⚠️ Use at own risk and consider this plugin to be experimental right now. ⚠️
You can check whether or not your token is suitable by executing fido2-token -I /dev/hidraw0 | grep hmac-secret
(use fido2-token -L
to get the correct /dev/hidrawX
path). For valid authenticators it will match a line like "extension strings: credProtect, hmac-secret".
Copy clevis-encrypt-fido2
and clevis-encrypt-fido2
to the $PATH
directory in which clevis is installed (or any local bin path if it should only work for the current user).