Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Debian Sid Support? #38

Open
Brando753 opened this issue Sep 21, 2021 · 1 comment
Open

Debian Sid Support? #38

Brando753 opened this issue Sep 21, 2021 · 1 comment

Comments

@Brando753
Copy link

I have been trying to get fido2luks to work on Debian sid without much success. Currently, I am using four yubikeys and have set up the config as described in the readme. Each yubikey has a pin code assigned to it, which may or may not be the issue when trying to decrypt in initramfs. I installed dracut and then installed the dracut changes in this directory, but when I reboot the computer, I get a bunch of spam on boot that continues even as I enter in my passphrase:

dracut-initqueue[474]: SELinux enabled state cached to: disabled
dracut-initqueue[474]: Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy

When it asks for the authenticator, I assume it wants the pin, but even when I give it the pin, the yubikey never flashes for touch, and the only passphrase that works is the non-fido key (regular passphrase). Is there something I have to do with SELinux for this to work? Is there another setting I have to set in the grub config if the yubikey uses a pin? I am unsure if this is an issue running on Debian Sid or a misconfiguration on my part; what logs would help debug this issue?

@shimunn
Copy link
Owner

shimunn commented Sep 24, 2021

Neither the dracut nor the initramfs scipts support a pin at the moment(but the next major release will). So you either have to remove the pin or adapt the script such that it'll ask for a pin and passes it into fido2luks via the --pin-source.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants