I installed EndeavourOS Gemini 2024.04.20 about half a year ago and I can’t for the life of me remember if there was a mention that the TPM function was used for the root encryption. What I can find online is that it’s possible.
Now I get a prompt every time I start the system because I changed the CPU recently and had fTPM enabled. The UEFI wants to reset the fTPM and if I do use it, I will be having issues booting. In the past it was used for a Windows 10 install with BitLocker, but it has since been wiped of the boot drive.
The second question I have is how to change the LUKS password. I chose a very long password (>24 chars) which I regularly mistype, after two tries it forces you to shell to reboot.
Oh wow, thanks for the very detailed and useful info !
lsblk gave this output: └─nvme0n1p2 crypto_LUKS 2
I’ve read LUKS v2 could make stuff more complicated. I was not aware that there are multiple passphrase slots, this would probably enable me to use Yubikeys as well as a “shortcut” to a long passphrase ?
LUKS2 is not fully supported by Grub, so I have avoided using it for my system drive. But I use it on my secondary and external drives.
If LUKS2 is already set up and your system is booting without issue, I suspect you’ll be ok?
Hopefully someone else can assist with your TPM question. I have no experience there so I’d rather leave that alone, although if you haven’t already, the Wiki has a number of articles that touch on it.
Thanks for the suggestion @Pudge , I also encountered that page while looking. It doesn’t specifically mention a way to figure out if I was using it, some discussion about it makes me think it wasn’t. I have to use a password each boot and also, it was already in use with my previous Windows install. I’m not sure it would have been possible without clearing the TPM first.
In the directory /sys/class/tpm nothing’s there either.