Unlocking LUKS2 volumes with TPM2, FIDO2...
Unlocking LUKS2 volumes with TPM2, FIDO2, PKCS#11 Security Hardwar...
Posts and writings by Lennart Poettering
4 Replies
I think the technical details of why/how/what regarding all this stuff can be a distinct thread ... one i'm interested in but I don't want to derail a more general discussion 🙂
The enroll part needs to be in yafti or just
Or something
Maybe some script that generates the crypttab
i'm currently using fido unlock on my laptop wiht a yubikey and i don't have the pam /u2f packages installed
so that's part of the reason this is interesting, exploring what the goals are for something like this, and what's actually required
what I DO have is flatpak (or maybe appimage) yubikey manager tools
I wanted to create a general justfile for security related implementations in config with recipes that better automate setup of things like yubikeys tools, login/sshd/sudo/etc via FIDO, to provide something that's more approachable for users versus the current situation we have which is a bunch of skewed documentation