[Bug 1983784] Re: LUKS-encrypted partition is not automatically unlocked at boot with fido2 key

jean-christophe manciot 1983784 at bugs.launchpad.net
Fri Aug 12 13:21:55 UTC 2022 

More details about this issue:

libfido2-1: 1.10.0-1

Errors during the boot process:
Failed to open FIDO2 device /dev/hidraw5: FIDO_ERR_INTERNAL
or sometimes
Failed to open FIDO2 device /dev/hidraw5: FIDO_ERR_RX

even though:
- the FIDO2 device is plugged into the usb port the whole time
- such errors do not happen when the partition is manually unlocked **after** I have logged in as shown in my first post.

** Summary changed:

- LUKS-encrypted partition is not automatically unlocked at boot with fido2 key
+ LUKS-encrypted partition is not automatically unlocked during the boot process with a fido2 key

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1983784

Title:
  LUKS-encrypted partition is not automatically unlocked during the boot
  process with a fido2 key

Status in systemd package in Ubuntu:
  New

Bug description:
  ubuntu 22.04
  systemd 249.11-0ubuntu3.4

  The partition is encrypted with luks2 and a fido2 key has been enrolled.with:
  systemd-cryptenroll --fido2-device=auto /dev/<device>

  /etc/crypttab has been setup with:
  <target_name> LABEL=<label> none fido2-device=auto

  /etc/fstab has been setup with:
  /dev/mapper/<target_name> /media/<folder> ext4 defaults,nofail 0 0

  After the boot is complete, the partition has not been unlocked
  despite the fido2 key being present during the whole boot process.

  Also, a manual unlock works with:
  /lib/systemd/systemd-cryptsetup attach <target_name> /dev/<device> none fido2-device=auto
  Set cipher aes, mode xts-plain64, key size 256 bits for device /dev/<device>
  Automatically discovered security FIDO2 token unlocks volume.
  Asking FIDO2 token for authentication.
  👆 Please confirm presence on security token to unlock.

  How to automatically unlock the partition at boot?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1983784/+subscriptions

More information about the foundations-bugs mailing list