Hi all,
we had a look on how to move from LUKS v1 to LUKS v2 and also how to add
functionality for alternative authentication mechanisms like TPM2 chips
and FIDO devices during the boot process.
While there is no Installer support yet and also no final decision on
how it will be implemented in detail, we already wanted to share the
current status and document what is achievable manually.
For all interested and curious who would like to have a look or want to
directly test it, Antonio Feijoo prepared some
step by step guides at https://en.opensuse.org/SDB:LUKS2,_TPM2_and_FIDO2.
The documentation should work on Tumbleweed and later on openSUSE Leap 15.4.
We would really appreciate any feedback, thoughts, or reports in case
you encounter any issues.
Last but not least, a huge thanks to all involved for the feedback and
support!
Regards and thanks
Benni
--
Benjamin Brunner
Engineering Manager System Boot and Init
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
90409 Nürnberg
Germany
HRB 36809, AG Nürnberg
Geschäftsführer: Ivo Totev