I set up a thumb drive with an encrypted partition with LUKS2. When I
insert it, I get prompted for the password and that works. I'd like to
have it automatically opened when I insert it in my main computer, so I
used clevis to add a key using TPM2. I can successfully open it without
a password by running "clevis luks unlock -d /dev/sda1", but it doesn't
work automatically on insert. I'm running MATE desktop, and I made sure
clevis-udisks2 was installed (and I see it running); I thought that
should handle it, but I see log messages like:
n 18 12:01:13 audit[2424]: USER_DEVICE pid=2424 uid=0 auid=1000 ses=2
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=recovered-key-for
uuid=6f23603a-982d-4dd1-ac5e-50237b016666 device="/dev/sda1"
exe="/usr/libexec/clevis-luks-udisks2" hostname=? addr=? terminal=?
res=failed'
Am I misunderstanding how this should work, do I need to do something
more, ??
--
Chris Adams <linux(a)cmadams.net>
Show replies by date