attempt wipe if tpm2 slot already found so re-enroll can occur

ublue-os · Nov 2, 2024 · c1a92f0 · c1a92f0
1 parent 8d3c9ac
commit c1a92f0
Showing 1 changed file with 2 additions and 3 deletions.
diff --git a/build/ublue-os-luks/luks-enable-tpm2-autounlock b/build/ublue-os-luks/luks-enable-tpm2-autounlock
@@ -68,9 +68,8 @@ fi
 if cryptsetup luksDump "$CRYPT_DISK" | grep systemd-tpm2 > /dev/null; then
   KEYSLOT=$(cryptsetup luksDump "$CRYPT_DISK"|grep -A29 systemd-tpm2|grep Keyslot|awk '{print $2}')
   echo "TPM2 already present in LUKS Keyslot $KEYSLOT of $CRYPT_DISK."
-  echo "Remove the existing TPM2 enrollment before trying again."
-  echo "Exiting..."
-  [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1
+  echo "Wiping systemd-tpm2 from LUKS Keyslot $KEYSLOT of $CRYPT_DISK."
+  systemd-cryptenroll --wipe-slot=$KEYSLOT "$CRYPT_DISK"
 fi
 
 ## Run crypt enroll