Ubuntu
systemd package

systemd-cryptenroll does not support PKCS#11 tokens

Bug #1983758 reported by jean-christophe manciot
28
This bug affects 6 people
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

linux 5.19.0-13-generic #13-Ubuntu SMP PREEMPT_DYNAMIC Thu Jul 28 15:28:43 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
systemd 249.11-0ubuntu3.4

ykman piv keys generate --algorithm ECCP256 9a pubkey.pem
Enter a management key [blank to use default key]:

ykman piv certificates generate --subject "PKCS#11" 9a pubkey.pem
Enter a management key [blank to use default key]:
Enter PIN: ******

systemd-cryptenroll --pkcs11-token-uri=auto /dev/sda5
PKCS#11 tokens not supported on this build.

where /dev/sda5 is luks-encrypted.

Revision history for this message
jean-christophe manciot (manciot-jeanchristophe) wrote :

Same issue if I use the slot 9d instead of 9a.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in systemd (Ubuntu):
status: New → Confirmed
Revision history for this message
livelace (k-a2min-2) wrote (last edit ):

Gosh, I've been using PKCS11 unlocking since Systemd 248 on my Gentoo host.
But on Ubuntu 22.04 it still doesn't work (-P11KIT):

/usr/bin/systemd-cryptenroll --version
systemd 249 (249.11-0ubuntu3.6)
+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified

Revision history for this message
Nick Rosbrook (enr0n) wrote :

p11kit is enabled in Lunar and newer, but I don't think this will be SRU'd to Jammy.

Changed in systemd (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.