 2 (required), skipped.
May 18 13:42:14 archlinux systemd-cryptsetup[254]: Trying to open LUKS2 keyslot 0.
May 18 13:42:14 archlinux systemd-cryptsetup[254]: Taking global memory-hard access serialization lock.
May 18 13:42:14 archlinux systemd-cryptsetup[254]: Acquiring blocking write lock for resource memory-hard-access.
May 18 13:42:14 archlinux systemd-cryptsetup[254]: Opening lock resource file /run/cryptsetup/LN_memory-hard-access
May 18 13:42:14 archlinux systemd-cryptsetup[254]: Verifying lock handle for memory-hard-access.
May 18 13:42:14 archlinux systemd-cryptsetup[254]: WRITE lock for resource memory-hard-access taken.
May 18 13:42:14 archlinux systemd-cryptsetup[254]: Running keyslot key derivation.
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Unlocking WRITE lock for resource memory-hard-access.
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Reading keyslot area [0x8000].
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Acquiring read lock for device /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e.
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Opening lock resource file /run/cryptsetup/L_259:2
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Verifying lock handle for /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e.
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Device /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e READ lock taken.
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Reusing open ro fd on device /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Device /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e READ lock released.
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Verifying key from keyslot 0, digest 0.
May 18 13:42:26 archlinux systemd-cryptsetup[254]: dm target-version crypt  [ opencount flush ]   [16384] (*1)
May 18 13:42:26 archlinux systemd-cryptsetup[254]: dm versions   [ opencount flush ]   [16384] (*1)
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Detected dm-crypt version 1.25.0.
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Loading key (type logon, name cryptsetup:3ce8de15-2727-44a4-b16b-f2c08eca781e-d0) in thread keyring.
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Using persistent flag allow-discards.
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Using persistent flag no-read-workqueue.
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Using persistent flag no-write-workqueue.
May 18 13:42:26 archlinux systemd-cryptsetup[254]: dm versions   [ opencount flush ]   [16384] (*1)
May 18 13:42:26 archlinux systemd-cryptsetup[254]: dm status root  [ opencount noflush ]   [16384] (*1)
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Calculated device size is 3904895152 sectors (RW), offset 32768.
May 18 13:42:26 archlinux systemd-cryptsetup[254]: DM-UUID is CRYPT-LUKS2-3ce8de15272744a4b16bf2c08eca781e-root
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Udev cookie 0xd4d40aa (semid 0) created
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Udev cookie 0xd4d40aa (semid 0) incremented to 1
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Udev cookie 0xd4d40aa (semid 0) incremented to 2
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Udev cookie 0xd4d40aa (semid 0) assigned to CREATE task(0) with flags DISABLE_LIBRARY_FALLBACK         (0x20)
May 18 13:42:26 archlinux systemd-cryptsetup[254]: dm create root CRYPT-LUKS2-3ce8de15272744a4b16bf2c08eca781e-root [ opencount flush ]   [16384] (*1)
May 18 13:42:26 archlinux systemd-cryptsetup[254]: dm reload   (254:0) [ opencount flush securedata ]   [16384] (*1)
May 18 13:42:26 archlinux systemd-cryptsetup[254]: dm resume root  [ opencount flush securedata ]   [16384] (*1)
May 18 13:42:26 archlinux systemd-cryptsetup[254]: root: Stacking NODE_ADD (254,0) 0:0 0600 [trust_udev]
May 18 13:42:26 archlinux systemd-cryptsetup[254]: root: Stacking NODE_READ_AHEAD 256 (flags=1)
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Udev cookie 0xd4d40aa (semid 0) decremented to 1
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Udev cookie 0xd4d40aa (semid 0) waiting for zero
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Udev cookie 0xd4d40aa (semid 0) destroyed
May 18 13:42:26 archlinux systemd-cryptsetup[254]: root: Skipping NODE_ADD (254,0) 0:0 0600 [trust_udev]
May 18 13:42:26 archlinux systemd-cryptsetup[254]: root: Processing NODE_READ_AHEAD 256 (flags=1)
May 18 13:42:26 archlinux systemd-cryptsetup[254]: root (254:0): read ahead is 256
May 18 13:42:26 archlinux systemd-cryptsetup[254]: root: retaining kernel read ahead of 256 (requested 256)
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Releasing crypt device /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e context.
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Releasing device-mapper backend.
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Closing read only fd for /dev/disk/by-uuid/3ce8de15-2727-44a4-b16b-f2c08eca781e.
May 18 13:42:26 archlinux systemd-cryptsetup[254]: Unloading systemd-tpm2 token handler.
May 18 13:42:26 archlinux systemd[1]: Received SIGCHLD from PID 254 (systemd-cryptse).
May 18 13:42:26 archlinux systemd[1]: Child 254 (systemd-cryptse) died (code=exited, status=0/SUCCESS)
May 18 13:42:26 archlinux systemd[1]: systemd-cryptsetup@root.service: Child 254 belongs to systemd-cryptsetup@root.service.
May 18 13:42:26 archlinux systemd[1]: systemd-cryptsetup@root.service: Main process exited, code=exited, status=0/SUCCESS (success)
May 18 13:42:26 archlinux systemd[1]: systemd-cryptsetup@root.service: Changed start -> exited
May 18 13:42:26 archlinux systemd[1]: systemd-cryptsetup@root.service: Job 10 systemd-cryptsetup@root.service/start finished, result=done
May 18 13:42:26 archlinux systemd[1]: systemd-cryptsetup@root.service: Control group is empty.
May 18 13:42:27 unix (sd-exec-[1487]: About to execute /usr/lib/systemd/system-generators/systemd-cryptsetup-generator (null)
May 18 13:42:27 unix (sd-exec-[1487]: /usr/lib/systemd/system-generators/systemd-cryptsetup-generator succeeded.
May 18 13:42:27 unix systemd[1]: systemd-cryptsetup@root.service: Installed new job systemd-cryptsetup@root.service/stop as 268

P.S.:
i used this command to configure TPM

sudo systemd-cryptenroll /dev/nvme0n1p2 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=0,2,3,4,5,6,7,9,11,15

apparently that's too much. i just tried with

sudo systemd-cryptenroll /dev/nvme0n1p2 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=0+7

and it decrypted successfuly. (btw are commas vs pluses significant?)

P.P.S:

apparently it stops working when i enable either 11 or 15 (even though they don't change)

this works

sudo systemd-cryptenroll /dev/nvme0n1p2 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=0+2+3+4+5+6+7+9

Faerbit added the bug 🐛 Programming errors, that need preferential fixing label Dec 20, 2023

github-actions bot added the cryptsetup label Dec 20, 2023

poettering added the ci-fails/needs-rework 🔥 Please rework this, the CI noticed an issue with the PR label Dec 20, 2023

bluca added needs-reporter-feedback ❓ There's an unanswered question, the reporter needs to answer and removed ci-fails/needs-rework 🔥 Please rework this, the CI noticed an issue with the PR labels Dec 20, 2023

bluca removed the needs-reporter-feedback ❓ There's an unanswered question, the reporter needs to answer label Dec 21, 2023

Faerbit mentioned this issue Jan 16, 2024

Fix tpm unsealing when using RSA public key signatures #30971

Merged

bluca linked a pull request Jan 17, 2024 that will close this issue

Fix tpm unsealing when using RSA public key signatures #30971

Merged

poettering closed this as completed in #30971 Jan 17, 2024

Itxaka mentioned this issue May 21, 2024

[UKI] Cant unlock luks device after adding new certs to EFI #32946

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

systemd-cryptsetup fails to unseal secret from TPM #30546

systemd-cryptsetup fails to unseal secret from TPM #30546

Faerbit commented Dec 20, 2023 •

edited

Loading

poettering commented Dec 20, 2023

Faerbit commented Dec 20, 2023

poettering commented Dec 21, 2023

Faerbit commented Dec 21, 2023

Faerbit commented Dec 22, 2023

thesamesam commented Dec 23, 2023

ddstreet commented Jan 4, 2024

Faerbit commented Jan 4, 2024 •

edited

Loading

ddstreet commented Jan 5, 2024

ddstreet commented Jan 5, 2024

Faerbit commented Jan 5, 2024

ddstreet commented Jan 5, 2024

Faerbit commented Jan 5, 2024

ddstreet commented Jan 12, 2024

ddstreet commented Jan 16, 2024

treeshateorcs commented May 18, 2024 •

edited

Loading

treeshateorcs commented May 18, 2024 •

edited

Loading

systemd-cryptsetup fails to unseal secret from TPM #30546

systemd-cryptsetup fails to unseal secret from TPM #30546

Comments

Faerbit commented Dec 20, 2023 • edited Loading

systemd version the issue has been seen with

Used distribution

Linux kernel version used

CPU architectures issue was seen on

Component

Expected behaviour you didn't see

Unexpected behaviour you saw

Steps to reproduce the problem

Additional program output to the terminal or log subsystem illustrating the issue

poettering commented Dec 20, 2023

Faerbit commented Dec 20, 2023

poettering commented Dec 21, 2023

Faerbit commented Dec 21, 2023

Faerbit commented Dec 22, 2023

thesamesam commented Dec 23, 2023

ddstreet commented Jan 4, 2024

Faerbit commented Jan 4, 2024 • edited Loading

ddstreet commented Jan 5, 2024

ddstreet commented Jan 5, 2024

Faerbit commented Jan 5, 2024

ddstreet commented Jan 5, 2024

Faerbit commented Jan 5, 2024

ddstreet commented Jan 12, 2024

ddstreet commented Jan 16, 2024

treeshateorcs commented May 18, 2024 • edited Loading

treeshateorcs commented May 18, 2024 • edited Loading

Faerbit commented Dec 20, 2023 •

edited

Loading

Faerbit commented Jan 4, 2024 •

edited

Loading

treeshateorcs commented May 18, 2024 •

edited

Loading

treeshateorcs commented May 18, 2024 •

edited

Loading