From ceef3577688d28ec0d627d8c4dc17b1682f33265 Mon Sep 17 00:00:00 2001
From: Daniel Winzen <daniel@danwin1210.de>
Date: Sat, 16 Sep 2023 17:01:58 +0200
Subject: [PATCH 1/2] fix(crypt): unlock encrypted devices by default during
 boot

---
 modules.d/90crypt/parse-crypt.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules.d/90crypt/parse-crypt.sh b/modules.d/90crypt/parse-crypt.sh
index e46e347ac5..39fc6d211e 100755
--- a/modules.d/90crypt/parse-crypt.sh
+++ b/modules.d/90crypt/parse-crypt.sh
@@ -174,7 +174,7 @@ else
                 } >> "$hookdir/emergency/90-crypt.sh"
             fi
         done
-    elif getargbool 0 rd.auto; then
+    elif getargbool 1 rd.auto; then
         if [ -z "$DRACUT_SYSTEMD" ]; then
             {
                 printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' "$(command -v initqueue)"

From ff42e34bf733666f95a54fd1f5c8055ac2edd0f8 Mon Sep 17 00:00:00 2001
From: Daniel Winzen <daniel@danwin1210.de>
Date: Sat, 16 Sep 2023 19:22:39 +0200
Subject: [PATCH 2/2] fix(crypt): include fido2 pkcs11 and tpm2-tss modules in
 generic initrd

---
 modules.d/90crypt/module-setup.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/modules.d/90crypt/module-setup.sh b/modules.d/90crypt/module-setup.sh
index d5ac45ba22..9ac7f9407e 100755
--- a/modules.d/90crypt/module-setup.sh
+++ b/modules.d/90crypt/module-setup.sh
@@ -30,6 +30,12 @@ depends() {
         if grep -q "tpm2-device=" "$dracutsysrootdir"/etc/crypttab; then
             deps+=" tpm2-tss"
         fi
+    elif [[ ! $hostonly ]]; then
+        deps+=" fido2 pkcs11"
+        module_check "tpm2-tss" > /dev/null 2>&1
+        if [[ $? == 255 ]]; then
+            deps+=" tpm2-tss"
+        fi
     fi
     echo "$deps"
     return 0