Tested on Ubuntu 24.04 LTS. The LUKS passkey prompt is still shown on boot, but just ignore it and it will boot successfully.
sudo apt-get -y install clevis clevis-tpm2 clevis-luks clevis-initramfs initramfs-tools tss2
The following commands assumes /dev/nvme0n1p3 is your LUKS encrypted partition. Adjust if it's not. You can check via lsblk.
sudo clevis luks bind -d /dev/nvme0n1p3 tpm2 '{"pcr_bank":"sha256"}' <<< "your_luks_encryption_key"
sudo update-initramfs -u -k all
sudo clevis luks list -d /dev/nvme0n1p3
If you need to unbind clevis run:
sudo clevis luks unbind -d /dev/nvme0n1p3 -s 1 tpm2
This has been tested with Gnome Boxes and Ubuntu 24.04 LTS.
Go to https://www.microsoft.com/en-us/software-download/windows11 and download your Windows 11 ISO.
sudo apt install -y qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virt-manager gnome-boxes swtpm swtpm-tools
sudo systemctl enable --now libvirtd
sudo usermod -aG libvirt,kvm $USER
Add this to the <devices> section:
<tpm model='tpm-tis'>
<backend type='emulator' version='2.0'/>
</tpm>
Save and start your VM to install Windows
You should now have full screen graphics and copy-paste should work between host and guest OS.
This fingerprint reader is used in multiple Dell laptops.
There is now a closed source driver available:
https://git.launchpad.net/~oem-solutions-engineers/libfprint-2-tod1-broadcom
After installing the drivers and registring fingerprint. Enable the pam module for fingerprint by running:
sudo pam-auth-update