[Bug 1983784] Re: LUKS-encrypted partition is not automatically unlocked during the boot process with a fido2 key

[Nick Rosbrook]

** Package changed: systemd (Ubuntu) => libfido2 (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1983784

Title:
  LUKS-encrypted partition is not automatically unlocked during the boot
  process with a fido2 key

Status in libfido2 package in Ubuntu:
  New

Bug description:
  ubuntu 22.04
  systemd 249.11-0ubuntu3.4

  The partition is encrypted with luks2 and a fido2 key has been enrolled.with:
  systemd-cryptenroll --fido2-device=auto /dev/<device>

  /etc/crypttab has been setup with:
  <target_name> LABEL=<label> none fido2-device=auto

  /etc/fstab has been setup with:
  /dev/mapper/<target_name> /media/<folder> ext4 defaults,nofail 0 0

  After the boot is complete, the partition has not been unlocked
  despite the fido2 key being present during the whole boot process.

  Also, a manual unlock works with:
  /lib/systemd/systemd-cryptsetup attach <target_name> /dev/<device> none fido2-device=auto
  Set cipher aes, mode xts-plain64, key size 256 bits for device /dev/<device>
  Automatically discovered security FIDO2 token unlocks volume.
  Asking FIDO2 token for authentication.
  👆 Please confirm presence on security token to unlock.

  How to automatically unlock the partition at boot?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libfido2/+bug/1983784/+subscriptions