From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 2 Mar 2026 03:40:40 +0000 (+0900)
Subject: cryptsetup: fix 'tpm2-primary-alg' information in 'cryptsetup luksDump' (#40872)
X-Git-Tag: v260-rc2~50
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7de42b787dd51ae918fb58d593a36d8f03fb3592;p=thirdparty%2Fsystemd.git

cryptsetup: fix 'tpm2-primary-alg' information in 'cryptsetup luksDump' (#40872)

It was noticed that cryptsetup luksDump outputs

  tpm2-primary-alg: ecc

regardless of the actual primary key type. Namely, in the situation when
RSA SRK is passed to 'systemd-cryptenroll', the output is incorrect and
misleading. Turns out 'tpm2-primary-alg' is not currently used for
unsealing as 'tpm2_srk' object has it in its properties but the
misleading information problem stays.

Fix the issue with a two-fold fix:
- Put the SRK primary alg type to the JSON token so 'cryptsetup
luksDump' has a chance to actually print the right information without
the need to inspect SRK.
- Avoid printing 'tpm2-primary-alg' when it is unset in the JSON as the
default 'ECC' may not match the reality.

No real functional change for the sealing/unsealing expected.
---

7de42b787dd51ae918fb58d593a36d8f03fb3592