I’m trying to figure out the things required to use my Yubikey to decrpyt my LUKS root filesystem. As I understand it, dom0 in 4.1.1 doesn’t have the functions require in cryptsetup. It looks like systemd in Fedora 36 added systemd-cryptenroll, which I see in the Fedora guests. Has anyone attempted to get the required utilities to make this work in to dom0, which is based on Fedora 32 I believe.
I see Qubes 4.2 is going to base dom0 on Fedora 37, which should have all the tools, but I can’t seem to find any kind of iso nightly builds for 4.2.
I’ve worked through getting my Yubikey working for auth, but it would be very nice to get the LUKS functionality in there as well.
AFAIK if you are looking toward this for convenience/ease-of-use to avoid entering your pass phrase for LUKS with a single Yubi, IIRC it’s (currently) not possible.
Not necessarily. I’m using Purism laptop with a librem key. I’m trying to use a second key, the Yubikey, to do a challenged-response to decrypt the root fs.
