LUKS-encrypted partition is not automatically unlocked during the boot process with a fido2 key
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libfido2 (Ubuntu) |
Fix Released
|
Medium
|
Colin Watson |
Bug Description
ubuntu 22.04
systemd 249.11-0ubuntu3.4
The partition is encrypted with luks2 and a fido2 key has been enrolled.with:
systemd-cryptenroll --fido2-device=auto /dev/<device>
/etc/crypttab has been setup with:
<target_name> LABEL=<label> none fido2-device=auto
/etc/fstab has been setup with:
/dev/mapper/
After the boot is complete, the partition has not been unlocked despite the fido2 key being present during the whole boot process.
Also, a manual unlock works with:
/lib/systemd/
Set cipher aes, mode xts-plain64, key size 256 bits for device /dev/<device>
Automatically discovered security FIDO2 token unlocks volume.
Asking FIDO2 token for authentication.
👆 Please confirm presence on security token to unlock.
How to automatically unlock the partition at boot?
affects: | systemd (Ubuntu) → libfido2 (Ubuntu) |
Changed in libfido2 (Ubuntu): | |
importance: | Undecided → Medium |
Thank you for taking the time to report this bug and helping to make Ubuntu better. Please execute the following command only once, as it will automatically gather debugging information, in a terminal:
apport-collect 1983784
When reporting bugs in the future please use apport by using 'ubuntu-bug' and the name of the package affected. You can learn more about this functionality at https:/ /wiki.ubuntu. com/ReportingBu gs.