You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I can not get past the need to enter the recovery PIN on boot though I have been following instructions on the Aeon wiki Encryption and Advanced Incryption pages to be best of my ability, Additionally, attempting to re-enroll TPM2 caused a boot-up problem. I got the error below and needed to add the command measure-pcr-validator.ignore=yes to the boot string in order to boot. It may be related to this issue: #15
ERROR: the validation of PCR 15 failed
ERROR: Missing measure-pcr-prediction file
Use 'measure-pcr-validator.ignore=yes' in cmdline to bypass the check.
In any case when I try to re-enroll tpm2, this is what happens (from my imperfect notes, so I hope nothing it too far off):
Confirmed the existence of tpm2 in slot 2 of my drive with systemd-cryptenroll.
Unenrolled with sdbootutil unenroll --method=tpm2
dracut-install: ERROR: installing 'grub2-editenv'
dracut[E]: FAILED: /usr/lib/dracut/dracut-install -D /var/tmp dracut.dsYCoPT/initramfs -a date btrfs awk grub2-editenv
Wiped slot 2.
Confirmed the removal of slot 2 with systemd-cryptenroll.
Re-enrolled the slot with sdbootutil enroll --method=tpm2.
dracut-install: ERROR: installing 'grub2-editenv'
dracut[E]: FAILED: /usr/lib/dracut/dracut-install -D /var/tmp/dracut.dbsAOAh/initramfs -a date btrfs awk grub2-editenv
Fri Jan 23 17:26:32 2026 <3> Btrfs.cc(evalConfigInfo):115 qgroup '1/0' does not exist
Garbage after device path end, ignoring.
Garbage after device path end, ignoring.
Garbage after device path end, ignoring.
Garbage after device path end, ignoring.
Recovery PIN: ####removed####
...
NVIndex policy created
WARNING: Volume key cannot be extracted. Dropping PCR 15
WARNING: File measure-pcr-prediction should be updated
WARNING: Call sdbootutil update-predictions --measure-pcr
Please enter current passphrase for disk /dev/nvme0n1p2: (press TAB for no echo)
Update predictions??? with sdbootutil update-predictions --measure-pcr.
Fri Jan 23 17:31:19 2026 <3> Btrfs.cc(evalConfigInfo):115 qgroup '1/0' does not exist
Garbage after device path end, ignoring.
Garbage after device path end, ignoring.
Garbage after device path end, ignoring.
Garbage after device path end, ignoring.
NVIndex policy created
Password for /dev/nvme0n1p2:
WARNING: Volume key cannot be extracted. Dropping PCR 15
WARNING: File measure-pcr-prediction should be updated
WARNING: Call sdbootutil update-predictions --measure-pcr
This doesn't seem to be working as it should. Do you have any ideas on how to get a regular boot-up with no need to enter my recovery PIN?
As you might have guessed, I'm a novice and I don't have the time at this stage in my life to really learn something inside and out, but I'm not afraid to try things, and I do keep a backup!
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
I can not get past the need to enter the recovery PIN on boot though I have been following instructions on the Aeon wiki Encryption and Advanced Incryption pages to be best of my ability, Additionally, attempting to re-enroll TPM2 caused a boot-up problem. I got the error below and needed to add the command
measure-pcr-validator.ignore=yesto the boot string in order to boot. It may be related to this issue: #15In any case when I try to re-enroll tpm2, this is what happens (from my imperfect notes, so I hope nothing it too far off):
systemd-cryptenroll.systemd-cryptenroll.sdbootutil enroll --method=tpm2.sdbootutil update-predictions --measure-pcr.This doesn't seem to be working as it should. Do you have any ideas on how to get a regular boot-up with no need to enter my recovery PIN?
As you might have guessed, I'm a novice and I don't have the time at this stage in my life to really learn something inside and out, but I'm not afraid to try things, and I do keep a backup!
Thanks in advance.
Beta Was this translation helpful? Give feedback.
All reactions