Control: severity 989648 important Control: tags 989648 confirmed upstream patch Control: fixed 989648 12-1
Anton Lundin wrote...
> I'm playing around with a tpm which only supports sha256, and the clevis
> fails:
>
> # clevis luks bind -k X -d /dev/Y tpm2 '{"pcr_bank": "sha256",
> # "pcr_ids":"7"}'
> WARN: Ignore unsupported bank/algorithm: sha1(0x0004)
> ERROR: Unable to run tpm2_pcrlist
> Creating PCR hashes file failed!
>
> This is because a bug in clevis-tpm2:
> https://github.com/latchset/clevis/commit/67fc67c15fdf6fd053b261d123ae58d9e55f1991
>
> I suggest backporting that upstream fix to get clevis-tpm2 working
> with sha256 tpm's.
Hello,
thanks for reporting - since there is a buster point release in ten
days, there is a chance to have this fixed very soon. However, as I
cannot access my test hardware in that short time, can you confirm that
the patch mentioned fixes your issue, and there are no other related
issues that should get handled as well? (The latter since I'd really
like to avoid having to do another bugfix upload later.)
Since I'd need a day for the related paperwork, please reply by tomorrow
(June 10th) evening the latest. Else it would have to wait another two
or three months.
Regards,
Christoph
signature.asc
Description: PGP signature
