return log_error_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 PIN unlock failed, falling back to traditional unlocking.");
if (ERRNO_IS_NOT_SUPPORTED(r)) /* TPM2 support not compiled in? */
return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 support not available, falling back to traditional unlocking.");
- if (r != -EAGAIN) /* EAGAIN means: no tpm2 chip found */
- return r;
+ /* EAGAIN means: no tpm2 chip found */
+ if (r != -EAGAIN) {
+ log_notice_errno(r, "TPM2 operation failed, falling back to traditional unlocking: %m");
+ return -EAGAIN; /* Mangle error code: let's make any form of TPM2 failure non-fatal. */
+ }
} else {
- r = attach_luks2_by_tpm2(cd, name, flags);
+ r = attach_luks2_by_tpm2_via_plugin(cd, name, flags);
/* EAGAIN means: no tpm2 chip found
* EOPNOTSUPP means: no libcryptsetup plugins support */
if (r == -ENXIO)
if (r == -ENOENT)
return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN),
"No TPM2 metadata enrolled in LUKS2 header or TPM2 support not available, falling back to traditional unlocking.");
- if (!IN_SET(r, -EOPNOTSUPP, -EAGAIN))
- return r;
+ if (!IN_SET(r, -EOPNOTSUPP, -EAGAIN)) {
+ log_notice_errno(r, "TPM2 operation failed, falling back to traditional unlocking: %m");
+ return -EAGAIN; /* Mangle error code: let's make any form of TPM2 failure non-fatal. */
+ }
}
- if (r == -EOPNOTSUPP) {
+ if (r == -EOPNOTSUPP) { /* Plugin not available, let's process TPM2 stuff right here instead */
_cleanup_free_ void *blob = NULL, *policy_hash = NULL;
size_t blob_size, policy_hash_size;
bool found_some = false;