On Thu, Aug 24, Gary Lin via openSUSE Factory wrote:
On Thu, Aug 24, 2023 at 09:01:12AM +0200, Felix Niederwanger wrote:
See e.g. https://www.guyrutenberg.com/2022/02/17/unlock-luks-volume-with-a-yubikey/
In the article, the author is using 'systemd-cryptenroll' to secure the LUKS key with the FIDO2 token. Unfortunately, this only works in the userspace, i.e. after the linux kernel is loaded, and those FIDO2 tools are not accessible to grub2.
That's why we have: https://en.opensuse.org/Systemd-boot With the pre-built MicroOS image it should be easy to add FIDO2 support as described in that article. Disadvantage: only UEFI systems are supported. systemd-boot support is on the way into yast2-bootloader to make the setup easier, FIDO2 support is on the wishlist, help is always welcome :) Thorsten -- Thorsten Kukuk, Distinguished Engineer, Senior Architect, Future Technologies SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nuernberg, Germany Managing Director: Ivo Totev, Andrew McDonald, Werner Knoblich (HRB 36809, AG Nürnberg)