Bug#1114764: ITP: fido2luks -- Unlock LUKS volumes at boot time using a FIDO2 token

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1114764: ITP: fido2luks -- Unlock LUKS volumes at boot time using a FIDO2 token
From: Alberto Garcia <berto@igalia.com>
Date: Tue, 09 Sep 2025 15:59:25 +0200
Message-id: <[🔎] 175742636501.205627.9421262787241095331.reportbug@zeus.local>
Reply-to: Alberto Garcia <berto@igalia.com>, 1114764@bugs.debian.org

Package: wnpp
Severity: wishlist
Owner: Alberto Garcia <berto@igalia.com>
X-Debbugs-Cc: debian-devel@lists.debian.org

* Package name    : fido2luks
  Version         : 0.0.3
  Upstream Contact: Alberto Garcia <berto@igalia.com>
* URL             : https://github.com/bertogg/fido2luks
* License         : GPL-2+
  Programming Lang: POSIX shell
  Description     : Unlock LUKS volumes at boot time using a FIDO2 token

fido2luks is an extension to initramfs-tools to unlock LUKS-encrypted
disks at boot time using a FIDO2 token.

It is designed for LUKS volumes where a FIDO2 token was enrolled using
systemd-cryptenroll --fido2-device.

 ---

Additional info:

systemd allows unlocking LUKS volumes with a FIDO2 token such as the
Nitrokey, YubiKey, etc.

However for full disk encryption scenarios there is currently no way
in Debian to do it at boot time with initramfs-tools, as many users
have noted. The solution involves switching to dracut, and there are a
few tutorials available on the web.

This package provides a simple shell script that can do the job
without having to switch the initramfs implementation.

Reply to:

Prev by Date: Bug#1114760: O: systemtap -- instrumentation system for Linux
Next by Date: Bug#1114770: ITP: neutron-ipv6-bgp-injector -- OpenStack Neutron IPv6 /128 BGP injector
Previous by thread: Bug#1114760: O: systemtap -- instrumentation system for Linux
Next by thread: Bug#1114770: ITP: neutron-ipv6-bgp-injector -- OpenStack Neutron IPv6 /128 BGP injector
Index(es):
- Date
- Thread