[pkg-cryptsetup-devel] Bug#1034730: cryptsetup-initramfs doesn't include cryptsetup-token binaries and libraries
August M.H.
august.m.h at pm.me
Sat Apr 22 21:54:53 BST 2023
Package: cryptsetup-initramfs
Version: 2:2.6.1-3~deb12u1
I have an encrypted root that I unlock with a fido usb key but when I power on my computer, instead of asking me to unlock with my key, it asks for a password because the initramfs doesn't include the cryptsetup token binaries. I wrote a initramfs hook to add the libcryptsetup-token-systemd-fido2 binary and the libfido2 library but it still asks for my password on boot requiring me to press enter to make the system to invoke cryptsetup and allowing me to unlock with my key.
I suggest that the package is updated to automatically detect if a disk uses any tokens and to add the necessary binaries/libraries to the initramfs and to not ask for a password when a token is used. On my system, the cryptsetup token binaries are located at /usr/lib/x86_64-linux-gnu/cryptsetup.
Here's the initramfs hook I wrote to somewhat fix the problem:
```
#!/bin/sh
set -e
PREREQ=""
prereqs()
{
echo "${PREREQ}"
}
case "${1}" in
prereqs)
prereqs
exit 0
;;
esac
. /usr/share/initramfs-tools/hook-functions
copy_exec /usr/lib/x86_64-linux-gnu/libfido2.so.1
copy_exec /usr/lib/x86_64-linux-gnu/cryptsetup/libcryptsetup-token-systemd-fido2.so
```
Thanks,
August M.H.
They / Them
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - august.m.h at pm.me - 0x276B1AAA.asc
Type: application/pgp-keys
Size: 645 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20230422/6cba5c74/attachment.key>
More information about the pkg-cryptsetup-devel
mailing list