From 440fa5e438bc7573de380a2a16aac2b06ce37c19 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr>
Date: Fri, 31 May 2024 16:11:05 +0200
Subject: [PATCH] initramfs: Add tpm2-tss & systemd-pcrphase for LUKS unlocking

Enable both modules to make it easier to setup TPM bound LUKS device
unlocking.

See: https://gitlab.com/fedora/ostree/sig/-/issues/33
---
 initramfs.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/initramfs.yaml b/initramfs.yaml
index 02925dd..002d77a 100644
--- a/initramfs.yaml
+++ b/initramfs.yaml
@@ -27,3 +27,12 @@ postprocess:
     # save much space. So let's disable it to avoid the error-looking message.
     do_strip=no
     EOF
+
+  - |
+    #!/usr/bin/env bash
+    set -xeuo pipefail
+
+    cat > /usr/lib/dracut/dracut.conf.d/20-atomic-tpm-luks.conf << 'EOF'
+    # Add support for systemd-cryptsetup and tpm2-tss LUKS locking
+    add_dracutmodules+=" tpm2-tss systemd-pcrphase "
+    EOF