I’ve got two of these units happy installed with IncusOS but another two units fail install with:
systemd-cryptsetup[238]: Failed to unseal secret using TPM2: state not recoverable
and
times out waiting for dev-gpt\x2droot.device - //dev/gpt-auto-root
I’ve tried resetting the TPM on these systems, upgrading BIOS, resetting everything to defaults without luck. I can pxe install Alpine on them without issue when secure boot is disabled but I can’t seem to get an incusOS install on them.
I get that TPM is important for LUKS roots but for homelab type stuff where I’m just wanting an API driven private cloud to point terraform at, it doesn’t need to be as secure and I would love to be able to disable secure boot and TPM and just fly at it.
Look at the advanced section when downloading an image, you can get an image with a software TPM for systems without a TPM 2.0 module. In your case, you’ll need to turn off the hardware TPM in the BIOS.
I grabbed my TLS off my cluster and generated a USB key. I forgot to disable the TPM hardware and it booted up to the curses screen and told me it was detected and couldn’t continue. I disabled the TPM in BIOS and tried again and at the ‘booting incus’ banner, it mentioned that it was falling back and hung there for a while and then dumped debug that it had failed with systemd-cryptsetup
Really strange….. I made a new USB key with a download from a couple weeks ago and it works. I suspect that the file I used for the stick had was asserting nvme. Not sure but either way, my difficult systems are almost up now.
Running into another issue where they are complaining “failed to read efi variable dbx” and going to try generating a new usb image.
I’m going to blame operator error. I have all four nodes up now with a newly downloaded and burned USB. no idea what I did wrong but going back to making a new image helped.
