> I do not believe that the suggested approach is good enough. If the root
> disk has been encrypted already and we accidentally deleted the TPM
> device, installation should fail otherwise the machine becomes
> unbootable.
>
> The only time a missing TPM is non-fatal is when the root device is not
> yet encrypted. It would be best if nullboot could check if the device is
> indeed encrypted, and if not, set a flag to make missing TPM non-fatal.
@Chris Coulson how would you do that? Maybe checking "cryptsetup
status" on the rootfs device is good enough?
> I think the boot variables should still be update-able, too?
> I do not believe that the suggested approach is good enough. If the root
> disk has been encrypted already and we accidentally deleted the TPM
> device, installation should fail otherwise the machine becomes
> unbootable.
>
> The only time a missing TPM is non-fatal is when the root device is not
> yet encrypted. It would be best if nullboot could check if the device is
> indeed encrypted, and if not, set a flag to make missing TPM non-fatal.
@Chris Coulson how would you do that? Maybe checking "cryptsetup
status" on the rootfs device is good enough?
> I think the boot variables should still be update-able, too?
Indeed.