I have added tpm utility inisde initramfs and I can use various tpm commands like tpm_sealdata, tpm_unsealdata, etc from the initramfs. I want to seal a LUK's key inisde initramfs and unseal it during each reboot and so for that I'll need to unseal the same sealed key everytime inside initramfs. When I again go inisde initramfs and try to unseal the key, it says that "Key not found in persistent storage". This happens because the system.data file present inside /var/lib/tpm does not stay persistent iniside initramfs and that is obvious. Does anyone know how to solve this issue? (Note: I am not trying to store LUK's key inisde tpm's nvram. Instead I want to encrypt the LUK's key with the tpm)
I tried copying system.data generated inside initramfs to rootfs and when I am again in the initramfs, I copied that system.data back to initramfs but it did not work.