Bootup asks for password, not yubikey

[NTICompass]

I'm using Manjaro, and my root partition (as well as home, var and opt) are part of an LVM that's inside a LUKS-encrypted partition. Slots 0 and 1 in LUKS are already configured.

I installed yubikey-full-disk-encryption-git, and ran:

ykfde-enroll -d /dev/nvme0n1p3 -s 2

This worked correctly, and when I tested with ykfde-open -d /dev/nvme0n1p3 -s 2 -t, it came back with "Device successfully opened".

I added ykfde to my mkinitcpio HOOKS, but after rebooting, it just asked me for my passphrase (slot 1, btw), like normal.

I realized that when I ran the test command above, it would fail unless the yubikey was inserted before I ran it. Do I need to plug in the yubikey before booting my machine for this to work?

Here are the HOOKS in my /etc/mkinitcpio.conf:

HOOKS=(base systemd autodetect modconf block keyboard sd-vconsole ykfde sd-encrypt sd-lvm2 filesystems fsck)

[Vincent43]

Currently this project doesn't work with systemd hook in initramfs ,see https://github.com/agherzan/yubikey-full-disk-encryption/issues/14

[NTICompass]

@Vincent43 I'll keep an eye on that issue. I guess I can try to switch back to the "busybox" hooks and see what happens.

[Vincent43]

Do I need to plug in the yubikey before booting my machine for this to work?

No. There is 30 second timeout per retry for inserting YubiKey + configurable number of retries (default 5).