Closed miabbott closed 1 month ago
I found http://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html but I've not tested it. If we need something to be included in the initramfs I think we should include it by default.
Thanks for the report. This issue is now tracked in https://gitlab.com/fedora/ostree/sig/-/issues/33 thus I'll close this one.
Saw this thread on reddit - https://www.reddit.com/r/Fedora/comments/11qk9gx/luks_and_fido2_unlock_on_fedora_silverblue/
Given the difference in how
rpm-ostree
systems handle theinitramfs
, it may be useful to have our own set of docs around the use case of LUKS volumes + FIDO2 devices