From ff46f764500e557270b5097a7bdf4b21c154403c Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Tue, 14 Mar 2023 20:36:00 -0400
Subject: [PATCH] system-configuration: Enable tpm2 in initramfs

Needed for https://github.com/containers/bootc/pull/75
---
 oscore/system-configuration.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/oscore/system-configuration.yaml b/oscore/system-configuration.yaml
index baa01e6..69dd366 100644
--- a/oscore/system-configuration.yaml
+++ b/oscore/system-configuration.yaml
@@ -1,5 +1,10 @@
 # These are packages that are related to configuring parts of the system.
 
+initramfs-args:
+  - "--no-hostonly"
+  - "--add"
+  - "tpm2-tss"  # We want this for systemd-cryptsetup tpm2 locking
+
 packages:
   # Configuring SSH keys, cloud provider check-in, etc
   # TODO: needs Ignition kargs
@@ -8,6 +13,8 @@ packages:
   - chrony
   # Storage configuration/management
   - cryptsetup
+  # Needed for tpm2 bound luks
+  - tpm2-tools
   - e2fsprogs
   - sg3_utils
   - xfsprogs