Im trying to get a LUKS volume unlocked by the TPM-module on a Dell Optiplex 3060. The binding seems to work fine:
clevis luks bind -d /dev/nvme0n1p3 tpm2 '{"pcr_ids":"7"}'
$ luksmeta show -d /dev/nvme0n1p3
0 active empty
1 active cb6e8904-81ff-40da-a84a-07ab9ab5715e
2 inactive empty
(...)
I got this to work with an Oracle Linux 7.6 instance on the same machine, but with CentOS-8 the systems stops during boot at Reached target Basic System.
I figured out, that it's related with clevis-dracut respectively with the clevis kernel module. When I deactivate the module with dracut -fv --regenerate-all -o "clevis" (via Rescure-boot) the system boots again, but, of course, the encrypted volume gets not unlocked.
I can't get anything useful for me out of journalctl, that's why I'm stuck at this point.
So my questions are how I can get the system to boot with the clevis module enabled respectively how I can find the information I need to solve the stop while booting.
