[GUIDE] Setup TPM2 Autodecrypt

I want to share some of my experience setting up TPM2 auto-decrypt LUKS full-disk encryption. Although I have been using Linux for a while, I have always been avoiding doing any configuration that is not in the GUI, so I think this will be a good place for me to collect some suggestions about my setup.

TLDR: Just Show Me The Command

Use lsblk or gnome disk application to find the LUKS full disk encryption partition. The partition is most likely /dev/nvme0n1p3. Run

sudo systemd-cryptenroll --wipe-slot tpm2 --tpm2-device auto --tpm2-pcrs "1+3+5+7+11+12+14+15" /dev/nvme0n1p3
sudo dracut -f

where /dev/nvme0n1p3 is your LUKS partition. Enter your LUKS password when prompt, and restart, you should not see a password prompt.

If this stopped working after a firmware or bootloader update, run

sudo dracut -f

to re-build initramfs.

NOTE: These commands only works with TPM2 and LUKS2, which should not be a problem on framework laptops as of the time of writing; you will also need to have LUKS full disk encryption. If you selected full disk encryption when installing your distro, you will likely be fine.

Configuration Explaination

systemd-cryptenroll v.s. clevis

This configuration is copied from this fedora magazine article, which is an update from an older article.

The systemd-cryptenroll method is easier to set up and more user-friendly than clevis in the previous older articles.

System Integrity Configuration

An important configuration is to specify under what condition the TPM will release the key. This is specified by "1+3+5+7+11+12+14+15" in the command, the original article recommend "0+1+2+3+4+5+7+9".

Several Common configs:

• my config: "1+3+5+7+11+12+14+15", probably an overkill, reasons specified below.
• config recommended by fedora magazine article: "0+1+2+3+4+5+7+9",
• default config: "7", you will only need to enter password when secure boot is disabled
• my recommended minimal config: "1+7", according to the doc, you will only need to enter password on hardware change and when secure boot is disabled.

Here are the reasons for my config:

• I omitted 9 (Linux Kernel and grub), which requires rebuild every time there is a kernel update. As Fedora updates the Kernel quite often, I omitted this integrety check.
• I omitted 4 because I observed a change in its signature after a kernel update. I am assuming it will sometimes be changed by an regular update.
• I omitted 0 (firmware) and 2 (pluggable hardware), because it is explicitly recommended against by systemd-cryptenroll man page
• I added 11 (ELF kernel image, embedded initrd and other payload of the PE image ) and 14 (shim) because 7, 11, 14 is recommended by systemd-cryptenroll man page
• I added 12 (kernel-config) because I don’t typically change kernel parameters
• I added 15 (volume key of activated LUKS volumes), because I don’t imagine I would change the LUKS volumes.

Please pick and choose a setup that works for you. For more info, please refer to systemd-cryptenroll man page and Linux TPM PCR Registry Spec

Some Common Misconceptions:

Full-disk Encryption (FDE): I always thought that the disk is decrypted the moment password is provided. However, that is not the case: all the data on the disk is constantly encrypted, and data is only decrypted when reading into the ram. Hence in order to break full-disk encryption, the attacker will need:

• the powered-on laptop with LUKS password already provided;
• read the key from RAM.

So it is unlikely for any ordinary attacker to break FDE, except de-LUKS which is carried out by swapping initrd. I am not sure if this is addressed by secure boot. Read more about the future of fedora encryption, TPM, and secure boot here.

Secure Boot: An old myth states that secure boot is invented to help Microsoft lock down the BIOS and prevent installation of alternative OS. However, I don’t think it is the case, since most Linux distro works with secure boot, and Mok can be used to sign custom kernels.

TPM and security implications: TPM is a way to store keys that is not readable by the rest of the system. You can save the password in TPM, and it will be released to RAM when it is requested by a specific program under specific conditions (when system integrity is checked).

However, TPM is called “Trusted” Platform Module, not “Trustworthy” Platform Module. There is no guarantee that it will do what it claims to do, see here and here; both example are taken from the “Security Implication” section of this fedora magazine article.

Being a security-critical module. I would trust framework to do basic verification of the trust-worthiness of their suppliers. However, just keep in mind, using TPM is less secure than entering the password manually; but you can use a much more complicated password when using TPM (backup your LUKS key in a safe or a password manager like bitwarden), enhancing the security of the TPM method.

Will I be locked out of my OS?: as long as you have your LUKS key (backup your key!)and the working ssd, you should boot just fine, even after hardware changes.

Other useful resources:

• Command to read TPM event log: sudo tpm2 eventlog /sys/kernel/security/tpm0/binary_bios_measurements or sudo fwupdtpmevlog
• Command to get current pcr value: sudo tpm2 pcrread, you can log the pcr value before an update sudo tpm2 pcrread > ~/Download/pcr.txt and compare the value after the update, to see which measurement is changed. You can choose to remove the check that is changed by a system update. For example, we can remove check 15 simply by rerun cryptenroll:

sudo systemd-cryptenroll --wipe-slot tpm2 --tpm2-device auto --tpm2-pcrs "1+3+5+7+11+12+14" /dev/nvme0n1p3
sudo dracut -f

Notice the differece between these commands and the original command, 15 is no longer in "1+3+5+7+11+12+14"

• Change LUKS key, just use gnome disk application, select the LUKS partition, click the gear icon, and select “change passpharse”. You can set a much stronger password after setting up TPM autodecrypt (Again, backup your key).

Further Reading

• ArchWiki
• systemd-cryptenroll man page
• Linux TPM PCR Registry Spec
• The original post that this config is based on, and the older (outdated?) article
• Future of Encryption in Fedora desktop variants

This is neat write up.
I have been doing casual readings to understand this whole process of tmp unlocking. I have yet to be annoyed enough with typing in an extra password to implement this.

Pinning as a guide, nicely done.

On my systems, the /boot block device, containing the initramfs images, is encrypted, too. Only the /boot/efi is not, so one would have to replace the GRUB’s efi binary. However, I take it that this one can be signed and then verified before startup.

I would be happy to see how to do it

I’ve been looking for something like this for a while though since I mainly use Ubuntu I would wonder what options you use for initramfs-tools:

sudo update-initramfs -c -k all

Is there a way to tie this into the the fingerprint reader so most of the time I can use that instead of the password to decrypt luks or for power on? Thinkpads offer something like this but it seems tied into the bios and happens before boot/luks.

Not something I see happening, but there is a lively discussion on it here. It’s an interesting idea.

It seems like I no longer have permission to edit this topic. I just want to share that I removed pcr 3 and 5 from my setup, so that I don’t need to enter password after update. This enables me to set a much stronger password (25 character random password).

So my current setup is:

sudo systemd-cryptenroll --wipe-slot tpm2 --tpm2-device auto --tpm2-pcrs "1+7+11+12+14+15" /dev/nvme0n1p3

I also realized that the TPM stops decrypting the disk after adding a stick of ram. I have tried to rebuild using sudo dracut -f to no avail.
This problem can be fixed by temporarily removing 1 from pcr:

sudo systemd-cryptenroll --wipe-slot tpm2 --tpm2-device auto --tpm2-pcrs "7+11+12+14+15" /dev/nvme0n1p3
sudo dracut -f

reboot (should not see the LUKS password), then

sudo systemd-cryptenroll --wipe-slot tpm2 --tpm2-device auto --tpm2-pcrs "1+7+11+12+14+15" /dev/nvme0n1p3
sudo dracut -f

Sounds like you were able to craft a solution! Outstanding, appreciate you sharing this with us.

I confirm - good job!

I however, coming from the Security/Monitoring side (IT), know that whatever is automated can be cracked easily. Reason that if I use full disk encryption, I take the time to always type in the password, and use the actual key on a separate USB drive.
Biometrics are a way to have one’s finger cut or forced onto the device to unlock it.
Automatically unlocking the encrypted drive using TPM (even with all the side-conditions set), unlocks the drive. So makes the system and its data more “accessible”.

I just put this here for awareness! And everyone needs to know how he wants to handle it

Very helpful guide! I was able to get the TPM token enrolled but for some reason I am still being prompted for a LUKS password on boot. rebuilding initramfs doesn’t seem to change anything either. I’ve also tried eliminating different pcrs values but no luck unfortunately. Would anyone happen to have suggestions?

Current config -
Pop_OS 22.04LTS
Kernel 6.6.6

Framework 13 Ryzen 7840u
BIOS v. 3.03
TPM Operation - Enabled

I have discovered a very weird problem with this. When my laptop runs out of battery, plug in a charger, and immediately startup, the pcr value for “1” would change.

However, if you charge the laptop for a while (I have tested charging to 20%), the laptop startsup normally without changing any pcr value.

So the lesson is either remove “1” from the measurement, or charge a while before powering on the laptop.

This is quite unexpected as Linux TPM PCR Registry states that “1” measures

Core system firmware data/host platform configuration; typically contains serial and model numbers

and systemd-cryptenroll man page states that “1” measures:

Core system firmware data/host platform configuration; typically contains serial and model numbers, changes on basic hardware/CPU/RAM replacements

Yet, none of them mentions that this would change when the charge runs out. Maybe framework engineers can provide a better guess on what is happening here?

This is not working for me, on a fully up to date Fedora 39. Confirmed that I’m not monitoring any of the PCR values that are changing on reboot, and tried rebuilding initramfs and rebooting a few times now. The linked guide has an additional step to “Add the tpm2-tss module to your dracut configuration”. Going to try that now, but should that be necessary?

Edit: All good now after running the referenced command. Might want to add that to the guide, assuming it is a necessary step and not something odd about my setup.

I would be interested in knowing how much of a charge exactly the laptop needs. It could be that the system simply didn’t have enough time to initialize completely. Maybe plugging it in and waiting 10 seconds, for example, is all you really need?

I think you are referring

echo "add_dracutmodules+=\" tpm2-tss \"" | sudo tee /etc/dracut.conf.d/tpm2.conf
add_dracutmodules+=" tpm2-tss "

It might be necessary on some systems. I don’t recall needing to do that on my silverblue. Unfortunately, I can no longer update the original post, so people will need to scroll down to here to see the command.

More info on setting this up on silverblue (or other rpm-ostree-based distro): https://www.reddit.com/r/Fedora/comments/uo4ufq/any_way_to_get_systemdcryptenroll_working_on/

@Matt_Hartley I can no longer modify the original post, however, I just realized that there seems to be serious security issue with TPM2 autodecrypt on both Linux and Windows:

• TPM Sniffing Attacks Against Non-Bitlocker Targets
• GitHub - Wack0/bitlocker-attacks: A list of public attacks on BitLocker

It seems like people with physical access can by-pass TPM by sniffing the BitLocker/LUKS key. So I think this is something that we need to inform the user of this guide.

Unless there something I don’t know, I thought the TPM that FW13/16 is using is part of Microsoft Pluton co-processor which is internal so in theory we shouldn’t be affected by this

This did not work for me whatsoever, I’m not sure what I’m doing wrong.

1. Reset and cleared TPM data in BIOS
2. Checked for secure boot and the presence of a TPM2 chip (yes)
3. Installed tpm2-tools (not in instructions but needed it to proceed)
4. Followed the install instructions in the fedoramagazine link (using apt instead of dnf bc using Zorin/Ubuntu)
5. Ran this command:

echo "add_dracutmodules+=\" tpm2-tss \"" | sudo tee /etc/dracut.conf.d/tpm2.conf
add_dracutmodules+=" tpm2-tss "

6. Used OP’s “updated” command in this post
7. Restarted

The prompt to enter the password at boot looks different (simple command line interface) but other than that I still need to enter it to decrypt.

I’m not sure where to look for help, the only thing I can think of is dracut -f gives this at the end:

dracut: dracut module 'tpm2-tss' cannot be found or installed.

Adding the dracut module was required for me on a fresh install of Fedora 39. IMO, a moderator ought to put this information in the original post, since you cannot access it any more.