Hello,
Can someone please help me setup FDE with TPM on Garuda?
I am using TPM2.0 and enrolled for FDE during install of the OS with the default partition setup. I tried following the below article, but I am literally stuck at this point “regenerate initramfs and the EFI image and reboot your system.” Additionally I tried to follow the arch wiki for “Trusted Platform Module”, but the information is scarce for the noob level I’m on.
Full Disk Encryption on Arch Linux backed by TPM 2.0
Edit: The idea is to boot automatically without the prompt for encryption password.
This is the result of trying to follow the archwiki
lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
zram0 253:0 0 1,7G 0 disk [SWAP]
zram1 253:1 0 1,7G 0 disk [SWAP]
zram2 253:2 0 1,7G 0 disk [SWAP]
zram3 253:3 0 1,7G 0 disk [SWAP]
zram4 253:4 0 1,7G 0 disk [SWAP]
zram5 253:5 0 1,7G 0 disk [SWAP]
zram6 253:6 0 1,7G 0 disk [SWAP]
zram7 253:7 0 1,7G 0 disk [SWAP]
nvme0n1 259:0 0 476,9G 0 disk
├─nvme0n1p1 259:1 0 260M 0 part /boot/efi
├─nvme0n1p2 259:2 0 461,7G 0 part
│ └─luks-8f3f9d43-b54b-4b61-bf40-fc9d9fb8556d 254:0 0 461,7G 0 crypt /var/tmp
└─nvme0n1p3 259:3 0 15G 0 part
└─luks-599fd87d-20b3-4cbe-9e85-1cb964ee756a 254:1 0 15G 0 crypt [SWAP]
sudo systemd-cryptenroll --tpm2-device=/dev/tpmrm0 /dev/nvme0n1p2
Failed to load LUKS2 superblock: Invalid argument
sudo systemd-cryptenroll --tpm2-device=/dev/tpmrm0 /dev/nvme0n1
Failed to load LUKS2 superblock: Invalid argument
Thanks…