|
|
|
|
|
|
by VTimofeenko
1372 days ago
|
|
|
Yes, there's multiple ways. Systemd offers systemd-cryptenroll that works with FIDO2 and X509 certificates on the hardware key to unlock a drive. The key is embedded as a luks header into the partition. The information about the key and the device is passed to initrd through /etc/crypttab for unlocking during boot. I wrote a couple of posts describing how this can be sort-of-handrolled with nitrokey and gpg key for x509 cert: https://vtimofeenko.com/posts/unlocking-luks2-with-x509-nitr... |
|
|