clevis-luks-udisks2 fails to unlock removable disk #538
Description
Hi. I'm trying to set up my removable LUKS2-encrypted disk to unlock automatically, but can't seem to get it to work. I'm not entirely sure this is a bug, but I don't know how to further diagnose this. I've used clevis luks bind -s <dev> tpm2 '{}' to enroll (I've also tried with pcr_ids but I figured the blank cfg would have less possibilities of going wrong). When plugging in my drive, I see the following logs:
dec 04 15:49:41 framework-laptop-13 clevis-luks-udisks2.desktop[2236]: /dev/sdc1 TOKN 0 clevis
dec 04 15:49:41 framework-laptop-13 clevis-luks-udisks2.desktop[2236]: /dev/sdc1 META Success
dec 04 15:49:42 framework-laptop-13 clevis-luks-udisks2.desktop[35496]: Error: Error decrypting JWE
dec 04 15:49:42 framework-laptop-13 clevis-luks-udisks2.desktop[35496]: Caused by:
dec 04 15:49:42 framework-laptop-13 clevis-luks-udisks2.desktop[35496]: 0: Invalid JWE format: Encoded text cannot have a 6-bit remainder.
dec 04 15:49:42 framework-laptop-13 clevis-luks-udisks2.desktop[35496]: 1: Encoded text cannot have a 6-bit remainder.
dec 04 15:49:42 framework-laptop-13 clevis-luks-udisks2.desktop[2236]: /dev/sdc1 RCVR Success (0)
I also see an audit line with msg='op=recovered-key-for uuid=777fb95c-f30b-4a9a-ba7c-44a7e79953dc device="/dev/sdc1" exe="/usr/libexec/clevis-luks-udisks2" hostname=? addr=? terminal=? res=failed'
This is the first time I'm trying clevis so I'm not sure how this is supposed to work. Is there anything I can do to further debug this?