Unlocking Ubuntu LUKS2 encryption automatically at boot

Posted on

Note to self. Tired of asking for a KVM every time you need to reboot your server to unlock your LUKS2 encryption?

Install prerequisites

apt-get -y install clevis clevis-tpm2 clevis-luks clevis-initramfs initramfs-tools tss2

clevis luks bind -d /dev/your-disk tpm2 '{"pcr_bank":"sha256"}'

update-initramfs -u -k all

Is it really there?

clevis luks list -d /dev/your-disk

It’d be wise to request a KVM before you actually give it a try. Just in case. Learn from my mistakes.

Mate Gelei-Szego

Experienced cloud engineer with a background in software development, service management and finance.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.