[pkg-cryptsetup-devel] Bug#1023700: cryptsetup: Option fido2-device unknown
Peter Wienemann
fossdev at posteo.de
Tue Nov 8 20:00:14 GMT 2022
Package: cryptsetup
Version: 2:2.5.0-6
Severity: normal
Dear maintainer,
inspired by [0] I am trying to unlock a LUKS volume using a FIDO2 token
on a system running bookworm/testing using systemd 252-2.
The relevant line in /etc/crypttab looks like this:
--------------------------------------------------------------------
rootfs /dev/nvme0n1p3 none luks,discard,fido2-device=auto
--------------------------------------------------------------------
After running
systemd-cryptenroll --fido2-device=auto /dev/nvme0n1p3
and adding the "fido2-device=auto" option in /etc/crypttab, I obtain the
following warning during updating the initramfs image:
--------------------------------------------------------------------
cryptsetup: WARNING: rootfs: ignoring unknown option 'fido2-device'
--------------------------------------------------------------------
As a result, it comes as no surprise that unlocking the volume using the
FIDO2 token does not work as desired.
Best regards,
Peter
[0] https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
More information about the pkg-cryptsetup-devel
mailing list