Bug#1023700: cryptsetup: Option fido2-device unknown

Peter Wienemann Tue, 08 Nov 2022 12:06:38 -0800

Package: cryptsetup
Version: 2:2.5.0-6
Severity: normal

Dear maintainer,


inspired by [0] I am trying to unlock a LUKS volume using a FIDO2 token
on a system running bookworm/testing using systemd 252-2.

The relevant line in /etc/crypttab looks like this:

--------------------------------------------------------------------
rootfs  /dev/nvme0n1p3  none    luks,discard,fido2-device=auto
--------------------------------------------------------------------

After running

    systemd-cryptenroll --fido2-device=auto /dev/nvme0n1p3

and adding the "fido2-device=auto" option in /etc/crypttab, I obtain the
following warning during updating the initramfs image:

--------------------------------------------------------------------
cryptsetup: WARNING: rootfs: ignoring unknown option 'fido2-device'
--------------------------------------------------------------------

As a result, it comes as no surprise that unlocking the volume using the
FIDO2 token does not work as desired.

Best regards,

Peter

[0] 
https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html

Bug#1023700: cryptsetup: Option fido2-device unknown

Reply via email to