Revert tpm2

valtzu · Feb 8, 2025 · 5557e41 · 5557e41
1 parent f1eab17
commit 5557e41
Show file tree

Hide file tree

Showing 7 changed files with 7 additions and 16 deletions.
diff --git a/config.txt b/config.txt
@@ -7,13 +7,11 @@ disable_overscan=1
 device_tree_address=0x1f0000
 device_tree_end=0x200000
 dtparam=sd_poll_once
-dtparam=spi=on
 dtparam=audio=off
 dtparam=hdmi=off
 dtparam=watchdog=on
 dtoverlay=disable-bt
 dtoverlay=disable-wifi
-dtoverlay=tpm-slb9670
 dtoverlay=upstream-pi4
 disable_splash=1
 boot_delay=0

diff --git a/curl.txt b/curl.txt
@@ -21,9 +21,6 @@ expand-output="{{fw_dir}}/overlays/disable-wifi.dtbo"
 expand-url="{{fw_base_url}}/boot/overlays/disable-bt.dtbo"
 expand-output="{{fw_dir}}/overlays/disable-bt.dtbo"
 
-expand-url="{{fw_base_url}}/boot/overlays/tpm-slb9670.dtbo"
-expand-output="{{fw_dir}}/overlays/tpm-slb9670.dtbo"
-
 url="https://github.com/pftf/RPi4/releases/download/v1.37/RPi4_UEFI_Firmware_v1.37.zip"
 expand-output="{{dl_dir}}/rpi_uefi.zip"
 

diff --git a/mkosi.conf b/mkosi.conf
@@ -32,7 +32,7 @@ QemuMem=4G
 KernelCommandLineExtra=
 	# slow cross-arch emulation requires increased timeouts
 	systemd.default_device_timeout_sec=180
-QemuSwtpm=yes
+QemuSwtpm=no # Raspberry Pi has no TPM either
 Ephemeral=yes
 [Validation]
 Checksum=no
diff --git a/mkosi.images/initrd/mkosi.extra/etc/systemd/system/systemd-repart.service.d/modules.conf b/mkosi.images/initrd/mkosi.extra/etc/systemd/system/systemd-repart.service.d/modules.conf
diff --git a/mkosi.images/rootfs/mkosi.conf b/mkosi.images/rootfs/mkosi.conf
@@ -52,7 +52,6 @@ Packages=
     systemd-sysv
     systemd-timesyncd
     tar
-    tpm2-tools
     tree
     udev
     util-linux

diff --git a/mkosi.images/rootfs/mkosi.extra/usr/lib/repart.d/30-root.conf b/mkosi.images/rootfs/mkosi.extra/usr/lib/repart.d/30-root.conf
@@ -6,4 +6,7 @@ MakeDirectories=/efi
 MakeDirectories=/usr
 FactoryReset=yes
 CopyFiles=/usr/share/factory:/
-Encrypt=tpm2
+Encrypt=key-file
+
+# This only has an effect if encryption is done build-time
+#EncryptedVolume=root::cipher=xchacha20,aes-adiantum-plain64
diff --git a/mkosi.profiles/disk/mkosi.conf b/mkosi.profiles/disk/mkosi.conf
@@ -38,7 +38,6 @@ KernelModulesInitrdInclude=
     /bcm2835-rng.ko
     /bcm2835_wdt.ko
     /bcm2711_thermal.ko
-    /tpm_tis_spi.ko
     /vc4.ko
     /v3d.ko
     /dwc2.ko
@@ -61,7 +60,8 @@ KernelCommandLine=
 	console=ttyAMA0
 	ipv6.disable=1
 	fstab=no
-	systemd.tpm2_wait=1
+	#luks.crypttab=no
+	#luks.options=headless\,cipher=xchacha20\,aes-adiantum-plain64 # Does not work because cipher is harcoded in repart.c
 	mount.usrflags=noatime,ro
 	systemd.swap=no
 	rw