chore: Remove TPM FDE helper, this has been moved to ublue-os/config

system_files/desktop/shared/usr/libexec/luks-enable-tpm2-autounlock

@@ -1,54 +0,0 @@
-#!/usr/bin/bash
-## setup auto-unlock LUKS2 encrypted root on Fedora/Silverblue/maybe others
-## From https://github.com/bsherman/ublue-custom/blob/main/usr/bin/luks-enable-tpm2-autounlock
-set -u
-
-[ "$UID" -eq 0 ] || { echo "This script must be run as root."; exit 1;}
-
-read -p "This will modify your system and enable TPM2 auto-unlock of your LUKS partition! Are you sure you've read the script and are good with this? " -n 1 -r
-echo
-if [[ ! $REPLY =~ ^[Yy]$ ]]; then
-  [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1 # handle exits from shell or function but don't exit interactive shell
-fi
-
-## Inspect crypttab to find disk info, should look like this
-#sudo cat /etc/crypttab
-#luks-912462a2-39ce-abcd-1234-89c6c0304cb4 UUID=912462a2-39ce-abcd-1234-89c6c0304cb4 none discard
-DISK_UUID=$(sudo awk '{ print $2 }' /etc/crypttab | cut -d= -f2)
-CRYPT_DISK="/dev/disk/by-uuid/$DISK_UUID"
-
-## Backup the crypttab
-if [ -f /etc/crypttab.known-good ]; then
-  echo "Our backup already exists at /etc/crypttab.known-good\nExiting..."
-  [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1
-fi
-cp -a /etc/crypttab /etc/crypttab.known-good
-
-## modify the crypttab
-grep tpm2-device /etc/crypttab > /dev/null
-if [ 0 -eq $? ]; then
-  echo "TPM2 already present in /etc/crypttab. Exiting..."
-  [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1
-fi
-sed -i "s/discard/discard,tpm2-device=auto/" /etc/crypttab
-
-cryptsetup luksDump $CRYPT_DISK | grep systemd-tpm2 > /dev/null
-if [ 0 -eq $? ]; then
-  KEYSLOT=$(cryptsetup luksDump $CRYPT_DISK|grep -A23 systemd-tpm2|grep Keyslot|awk '{print $2}')
-  echo "TPM2 already present in LUKS Keyslot $KEYSLOT of $CRYPT_DISK. Exiting..."
-  [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1
-fi
-
-## Run crypt enroll
-echo "Enrolling TPM2 unlock requires your existing LUKS2 unlock password"
-echo
-systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 $CRYPT_DISK
-
-## Now reboot
-echo
-echo "TPM2 LUKS auto-unlock configured. Reboot now."
-
-
-# References:
-#  https://www.reddit.com/r/Fedora/comments/uo4ufq/any_way_to_get_systemdcryptenroll_working_on/
-#  https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html

system_files/desktop/shared/usr/share/ublue-os/just/80-bazzite.just

@@ -36,11 +36,6 @@ install-gamemode-video:
     rm -f $HOME/.local/share/Steam/config/uioverrides/movies/deck_startup.webm
     cp /usr/share/ublue-os/bazzite/bazzite.webm $HOME/.local/share/Steam/config/uioverrides/movies/deck_startup.webm
 
-# Set up automatic LUKS unlock via TPM
-setup-luks-tpm-unlock:
-    #!/usr/bin/bash
-    sudo /usr/libexec/luks-enable-tpm2-autounlock
-
 # Force-enable AMD pstate
 pstate-force-enable:
     rpm-ostree kargs --append-if-missing=amd_pstate=active

system_files/desktop/shared/usr/share/ublue-os/motd/tips/10-ublue.md

@@ -4,5 +4,4 @@ Packages installed in Distrobox can be exported to appear like any other applica
 *This isn't a distro*, this is a custom image built on  Fedora Atomic Desktop technology~[View our mission](https://ublue.it/mission/)
 **Support the app store!**~[Donate to  Flatpak](https://opencollective.com/flatpak)
 **Support indie game preservation and OSS developers!**~[Join Hit Save!'s Patreon](https://patreon.com/hitsave)
-**H.264 hardware acceleration is supported out of the box.** No tweaks necessary!
-*Using full disk encryption and tired of entering your password?* `ujust setup-luks-tpm-unlock` can help you use your CPU's TPM to unlock your device.
+**H.264 hardware acceleration is supported out of the box.** No tweaks necessary!