On 09 June, 2021 - Christoph Biedl wrote:
> Control: severity 989648 important
> Control: tags 989648 confirmed upstream patch
> Control: fixed 989648 12-1
>
> Anton Lundin wrote...
>
> > I'm playing around with a tpm which only supports sha256, and the clevis
> > fails:
> >
> > # clevis luks bind -k X -d /dev/Y tpm2 '{"pcr_bank": "sha256",
> > # "pcr_ids":"7"}'
> > WARN: Ignore unsupported bank/algorithm: sha1(0x0004)
> > ERROR: Unable to run tpm2_pcrlist
> > Creating PCR hashes file failed!
> >
> > This is because a bug in clevis-tpm2:
> > https://github.com/latchset/clevis/commit/67fc67c15fdf6fd053b261d123ae58d9e55f1991
> >
> > I suggest backporting that upstream fix to get clevis-tpm2 working
> > with sha256 tpm's.
>
> Hello,
>
> thanks for reporting - since there is a buster point release in ten
> days, there is a chance to have this fixed very soon. However, as I
> cannot access my test hardware in that short time, can you confirm that
> the patch mentioned fixes your issue, and there are no other related
> issues that should get handled as well? (The latter since I'd really
> like to avoid having to do another bugfix upload later.)
>
> Since I'd need a day for the related paperwork, please reply by tomorrow
> (June 10th) evening the latest. Else it would have to wait another two
> or three months.
I've already applied that patch locally and it fixes so I can configure
pcr_bank sha256 and clevis luks tpm works on my system.
So, I can confirm that the mentioned patch fixes my issue and I haven't
seen any other side effects of it. I'm pretty sure it was just a typo.
//Anton
