Document the use of FIDO2 devices to unlock LUKS volumes

fedora-silverblue / issue-tracker

Fedora Silverblue issue tracker

https://fedoraproject.org/atomic-desktops/silverblue/

126 stars 3 forks source link

Document the use of FIDO2 devices to unlock LUKS volumes #431

Closed miabbott closed 1 month ago

miabbott commented 1 year ago

Saw this thread on reddit - https://www.reddit.com/r/Fedora/comments/11qk9gx/luks_and_fido2_unlock_on_fedora_silverblue/

Given the difference in how rpm-ostree systems handle the initramfs, it may be useful to have our own set of docs around the use case of LUKS volumes + FIDO2 devices

travier commented 1 year ago

I found http://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html but I've not tested it. If we need something to be included in the initramfs I think we should include it by default.

travier commented 1 month ago

Thanks for the report. This issue is now tracked in https://gitlab.com/fedora/ostree/sig/-/issues/33 thus I'll close this one.