systemd-cryptsetup@.service crash during boot with fido2-device=auto

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi.

I've been asking around everywhere for some assistance.
The full issue can be found here:
https://www.reddit.com/r/archlinux/comments/urnj8x/help_getting_fido2_and_systemdcryptenroll_working/

The short version is, I got `systemd-cryptenroll --fido2-device=auto
/dev/sda2` to work.
Unlocking it works with a password, but it's not trying to use the
fido2-device as expected.

Whenever I add `/etc/crypttab` to the initramfs
`systemd-cryptsetup@luksdev.service` crashes.
Not sure how to debug it since it's the root partition. But I
increased the loglevel on the kernel to 7 and found that the Yubikey
comes up after the service crashes.

And I'm wondering, is it required for the USB device to come alive
before this service tries to execute?

As far as I can tell, it executed:
/lib/systemd/systemd-cryptsetup attach 'luksdev' '/dev/sda2' 'none'
'luks,fido2-device=auto'

And by default if executed on a live medium that will hang waiting for
the HSM to be inserted and will work. But I can't figure out why the
service would break if that is all it does.

As soon as I create a /etc/crypttab or omit tpm2-device=auto from the
kernel command-line, the boot process breaks. Buf it I don't use
/etc/crypttab or I have tpm2-device=auto the service succeeds - but
won't use the fido device.. And that's probably obvious for everyone
here but I'm stumped.

Any help would be appreciated but is in no way expected.

//Anton
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux