feat(crypt): check if tpm2-tss module is needed in hostonly mode

In hostonly mode, include the tpm2-tss module if any encrypted volumes
are configured to be decrypted using the TPM2 device.

diff --git a/modules.d/90crypt/module-setup.sh b/modules.d/90crypt/module-setup.sh
index acb9cf8344285563835aaacc59628ddd33eb6cbc..639d9cdddc77a6fe378eb34f9d4aac5b91cccb88 100755 (executable)
--- a/modules.d/90crypt/module-setup.sh
+++ b/modules.d/90crypt/module-setup.sh
@@ -18,7 +18,14 @@ check() {
 
 # called by dracut
 depends() {
-    echo dm rootfs-block
+    local deps
+    deps="dm rootfs-block"
+    if [[ $hostonly && -f "$dracutsysrootdir"/etc/crypttab ]]; then
+        if grep -q "tpm2-device=" "$dracutsysrootdir"/etc/crypttab; then
+            deps+=" tpm2-tss"
+        fi
+    fi
+    echo "$deps"
     return 0
 }