| 4 Oct 2024 |
 mjm | i'm putting it in /etc/credstore.encrypted/bcachefs-sysroot-persist with boot.initrd.systemd.contents | 02:28:37 |
 ElvishJerricco | mjm: the file needs a .mount suffix | 02:29:04 |
| ElvishJerricco | (I should maybe not do that...) | 02:29:11 |
| mjm | oh you're right, i see | 02:30:06 |
| mjm | ElvishJerricco: it's failing pretty catastrophically, and I can't really tell why. emergency mode says my root account is locked, do you know what i can do to make it work? | 02:41:11 |
| ElvishJerricco | mjm: boot.initrd.systemd.emergencyAccess. You can set it to a hashed password or true for no password. Or you can add rd.systemd.debug_shell to the kernel params to get a shell on tty9 | 02:42:07 |
| mjm | oh i might have found it | 02:42:07 |
| mjm | thanks, yeah i literally just found the option :) | 02:42:25 |
| mjm | just gonna set it to true for now while figuring this out | 02:42:58 |
| mjm | I’m dumb, need to regenerate the credential with the right name, with the .mount suffix | 02:47:51 |
| ElvishJerricco | oh, I completely forgot the name is important when generating these things | 02:48:17 |
| ElvishJerricco | that's slightly frustrating but I totally get why they do it, and it makes perfect sense | 02:48:32 |
| mjm | yeah so did i | 02:48:31 |
| mjm | it works! | 02:53:50 |
| mjm | automatic unlock, no clevis | 02:53:56 |
| ElvishJerricco | fantastic! | 02:54:49 |
| ElvishJerricco | Did it need the after = ["tpm2.target"]; thing? | 02:55:01 |
| mjm | i'll need to test without it | 02:55:22 |
| mjm | which i'll do shortly | 02:55:36 |
| ElvishJerricco | cool, thanks for test :) | 02:55:49 |
| ElvishJerricco | * cool, thanks for testing :) | 02:56:24 |
| mjm | yeah np | 02:56:51 |
| mjm | i think there may be something else weird here with impermanence, it makes this create-needed-for-boot-dirs service in initrd that is failing, not sure why yet. it's possible it was failing before though, since it doesn't seem to be blocking boot | 02:58:09 |
| ElvishJerricco | hm, yea I can't imagine why this would have any effect on that | 02:59:10 |
| ElvishJerricco | if clevis didn't | 02:59:14 |
| mjm | true | 03:00:13 |
| mjm | okay after = ["tpm2.target"] does not appear to be necessary | 03:03:00 |
| mjm | works fine without it | 03:03:05 |
| ElvishJerricco | interesting | 03:03:06 |
| ElvishJerricco | I wonder if systemd is actually making sure to wait for the TPM or if you're just winning the race | 03:03:21 |
