You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have been trying to get fido2luks to work on Debian sid without much success. Currently, I am using four yubikeys and have set up the config as described in the readme. Each yubikey has a pin code assigned to it, which may or may not be the issue when trying to decrypt in initramfs. I installed dracut and then installed the dracut changes in this directory, but when I reboot the computer, I get a bunch of spam on boot that continues even as I enter in my passphrase:
dracut-initqueue[474]: SELinux enabled state cached to: disabled
dracut-initqueue[474]: Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy
When it asks for the authenticator, I assume it wants the pin, but even when I give it the pin, the yubikey never flashes for touch, and the only passphrase that works is the non-fido key (regular passphrase). Is there something I have to do with SELinux for this to work? Is there another setting I have to set in the grub config if the yubikey uses a pin? I am unsure if this is an issue running on Debian Sid or a misconfiguration on my part; what logs would help debug this issue?
The text was updated successfully, but these errors were encountered:
Neither the dracut nor the initramfs scipts support a pin at the moment(but the next major release will). So you either have to remove the pin or adapt the script such that it'll ask for a pin and passes it into fido2luks via the --pin-source.
I have been trying to get fido2luks to work on Debian sid without much success. Currently, I am using four yubikeys and have set up the config as described in the readme. Each yubikey has a pin code assigned to it, which may or may not be the issue when trying to decrypt in initramfs. I installed dracut and then installed the dracut changes in this directory, but when I reboot the computer, I get a bunch of spam on boot that continues even as I enter in my passphrase:
When it asks for the authenticator, I assume it wants the pin, but even when I give it the pin, the yubikey never flashes for touch, and the only passphrase that works is the non-fido key (regular passphrase). Is there something I have to do with SELinux for this to work? Is there another setting I have to set in the grub config if the yubikey uses a pin? I am unsure if this is an issue running on Debian Sid or a misconfiguration on my part; what logs would help debug this issue?
The text was updated successfully, but these errors were encountered: