Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Problem with Clevis
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
Zitan
n00b
n00b


Joined: 16 Jun 2007
Posts: 74

PostPosted: Fri Nov 15, 2024 2:54 pm    Post subject: Problem with Clevis Reply with quote

I am facing an issue with getting Clevis tokens to work with Cryptsetup on my Gentoo system. Despite installing app-crypt/clevis and sys-fs/cryptsetup with the necessary USE flags, the expected file /usr/lib64/cryptsetup/libcryptsetup-token-clevis.so is missing, and I cannot bind Clevis with LUKS. Here is a detailed breakdown of what I have tried so far:

Installed Packages and Flags:
1. Clevis:
Code:

equery uses app-crypt/clevis
[ Legend : U - final flag setting for installation]
[        : I - package is installed with flag     ]
* Found these USE flags for app-crypt/clevis-20-r1:
  U I
  + + luks : Enable LUKS support
  + + tpm  : Enable TPM support


2. Cryptsetup:
Code:

equery uses sys-fs/cryptsetup
[ Legend : U - final flag setting for installation]
[        : I - package is installed with flag     ]
* Found these USE flags for sys-fs/cryptsetup-2.7.5:
  U I
  + + argon2      : Enable password hashing algorithm from app-crypt/argon2
  + + nls         : Add Native Language Support
  + + openssl     : Use dev-libs/openssl crypto backend
  + + udev        : Enable udev integration
  - - fips        : Disable FIPS mode restrictions
  - - kernel      : Disable kernel crypto backend
  - - nettle      : Disable nettle crypto backend



Code:

journalctl | grep libcryptsetup-token-clevis.so
lis 11 03:52:56 Acer-SF314-511 systemd-cryptsetup[578]: Trying to load /usr/lib64/cryptsetup/libcryptsetup-token-clevis.so.
lis 11 03:52:56 Acer-SF314-511 systemd-cryptsetup[578]: /usr/lib64/cryptsetup/libcryptsetup-token-clevis.so: cannot open shared object file: No such file or directory
lis 15 10:33:55 Acer-SF314-511 systemd-cryptsetup[446]: Trying to load /usr/lib64/cryptsetup/libcryptsetup-token-clevis.so.
lis 15 10:33:55 Acer-SF314-511 systemd-cryptsetup[446]: /usr/lib64/cryptsetup/libcryptsetup-token-clevis.so: cannot open shared object file: No such file or directory
lis 15 10:57:30 Acer-SF314-511 systemd-cryptsetup[467]: Trying to load /usr/lib64/cryptsetup/libcryptsetup-token-clevis.so.
lis 15 10:57:30 Acer-SF314-511 systemd-cryptsetup[467]: /usr/lib64/cryptsetup/libcryptsetup-token-clevis.so: cannot open shared object file: No such file or directory

After installation, the file /usr/lib64/cryptsetup/libcryptsetup-token-clevis.so is not present. As a result, I cannot bind Clevis with LUKS. Running the following command fails:
Code:

ls /usr/lib64/cryptsetup/libcryptsetup-token-clevis.so
# Output: No such file or directory


    Questions:
    1. Is there a specific USE flag or dependency I am missing for sys-fs/cryptsetup to build the Clevis token library?
    2. How can I ensure that Cryptsetup recognizes Clevis and builds the necessary token support?
    3. Are there additional steps required to link Clevis with Cryptsetup on Gentoo?
Back to top
View user's profile Send private message
nox23
n00b
n00b


Joined: 15 Jul 2012
Posts: 37

PostPosted: Thu Nov 21, 2024 10:30 am    Post subject: Reply with quote

It maybe not be the way you want it to work.
I tried using clevis too, but don't manage to get it working and found it complicated and cumbersome.
I've used the systemd utility, systemd-cryptenroll and all went smoothly.
have a look at :
https://manpages.debian.org/experimental/systemd/systemd-cryptenroll.1.en.html
and
https://wiki.archlinux.org/title/Systemd-cryptenroll

i've used dracut to generate the initramfs and enable the tpm use flag :
Code:
euse -E tpm
emerge -uav1 sys-apps/systemd


Hope it helps :wink:
Back to top
View user's profile Send private message
Zitan
n00b
n00b


Joined: 16 Jun 2007
Posts: 74

PostPosted: Fri Nov 22, 2024 6:20 pm    Post subject: Reply with quote

I admit I couldn't find a solution, and out of desperation I performed the installation again. I copied the previously saved commands. This time I managed to log in to the system using Clevis without any problems. Unfortunately, I have no idea what the problem was. Anyway, thank you for trying to help.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum