Unlocking Ubuntu LUKS2 encryption automatically at boot » 25 March 2024

Tired of asking for a KVM every time you need to reboot your server to unlock your LUKS2 encryption?

# Install prerequisites
apt-get -y install clevis clevis-tpm2 clevis-luks clevis-initramfs initramfs-tools tss2


clevis luks bind -d /dev/your-disk tpm2 '{"pcr_bank":"sha256"}'

update-initramfs -u -k all

# Is it really there?
clevis luks list -d /dev/your-disk

It’d be wise to request a KVM before you actually give it a try. Just in case. Learn from my mistakes.

« Back to posts