On 25/8/22 20:43, Lennart Poettering wrote:
On Mi, 17.08.22 13:23, Michael Cassaniti (michael@xxxxxxxxxxxxxxx) wrote:Hi, I'm trying to order my units and targets during early boot so that: 1. A symlink to the specific FIDO2 token I'm using gets created. I already have a udev rule in place for this and it successfully creates the symlink under /dev. Because I have two tokens I need to specify which one to use. 2. The unit for systemd-cryptsetup@root.service has to wait for this unit. The unit gets generated from systemd-cryptsetup-generator so I can't just add Requires= stanzas to the unit. I do have a /etc/crypttab file.systemd-cryptsetup can wait on its own for a FIDO2 token, no need to do that with unit deps? Lennart -- Lennart Poettering, Berlin
It seems to be somewhat more complicated than that, and perhaps it has more to do with my setup. Here's my /etc/crypttab which just might explain a bit:
# Mount root and swap # These will initially have an empty passwordroot /dev/disk/by-partlabel/root - fido2-device=/dev/yubico-fido2,token-timeout=0,try-empty-password=true,x-initrd.attach swap /dev/disk/by-partlabel/swap - fido2-device=/dev/yubico-fido2,token-timeout=0,try-empty-password=true,x-initrd.attach
I think the fact that both of these get setup at boot and will concurrently try to access the FIDO2 token is causing issues. That crypttab is included in the initrd.
Thanks, Michael Cassaniti, Australia
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
