Hide Forgot
Description of problem: I'm trying to set up unlocking LUKS2 on boot using a pkcs11 token (Yubikey 4 in PIV mode), following http://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html . - A certificate and key has been set up on the token. - The token has been enrolled with systemd-cryptenroll --pkcs11-token-uri=auto - pkcs11-uri=auto has been added to the relevant line of /etc/crypttab I then rebuilt the initramfs, adding /usr/lib64/opensc-pkcs11.so . The subsequent boot hangs at the spinner -- no prompt to insert the token, no fallback to password. This happens even if the token is present from boot. I suspect something is missing from the initramfs -- what additional files need to be brought in for this to work? Version-Release number of selected component (if applicable): systemd-248.3-1.fc34.x86_64 opensc-0.21.0-4.fc34.x86_64 dracut-055-2.fc34.x86_64
Lennart, could you take a look? I assume you had to figure this out for your own setup ;)
In rawhide, systemd-udev now has the following Recommends: libfido2.so.1()(64bit) libtss2-esys.so.0()(64bit) libtss2-mu.so.0()(64bit) libtss2-rc.so.0()(64bit) Those are Recommends, not Requires, to keep the mandatory dependencies down. The same change will need to be done in F35 and F34…
FEDORA-2022-f38f479b8f has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-f38f479b8f
FEDORA-2022-f38f479b8f has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-f38f479b8f` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-f38f479b8f See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-f38f479b8f has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.