rootfs encryption issue on advanced PG2 device

[rakeshk7097]

Hi all,

I am trying to encrypt the rootfs partition on PG2 advanced device with adding below line in cip-core/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook.bb as mentioned in doc isar-cip-core

CRYPT_PARTITIONS ??= "${ABROOTFS_PART_UUID_A}::reencrypt ${ABROOTFS_PART_UUID_B}::reencrypt"

But it's not working and getting below error while booting the board.

Begin: Mounting root file system ... Begin: Running /scripts/local-top ... ERROR:tcti:src/tss2-tcti/tcti-device.c:452:Tss2_Tcti_Device_Init() Fai ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: device ERROR:tcti:src/tss2-tcti/tctildr.c:428:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI ERROR: Could not load tcti, got: "device:/dev/tpm*" No tpm device exists or supports pcr_hash 'sha256' or 'ecc' - cannot create a encrypted device!

I am using the cip-core commit 6c24d487e3df0107756487e8a0dfd0a880644b02 and isar commit d2d3b3e94874d62d48c0cafb99d.

Please give any suggestions on this.

thanks!

[sbobade]

with same setup we have now Secure Boot working well https://github.com/siemens/meta-iot2050/issues/542 along with encryption for default partitions i. /var and ii /home works well. only issue we are seeing with now rootfs partition encryption.