initramfs: Add tpm2-tss & systemd-pcrphase for LUKS unlocking

Enable both modules to make it easier to setup TPM bound LUKS device unlocking. See: https://gitlab.com/fedora/ostree/sig/-/issues/33
2024-05-31 16:11:05 +02:00 · 2024-05-31 16:11:05 +02:00 · 440fa5e438
commit 440fa5e438
parent 5585f60aa0
1 changed files with 9 additions and 0 deletions
--- a/initramfs.yaml
+++ b/initramfs.yaml
@ -27,3 +27,12 @@ postprocess:
    # save much space. So let's disable it to avoid the error-looking message.
    do_strip=no
    EOF
+
+  - |
+    #!/usr/bin/env bash
+    set -xeuo pipefail
+
+    cat > /usr/lib/dracut/dracut.conf.d/20-atomic-tpm-luks.conf << 'EOF'
+    # Add support for systemd-cryptsetup and tpm2-tss LUKS locking
+    add_dracutmodules+=" tpm2-tss systemd-pcrphase "
+    EOF