tpm2-totp
tpm2-totp copied to clipboard
TOTP code not shown by Debian 12 running cryptroot-unlock
I am experimenting with Debian 12 (bookworm) and measured boot. For that, I have compiled (current latest revision 826c103) and initialized tpm2-totp successfully.
./configure --sysconfdir=/etc --prefix /usr
make -j$(nproc)
make install
tpm2-totp init
When requesting the TOTP value with tpm2-totp show -t
I get the correct value 2023-05-06 16:45:06: 005163root@vmware ~ #
. I also have installed plymouth
that gets also added to the initramfs.
When trying to unlock the encrypted disk from initramfs, however the TOTP values are not shown until the LUKS password was entered locally, which is not what is the intended use of measured boot. ;-)
When logging in via dropbear TOTP values are also not displayed automatically. However, having tpm2-totp
added to the initramfs, the correct TOTP values are displayed. The execution of plymouth-tpm2-totp -t
from command prompt blocks, but does not output any text on the following line (cursor stays on line start):
~ # plymouth-tpm2-totp -t
Here is a screenshot of the output when operating on console (not via dropbear; roughly waited 5 minutes until LUKS password was entered):
Just for completion, the built Debian package is here (.zip file because Github doesn't support extension .deb): tpm2-totp_0.3.0+git20230105.826c103-1.deb.zip
Does anyone have an idea what I am doing wrong? May this be related to #92?