-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Debian Sid Support? #38
Comments
Neither the dracut nor the initramfs scipts support a pin at the moment(but the next major release will). So you either have to remove the pin or adapt the script such that it'll ask for a pin and passes it into fido2luks via the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have been trying to get fido2luks to work on Debian sid without much success. Currently, I am using four yubikeys and have set up the config as described in the readme. Each yubikey has a pin code assigned to it, which may or may not be the issue when trying to decrypt in initramfs. I installed dracut and then installed the dracut changes in this directory, but when I reboot the computer, I get a bunch of spam on boot that continues even as I enter in my passphrase:
When it asks for the authenticator, I assume it wants the pin, but even when I give it the pin, the yubikey never flashes for touch, and the only passphrase that works is the non-fido key (regular passphrase). Is there something I have to do with SELinux for this to work? Is there another setting I have to set in the grub config if the yubikey uses a pin? I am unsure if this is an issue running on Debian Sid or a misconfiguration on my part; what logs would help debug this issue?
The text was updated successfully, but these errors were encountered: