Bug#1007268: Enable LUKS unlock with security keys (FIDO2/PKCS11) and TPM2
Trent Lloyd
trent at lloyd.id.au
Tue Mar 15 07:18:04 GMT 2022
Package: systemd
I would like to unlock LUKS encrypted disks with the new systemd-cryptsetup
ability to unlock using security keys such as Yubikey, etc. I am primarily
interested in the FIDO2 support personally however there is also PKCS11 and
TPM2 support. It would be great to enable all 3 of these.
An introduction/overview of the feature can be found here:
https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
The relevant options libfido2, p11kit and tpm2 are currently disabled
in debian/rules.
It seems the fido2 support was disabled in 246-1 because "This is only used by
homed which we don't enable.” however that doesn’t apply anymore. Additionally
the p11kit and tpm2 support was disabled in 245-1 due to being new features
that require further review.
Thanks,
Trent
More information about the Pkg-systemd-maintainers
mailing list