Is there anyone who has used systemd-cryptentroll with a yubikey, either in dom0 for the main luks partition or on external drives? Could that be done with u2f_proxy?
The official YubiKey guide doesn’t talk about pam_u2f, but that should work fine with u2f_proxy since it doesn’t use the hmax secret ? It should be safer and easier to use, and the keys are cheaper.
I am not interested in using the yubikey for web auth but rather for encryption of drives and system auth. I am struggling to figure out if this makes sense for Qubes OS right now from a security and usability point of view.
Please do share your opinion or experience with this!