Releases: oldium/clevis
Release version 21 + TPM 1.2, update 6
Packages for Clevis v21 with TPM 1.2 implementation
New and Noteworthy:
- Fixed early startup to allow unlocking also swap devices.
- Allows unlocking with separate
/varvolume, seeman clevis-encrypt-tpm1. - Fixed running under Debian Trixie.
- Fedora-based distributions RPM has been synced with latest Rawhide RPM, so there are new packages
clevis-pin-tpm1andclevis-pin-pkcs11. Check installation instructions. - The RPM now contains a unique Vendor name (oldium), so the sticky-vendor flag can be used to prevent unwanted Clevis updates.
Debian
Debian Installation Instructions
Version pinning
Version pinning instructions
The package installation is controlled by their priority. To fix clevis packages to tpm1 version, create a file /etc/apt/preferences.d/clevis-pin with the following content:
/etc/apt/preferences.d/clevis-pin:
Package: clevis*
Pin: version *tpm1*
Pin-Priority: 1001
Debian 12 (bookworm)
Download all DEBs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u6 | jq -r '.assets[].browser_download_url | select(test("deb12|orig"))' | wget -ci-Installation of the typical Dracut version with:
sudo apt install ./clevis-dracut_21-1+tpm1u6+deb12_amd64.deb ./clevis-systemd_21-1+tpm1u6+deb12_amd64.deb ./clevis-tpm1_21-1+tpm1u6+deb12_amd64.deb ./clevis-luks_21-1+tpm1u6+deb12_amd64.deb ./clevis_21-1+tpm1u6+deb12_amd64.debInstallation of the typical initramfs-tools version:
sudo apt install ./clevis-initramfs_21-1+tpm1u6+deb12_amd64.deb ./clevis-systemd_21-1+tpm1u6+deb12_amd64.deb ./clevis-tpm1_21-1+tpm1u6+deb12_amd64.deb ./clevis-luks_21-1+tpm1u6+deb12_amd64.deb ./clevis_21-1+tpm1u6+deb12_amd64.debDebian 11 (bullseye)
Download all DEBs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u6 | jq -r '.assets[].browser_download_url | select(test("deb11|orig"))' | wget -ci-Installation of the typical Dracut version with:
sudo apt install ./clevis-dracut_21-1+tpm1u6+deb11_amd64.deb ./clevis-systemd_21-1+tpm1u6+deb11_amd64.deb ./clevis-tpm1_21-1+tpm1u6+deb11_amd64.deb ./clevis-luks_21-1+tpm1u6+deb11_amd64.deb ./clevis_21-1+tpm1u6+deb11_amd64.debInstallation of the typical initramfs-tools version:
sudo apt install ./clevis-initramfs_21-1+tpm1u6+deb11_amd64.deb ./clevis-systemd_21-1+tpm1u6+deb11_amd64.deb ./clevis-tpm1_21-1+tpm1u6+deb11_amd64.deb ./clevis-luks_21-1+tpm1u6+deb11_amd64.deb ./clevis_21-1+tpm1u6+deb11_amd64.debUbuntu
Ubuntu Installation Instructions
Version pinning
Version pinning instructions
The package installation is controlled by their priority. To fix clevis packages to tpm1 version, create a file /etc/apt/preferences.d/clevis-pin with the following content:
/etc/apt/preferences.d/clevis-pin:
Package: clevis*
Pin: version *tpm1*
Pin-Priority: 1001
Ubuntu 24.10 (Oracular Oriole)
Download all DEBs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u6 | jq -r '.assets[].browser_download_url | select(test("ubuntu24.10|orig"))' | wget -ci-Installation of the typical Dracut version with:
sudo apt install ./clevis-dracut_21-1+tpm1u6+ubuntu24.10_amd64.deb ./clevis-systemd_21-1+tpm1u6+ubuntu24.10_amd64.deb ./clevis-tpm1_21-1+tpm1u6+ubuntu24.10_amd64.deb ./clevis-luks_21-1+tpm1u6+ubuntu24.10_amd64.deb ./clevis_21-1+tpm1u6+ubuntu24.10_amd64.debInstallation of the typical initramfs-tools version:
sudo apt install ./clevis-initramfs_21-1+tpm1u6+ubuntu24.10_amd64.deb ./clevis-systemd_21-1+tpm1u6+ubuntu24.10_amd64.deb ./clevis-tpm1_21-1+tpm1u6+ubuntu24.10_amd64.deb ./clevis-luks_21-1+tpm1u6+ubuntu24.10_amd64.deb ./clevis_21-1+tpm1u6+ubuntu24.10_amd64.debUbuntu 24.04 (Noble Numbat)
Download all DEBs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u6 | jq -r '.assets[].browser_download_url | select(test("ubuntu24.04|orig"))' | wget -ci-Installation of the typical Dracut version with:
sudo apt install ./clevis-dracut_21-1+tpm1u6+ubuntu24.04_amd64.deb ./clevis-systemd_21-1+tpm1u6+ubuntu24.04_amd64.deb ./clevis-tpm1_21-1+tpm1u6+ubuntu24.04_amd64.deb ./clevis-luks_21-1+tpm1u6+ubuntu24.04_amd64.deb ./clevis_21-1+tpm1u6+ubuntu24.04_amd64.debInstallation of the typical initramfs-tools version:
sudo apt install ./clevis-initramfs_21-1+tpm1u6+ubuntu24.04_amd64.deb ./clevis-systemd_21-1+tpm1u6+ubuntu24.04_amd64.deb ./clevis-tpm1_21-1+tpm1u6+ubuntu24.04_amd64.deb ./clevis-luks_21-1+tpm1u6+ubuntu24.04_amd64.deb ./clevis_21-1+tpm1u6+ubuntu24.04_amd64.debFedora
Fedora Installation Instructions
Version lock for DNF4
Version lock for DNF4 instructions
The versionlock plugin is used to prevent upgrades to normal clevis version.
sudo dnf install 'dnf-command(versionlock)'
sudo dnf versionlock add --raw "clevis-*.tpm1*"
sudo dnf versionlock add --raw "clevis-pin-tpm2"Sticky vendors for DNF5
Sticky vendors for DNF5 instructions
The versionlock plugin is built-in in DNF5, but configuration does not allow the same flexibility as in DNF4 case. The RPM contains a unique Vendor (oldium), so the sticky-vendor feature can be used to prevent unwanted Clevis updates. The following change to the /etc/dnf/dnf.conf file is necessary:
/etc/dnf/dnf.conf:
[main]
allow_vendor_change = no
Fedora 42 (Rawhide)
Download all RPMs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u6 | jq -r '.assets[].browser_download_url | select(test("fc42"))' | wget -ci-Typical installation:
sudo dnf install clevis-pin-tpm2 ./clevis-21-1.tpm1u6.fc42.x86_64.rpm ./clevis-dracut-21-1.tpm1u6.fc42.x86_64.rpm ./clevis-pin-tpm1-21-1.tpm1u6.fc42.x86_64.rpm ./clevis-luks-21-1.tpm1u6.fc42.x86_64.rpm ./clevis-systemd-21-1.tpm1u6.fc42.x86_64.rpmFor upgrades you can omit clevis-pin-tpm2 as it is already installed.
Fedora 41
Download all RPMs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u6 | jq -r '.assets[].browser_download_url | select(test("fc41"))' | wget -ci-Typical installation:
sudo dnf install clevis-pin-tpm2 ./clevis-21-1.tpm1u6.fc41.x86_64.rpm ./clevis-dracut-21-1.tpm1u6.fc41.x86_64.rpm ./clevis-pin-tpm1-21-1.tpm1u6.fc41.x86_64.rpm ./clevis-luks-21-1.tpm1u6.fc41.x86_64.rpm ./clevis-systemd-21-1.tpm1u6.fc41.x86_64.rpmFor upgrades you can omit clevis-pin-tpm2 as it is already installed.
Fedora 40
Download all RPMs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u6 | jq -r '.assets[].browser_download_url | select(test("fc40"))' | wget -ci-Typical installation:
sudo dnf install clevis-pin-tpm2 ./clevis-21-1.tpm1u6.fc40.x86_64.rpm ./clevis-dracut-21-1.tpm1u6.fc40.x86_64.rpm ./clevis-pin-tpm1-21-1.tpm1u6.fc40.x86_64.rpm ./clevis-luks-21-1.tpm1u6.fc40.x86_64.rpm ./clevis-systemd-21-1.tpm1u6.fc40.x86_64.rpmFor upgrades you can omit clevis-pin-tpm2 as it is already installed.
Fedora 39
Download all RPMs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u6 | jq -r '.assets[].browser_download_url | select(test("fc39"))' | wget -ci-Typical installation:
sudo dnf install clevis-pin-tpm2 ./clevis-21-1.tpm1u6.fc39.x86_64.rpm ./clevis-dracut-21-1.tpm1u6.fc39.x86_64.rpm ./clevis-pin-tpm1-21-1.tpm1u6.fc39.x86_64.rpm ./clevis-luks-21-1.tpm1u6.fc39.x86_64.rpm ./clevis-systemd-21-1.tpm1u6.fc39.x86_64.rpmFor upgrades you can omit clevis-pin-tpm2 as it is already installed.
CentOS Stream
CentOS Stream Installation Instructions
📝 Note: Installation of Trousers and tpm-tools requires EPEL repository.
Version lock for DNF4
Version lock for DNF4 instructions
The versionlock plugin is used to prevent upgrades to normal clevis version.
sudo dnf install 'dnf-command(versionlock)'
sudo dnf versionlock add --raw "clevis-*.tpm1*"
sudo dnf versionlock add --raw "clevis-pin-tpm2"CentOS Stream 9
Download all RPMs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u6 | jq -r '.assets[].browser_download_url | select(test("el9"))' | wget -ci-Typical installation:
sudo dnf install clevis-pin-tpm2 ./clevis-21-1.tpm1u6.el9.x86_64.rpm ./clevis-dracut-21-1.tpm1u6.el9.x86_64.rpm ./clevis-pin-tpm1-21-1.tpm1u6.el9.x86_64.rpm ./clevis-luks-21-1.tpm1u6.el9.x86_64.rpm ./clevis-systemd-21-1.tpm1u6.el9.x86_64.rpmFor upgrades you can omit clevis-pin-tpm2 as it is already installed.
Full Changelog: v21...v21_tpm1u6
Release version 21 + TPM 1.2, update 5
Debian and Fedora packages for Clevis v21 with TPM 1.2 implementation
Debian
Debian Installation Instructions
Debian 12 (bookworm)
Download all DEBs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u5 | jq -r '.assets[].browser_download_url | select(test("deb12|orig"))' | wget -ci-Installation of the typical Dracut version with:
sudo apt install ./clevis-dracut_21-1+tpm1u5+deb12_amd64.deb ./clevis-systemd_21-1+tpm1u5+deb12_amd64.deb ./clevis-tpm1_21-1+tpm1u5+deb12_amd64.deb ./clevis-luks_21-1+tpm1u5+deb12_amd64.deb ./clevis_21-1+tpm1u5+deb12_amd64.debInstallation of the typical initramfs-tools version:
sudo apt install ./clevis-initramfs_21-1+tpm1u5+deb12_amd64.deb ./clevis-systemd_21-1+tpm1u5+deb12_amd64.deb ./clevis-tpm1_21-1+tpm1u5+deb12_amd64.deb ./clevis-luks_21-1+tpm1u5+deb12_amd64.deb ./clevis_21-1+tpm1u5+deb12_amd64.debDebian 11 (bullseye)
Download all DEBs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u5 | jq -r '.assets[].browser_download_url | select(test("deb11|orig"))' | wget -ci-Installation of the typical Dracut version with:
sudo apt install ./clevis-dracut_21-1+tpm1u5+deb11_amd64.deb ./clevis-systemd_21-1+tpm1u5+deb11_amd64.deb ./clevis-tpm1_21-1+tpm1u5+deb11_amd64.deb ./clevis-luks_21-1+tpm1u5+deb11_amd64.deb ./clevis_21-1+tpm1u5+deb11_amd64.debInstallation of the typical initramfs-tools version:
sudo apt install ./clevis-initramfs_21-1+tpm1u5+deb11_amd64.deb ./clevis-systemd_21-1+tpm1u5+deb11_amd64.deb ./clevis-tpm1_21-1+tpm1u5+deb11_amd64.deb ./clevis-luks_21-1+tpm1u5+deb11_amd64.deb ./clevis_21-1+tpm1u5+deb11_amd64.debUbuntu
Ubuntu Installation Instructions
Ubuntu 24.10 (Oracular Oriole)
Download all DEBs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u5 | jq -r '.assets[].browser_download_url | select(test("ubuntu24.10|orig"))' | wget -ci-Installation of the typical Dracut version with:
sudo apt install ./clevis-dracut_21-1+tpm1u5+ubuntu24.10_amd64.deb ./clevis-systemd_21-1+tpm1u5+ubuntu24.10_amd64.deb ./clevis-tpm1_21-1+tpm1u5+ubuntu24.10_amd64.deb ./clevis-luks_21-1+tpm1u5+ubuntu24.10_amd64.deb ./clevis_21-1+tpm1u5+ubuntu24.10_amd64.debInstallation of the typical initramfs-tools version:
sudo apt install ./clevis-initramfs_21-1+tpm1u5+ubuntu24.10_amd64.deb ./clevis-systemd_21-1+tpm1u5+ubuntu24.10_amd64.deb ./clevis-tpm1_21-1+tpm1u5+ubuntu24.10_amd64.deb ./clevis-luks_21-1+tpm1u5+ubuntu24.10_amd64.deb ./clevis_21-1+tpm1u5+ubuntu24.10_amd64.debUbuntu 24.04 (Noble Numbat)
Download all DEBs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u5 | jq -r '.assets[].browser_download_url | select(test("ubuntu24.04|orig"))' | wget -ci-Installation of the typical Dracut version with:
sudo apt install ./clevis-dracut_21-1+tpm1u5+ubuntu24.04_amd64.deb ./clevis-systemd_21-1+tpm1u5+ubuntu24.04_amd64.deb ./clevis-tpm1_21-1+tpm1u5+ubuntu24.04_amd64.deb ./clevis-luks_21-1+tpm1u5+ubuntu24.04_amd64.deb ./clevis_21-1+tpm1u5+ubuntu24.04_amd64.debInstallation of the typical initramfs-tools version:
sudo apt install ./clevis-initramfs_21-1+tpm1u5+ubuntu24.04_amd64.deb ./clevis-systemd_21-1+tpm1u5+ubuntu24.04_amd64.deb ./clevis-tpm1_21-1+tpm1u5+ubuntu24.04_amd64.deb ./clevis-luks_21-1+tpm1u5+ubuntu24.04_amd64.deb ./clevis_21-1+tpm1u5+ubuntu24.04_amd64.debFedora
Fedora Installation Instructions
Version lock for DNF4
The versionlock plugin is used to prevent upgrades to normal clevis version.
sudo dnf install 'dnf-command(versionlock)'
sudo dnf versionlock add --raw "clevis-*.tpm1*"
sudo dnf versionlock add --raw "clevis-pin-tpm2"Version lock for DNF5
The versionlock plugin is built-in in DNF5 and needs a separate configuration in /etc/dnf/versionlock.toml (this one is not ideal, fixes to 21-1.tpm1 version, I need to find out a better way, like sticky vendors):
/etc/dnf/versionlock.toml
version = "1.0"
[[packages]]
name = "clevis"
[[packages.conditions]]
key = "evr"
comparator = ">="
value = "21-1.tpm1u1"
[[packages.conditions]]
key = "evr"
comparator = "<"
value = "21-2"
[[packages]]
name = "clevis-systemd"
[[packages.conditions]]
key = "evr"
comparator = ">="
value = "21-1.tpm1u1"
[[packages.conditions]]
key = "evr"
comparator = "<"
value = "21-2"
[[packages]]
name = "clevis-dracut"
[[packages.conditions]]
key = "evr"
comparator = ">="
value = "21-1.tpm1u1"
[[packages.conditions]]
key = "evr"
comparator = "<"
value = "21-2"
[[packages]]
name = "clevis-luks"
[[packages.conditions]]
key = "evr"
comparator = ">="
value = "21-1.tpm1u1"
[[packages.conditions]]
key = "evr"
comparator = "<"
value = "21-2"
[[packages]]
name = "clevis-pin-pkcs11"
[[packages.conditions]]
key = "evr"
comparator = ">="
value = "21-1.tpm1u1"
[[packages.conditions]]
key = "evr"
comparator = "<"
value = "21-2"Fedora 42 (Rawhide)
Download all RPMs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u5 | jq -r '.assets[].browser_download_url | select(test("fc42"))' | wget -ci-Typical installation:
sudo dnf install clevis-pin-tpm2 ./clevis-21-1.tpm1u5.fc42.x86_64.rpm ./clevis-dracut-21-1.tpm1u5.fc42.x86_64.rpm ./clevis-luks-21-1.tpm1u5.fc42.x86_64.rpm ./clevis-systemd-21-1.tpm1u5.fc42.x86_64.rpmFor upgrades you can omit clevis-pin-tpm2 as it is already installed.
Fedora 41
Download all RPMs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u5 | jq -r '.assets[].browser_download_url | select(test("fc41"))' | wget -ci-Typical installation:
sudo dnf install clevis-pin-tpm2 ./clevis-21-1.tpm1u5.fc41.x86_64.rpm ./clevis-dracut-21-1.tpm1u5.fc41.x86_64.rpm ./clevis-luks-21-1.tpm1u5.fc41.x86_64.rpm ./clevis-systemd-21-1.tpm1u5.fc41.x86_64.rpmFor upgrades you can omit clevis-pin-tpm2 as it is already installed.
Fedora 40
Download all RPMs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u5 | jq -r '.assets[].browser_download_url | select(test("fc40"))' | wget -ci-Typical installation:
sudo dnf install clevis-pin-tpm2 ./clevis-21-1.tpm1u5.fc40.x86_64.rpm ./clevis-dracut-21-1.tpm1u5.fc40.x86_64.rpm ./clevis-luks-21-1.tpm1u5.fc40.x86_64.rpm ./clevis-systemd-21-1.tpm1u5.fc40.x86_64.rpmFor upgrades you can omit clevis-pin-tpm2 as it is already installed.
Fedora 39
Download all RPMs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u5 | jq -r '.assets[].browser_download_url | select(test("fc39"))' | wget -ci-Typical installation:
sudo dnf install clevis-pin-tpm2 ./clevis-21-1.tpm1u5.fc39.x86_64.rpm ./clevis-dracut-21-1.tpm1u5.fc39.x86_64.rpm ./clevis-luks-21-1.tpm1u5.fc39.x86_64.rpm ./clevis-systemd-21-1.tpm1u5.fc39.x86_64.rpmFor upgrades you can omit clevis-pin-tpm2 as it is already installed.
Full Changelog: v21...v21_tpm1u5
Release version 21 + TPM 1.2, update 4
Debian and Fedora packages for Clevis v21 with TPM 1.2 implementation
Debian
Debian 12 (bookworm)
Download all DEBs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u4 | jq -r '.assets[].browser_download_url | select(test("deb12|orig"))' | wget -ci-Installation of the typical Dracut version with:
sudo apt install ./clevis-dracut_21-1+tpm1u4+deb12_amd64.deb ./clevis-systemd_21-1+tpm1u4+deb12_amd64.deb ./clevis-tpm1_21-1+tpm1u4+deb12_amd64.deb ./clevis-luks_21-1+tpm1u4+deb12_amd64.deb ./clevis_21-1+tpm1u4+deb12_amd64.debInstallation of the typical initramfs-tools version:
sudo apt install ./clevis-initramfs_21-1+tpm1u4+deb12_amd64.deb ./clevis-systemd_21-1+tpm1u4+deb12_amd64.deb ./clevis-tpm1_21-1+tpm1u4+deb12_amd64.deb ./clevis-luks_21-1+tpm1u4+deb12_amd64.deb ./clevis_21-1+tpm1u4+deb12_amd64.debDebian 11 (bullseye)
Download all DEBs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u4 | jq -r '.assets[].browser_download_url | select(test("deb11|orig"))' | wget -ci-Installation of the typical Dracut version with:
sudo apt install ./clevis-dracut_21-1+tpm1u4+deb11_amd64.deb ./clevis-systemd_21-1+tpm1u4+deb11_amd64.deb ./clevis-tpm1_21-1+tpm1u4+deb11_amd64.deb ./clevis-luks_21-1+tpm1u4+deb11_amd64.deb ./clevis_21-1+tpm1u4+deb11_amd64.debInstallation of the typical initramfs-tools version:
sudo apt install ./clevis-initramfs_21-1+tpm1u4+deb11_amd64.deb ./clevis-systemd_21-1+tpm1u4+deb11_amd64.deb ./clevis-tpm1_21-1+tpm1u4+deb11_amd64.deb ./clevis-luks_21-1+tpm1u4+deb11_amd64.deb ./clevis_21-1+tpm1u4+deb11_amd64.debFedora
Version lock
The versionlock plugin is used to prevent upgrades to normal clevis version. If you do not have it, just install it with sudo dnf install 'dnf-command(versionlock)'.
sudo dnf versionlock add --raw "clevis-*.tpm1*"
sudo dnf versionlock add --raw "clevis-pin-tpm2"Fedora 41
Download all RPMs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u4 | jq -r '.assets[].browser_download_url | select(test("fc41"))' | wget -ci-Typical installation:
sudo dnf install clevis-pin-tpm2 ./clevis-21-1.tpm1u4.fc40.x86_64.rpm ./clevis-dracut-21-1.tpm1u4.fc40.x86_64.rpm ./clevis-luks-21-1.tpm1u4.fc40.x86_64.rpm ./clevis-systemd-21-1.tpm1u4.fc40.x86_64.rpmFor upgrades you can omit clevis-pin-tpm2 as it is already installed.
Fedora 40
Download all RPMs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u4 | jq -r '.assets[].browser_download_url | select(test("fc40"))' | wget -ci-Typical installation:
sudo dnf install clevis-pin-tpm2 ./clevis-21-1.tpm1u4.fc40.x86_64.rpm ./clevis-dracut-21-1.tpm1u4.fc40.x86_64.rpm ./clevis-luks-21-1.tpm1u4.fc40.x86_64.rpm ./clevis-systemd-21-1.tpm1u4.fc40.x86_64.rpmFor upgrades you can omit clevis-pin-tpm2 as it is already installed.
Fedora 39
Download all RPMs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u4 | jq -r '.assets[].browser_download_url | select(test("fc39"))' | wget -ci-Typical installation:
sudo dnf install clevis-pin-tpm2 ./clevis-21-1.tpm1u4.fc39.x86_64.rpm ./clevis-dracut-21-1.tpm1u4.fc39.x86_64.rpm ./clevis-luks-21-1.tpm1u4.fc39.x86_64.rpm ./clevis-systemd-21-1.tpm1u4.fc39.x86_64.rpmFor upgrades you can omit clevis-pin-tpm2 as it is already installed.
Full Changelog: v21...v21_tpm1u4
Release version 21 + TPM 1.2, update 3
Debian and Fedora packages for Clevis v21 with TPM 1.2 implementation
Debian
Debian 12 (bookworm)
Download all DEBs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u3 | jq -r '.assets[].browser_download_url | select(test("deb12|orig"))' | wget -ci-Installation of the typical Dracut version with:
sudo apt install ./clevis-dracut_21-1+tpm1u3+deb12_amd64.deb ./clevis-systemd_21-1+tpm1u3+deb12_amd64.deb ./clevis-tpm1_21-1+tpm1u3+deb12_amd64.deb ./clevis-luks_21-1+tpm1u3+deb12_amd64.deb ./clevis_21-1+tpm1u3+deb12_amd64.debInstallation of the typical initramfs-tools version:
sudo apt install ./clevis-initramfs_21-1+tpm1u3+deb12_amd64.deb ./clevis-systemd_21-1+tpm1u3+deb12_amd64.deb ./clevis-tpm1_21-1+tpm1u3+deb12_amd64.deb ./clevis-luks_21-1+tpm1u3+deb12_amd64.deb ./clevis_21-1+tpm1u3+deb12_amd64.debDebian 11 (bullseye)
Download all DEBs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u3 | jq -r '.assets[].browser_download_url | select(test("deb11|orig"))' | wget -ci-Installation of the typical Dracut version with:
sudo apt install ./clevis-dracut_21-1+tpm1u3+deb11_amd64.deb ./clevis-systemd_21-1+tpm1u3+deb11_amd64.deb ./clevis-tpm1_21-1+tpm1u3+deb11_amd64.deb ./clevis-luks_21-1+tpm1u3+deb11_amd64.deb ./clevis_21-1+tpm1u3+deb11_amd64.debInstallation of the typical initramfs-tools version:
sudo apt install ./clevis-initramfs_21-1+tpm1u3+deb11_amd64.deb ./clevis-systemd_21-1+tpm1u3+deb11_amd64.deb ./clevis-tpm1_21-1+tpm1u3+deb11_amd64.deb ./clevis-luks_21-1+tpm1u3+deb11_amd64.deb ./clevis_21-1+tpm1u3+deb11_amd64.debFedora
Version lock
The versionlock plugin is used to prevent upgrades to normal clevis version. If you do not have it, just install it with sudo dnf install 'dnf-command(versionlock)'.
sudo dnf versionlock add --raw "clevis-*.tpm1*"
sudo dnf versionlock add --raw "clevis-pin-tpm2"Fedora 41
Download all RPMs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u3 | jq -r '.assets[].browser_download_url | select(test("fc41"))' | wget -ci-Typical installation:
sudo dnf install clevis-pin-tpm2 ./clevis-21-1.tpm1u3.fc40.x86_64.rpm ./clevis-dracut-21-1.tpm1u3.fc40.x86_64.rpm ./clevis-luks-21-1.tpm1u3.fc40.x86_64.rpm ./clevis-systemd-21-1.tpm1u3.fc40.x86_64.rpmFor upgrades you can omit clevis-pin-tpm2 as it is already installed.
Fedora 40
Download all RPMs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u3 | jq -r '.assets[].browser_download_url | select(test("fc40"))' | wget -ci-Typical installation:
sudo dnf install clevis-pin-tpm2 ./clevis-21-1.tpm1u3.fc40.x86_64.rpm ./clevis-dracut-21-1.tpm1u3.fc40.x86_64.rpm ./clevis-luks-21-1.tpm1u3.fc40.x86_64.rpm ./clevis-systemd-21-1.tpm1u3.fc40.x86_64.rpmFor upgrades you can omit clevis-pin-tpm2 as it is already installed.
Fedora 39
Download all RPMs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u3 | jq -r '.assets[].browser_download_url | select(test("fc39"))' | wget -ci-Typical installation:
sudo dnf install clevis-pin-tpm2 ./clevis-21-1.tpm1u3.fc39.x86_64.rpm ./clevis-dracut-21-1.tpm1u3.fc39.x86_64.rpm ./clevis-luks-21-1.tpm1u3.fc39.x86_64.rpm ./clevis-systemd-21-1.tpm1u3.fc39.x86_64.rpmFor upgrades you can omit clevis-pin-tpm2 as it is already installed.
Full Changelog: v21...v21_tpm1u3
Release version 21 + TPM 1.2, update 2
Debian and Fedora packages for Clevis v21 with TPM 1.2 implementation
Debian
Debian 12 (bookworm)
Download all DEBs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u2 | jq -r '.assets[].browser_download_url | select(test("deb12|orig"))' | wget -ci-Installation of the typical Dracut version with:
sudo apt install ./clevis-dracut_21-1+tpm1u2+deb12_amd64.deb ./clevis-systemd_21-1+tpm1u2+deb12_amd64.deb ./clevis-tpm1_21-1+tpm1u2+deb12_amd64.deb ./clevis-luks_21-1+tpm1u2+deb12_amd64.deb ./clevis_21-1+tpm1u2+deb12_amd64.debInstallation of the typical initramfs-tools version:
sudo apt install ./clevis-initramfs_21-1+tpm1u2+deb12_amd64.deb ./clevis-systemd_21-1+tpm1u2+deb12_amd64.deb ./clevis-tpm1_21-1+tpm1u2+deb12_amd64.deb ./clevis-luks_21-1+tpm1u2+deb12_amd64.deb ./clevis_21-1+tpm1u2+deb12_amd64.debDebian 11 (bullseye)
Download all DEBs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u2 | jq -r '.assets[].browser_download_url | select(test("deb11|orig"))' | wget -ci-Installation of the typical Dracut version with:
sudo apt install ./clevis-dracut_21-1+tpm1u2+deb11_amd64.deb ./clevis-systemd_21-1+tpm1u2+deb11_amd64.deb ./clevis-tpm1_21-1+tpm1u2+deb11_amd64.deb ./clevis-luks_21-1+tpm1u2+deb11_amd64.deb ./clevis_21-1+tpm1u2+deb11_amd64.debInstallation of the typical initramfs-tools version:
sudo apt install ./clevis-initramfs_21-1+tpm1u2+deb11_amd64.deb ./clevis-systemd_21-1+tpm1u2+deb11_amd64.deb ./clevis-tpm1_21-1+tpm1u2+deb11_amd64.deb ./clevis-luks_21-1+tpm1u2+deb11_amd64.deb ./clevis_21-1+tpm1u2+deb11_amd64.debFedora
Version lock
The versionlock plugin is used to prevent upgrades to normal clevis version. If you do not have it, just install it with sudo dnf install 'dnf-command(versionlock)'.
sudo dnf versionlock add --raw "clevis-*.tpm1*"
sudo dnf versionlock add --raw "clevis-pin-tpm2"Fedora 41
Download all RPMs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u2 | jq -r '.assets[].browser_download_url | select(test("fc41"))' | wget -ci-Typical installation:
sudo dnf install clevis-pin-tpm2 ./clevis-21-1.tpm1u2.fc40.x86_64.rpm ./clevis-dracut-21-1.tpm1u2.fc40.x86_64.rpm ./clevis-luks-21-1.tpm1u2.fc40.x86_64.rpm ./clevis-systemd-21-1.tpm1u2.fc40.x86_64.rpmFor upgrades you can omit clevis-pin-tpm2 as it is already installed.
Fedora 40
Download all RPMs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u2 | jq -r '.assets[].browser_download_url | select(test("fc40"))' | wget -ci-Typical installation:
sudo dnf install clevis-pin-tpm2 ./clevis-21-1.tpm1u2.fc40.x86_64.rpm ./clevis-dracut-21-1.tpm1u2.fc40.x86_64.rpm ./clevis-luks-21-1.tpm1u2.fc40.x86_64.rpm ./clevis-systemd-21-1.tpm1u2.fc40.x86_64.rpmFor upgrades you can omit clevis-pin-tpm2 as it is already installed.
Fedora 39
Download all RPMs to current folder:
wget -qO- https://api.github.com/repos/oldium/clevis/releases/tags/v21_tpm1u2 | jq -r '.assets[].browser_download_url | select(test("fc39"))' | wget -ci-Typical installation:
sudo dnf install clevis-pin-tpm2 ./clevis-21-1.tpm1u2.fc39.x86_64.rpm ./clevis-dracut-21-1.tpm1u2.fc39.x86_64.rpm ./clevis-luks-21-1.tpm1u2.fc39.x86_64.rpm ./clevis-systemd-21-1.tpm1u2.fc39.x86_64.rpmFor upgrades you can omit clevis-pin-tpm2 as it is already installed.
Full Changelog: v21...v21_tpm1u2
Release version 21 + TPM 1.2 (Debian 12), update 1
Debian 12 (bookworm) packages for clevis-21 with TPM 1.2 implementation.
Install the typical Dracut version with:
sudo apt install ./clevis-dracut_21-1+tpm1u1_amd64.deb ./clevis-systemd_21-1+tpm1u1_amd64.deb ./clevis-tpm1_21-1+tpm1u1_amd64.deb ./clevis-luks_21-1+tpm1u1_amd64.deb ./clevis_21-1+tpm1u1_amd64.debInstall the typical initramfs-tools version:
sudo apt install ./clevis-initramfs_21-1+tpm1u1_amd64.deb ./clevis-systemd_21-1+tpm1u1_amd64.deb ./clevis-tpm1_21-1+tpm1u1_amd64.deb ./clevis-luks_21-1+tpm1u1_amd64.deb ./clevis_21-1+tpm1u1_amd64.debFull Changelog: v21...v21_tpm1u1
Release version 21 + TPM 1.2 (Debian 12)
Debian 12 (bookworm) packages for clevis-21 with TPM 1.2 implementation.
Install the typical Dracut version with:
sudo apt install ./clevis-dracut_21-1+tpm1_amd64.deb ./clevis-systemd_21-1+tpm1_amd64.deb ./clevis-tpm1_21-1+tpm1_amd64.deb ./clevis-luks_21-1+tpm1_amd64.deb ./clevis_21-1+tpm1_amd64.debInstall the typical initramfs-tools version:
sudo apt install ./clevis-initramfs_21-1+tpm1_amd64.deb ./clevis-systemd_21-1+tpm1_amd64.deb ./clevis-tpm1_21-1+tpm1_amd64.deb ./clevis-luks_21-1+tpm1_amd64.deb ./clevis_21-1+tpm1_amd64.debFull Changelog: v21...v21_tpm1
Release version 20 + TPM 1.2 (Debian 12)
Debian 12 (bookworm) packages for clevis-20 with TPM 1.2 implementation.
Install the typical Dracut version with:
sudo apt install ./clevis-dracut_20-1+tpm1_amd64.deb ./clevis-systemd_20-1+tpm1_amd64.deb ./clevis-tpm1_20-1+tpm1_amd64.deb ./clevis-luks_20-1+tpm1_amd64.deb ./clevis_20-1+tpm1_amd64.debInstall the typical initramfs-tools version:
sudo apt install ./clevis-initramfs_20-1+tpm1_amd64.deb ./clevis-systemd_20-1+tpm1_amd64.deb ./clevis-tpm1_20-1+tpm1_amd64.deb ./clevis-luks_20-1+tpm1_amd64.deb ./clevis_20-1+tpm1_amd64.debFull Changelog: v20...v20_tpm1