Description of problem:
I'm trying to set up unlocking LUKS2 on boot using a pkcs11 token (Yubikey 4 in PIV mode), following http://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html .
- A certificate and key has been set up on the token.
- The token has been enrolled with systemd-cryptenroll --pkcs11-token-uri=auto
- pkcs11-uri=auto has been added to the relevant line of /etc/crypttab
I then rebuilt the initramfs, adding /usr/lib64/opensc-pkcs11.so .
The subsequent boot hangs at the spinner -- no prompt to insert the token, no fallback to password. This happens even if the token is present from boot.
I suspect something is missing from the initramfs -- what additional files need to be brought in for this to work?
Version-Release number of selected component (if applicable):
Lennart, could you take a look? I assume you had to figure this out for your own setup ;)
In rawhide, systemd-udev now has the following Recommends:
Those are Recommends, not Requires, to keep the mandatory dependencies down.
The same change will need to be done in F35 and F34…
FEDORA-2022-f38f479b8f has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-f38f479b8f
FEDORA-2022-f38f479b8f has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-f38f479b8f`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-f38f479b8f
See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-f38f479b8f has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.