https://discussion.fedoraproject.org/t/pitch-fido2-keys-with-luks-on-atomic-desktops/111565/10
As of yet, there is not documentation on how to use a FIDO2 key or TPM2 with LUKS for Atomic Desktops. There is an existing article that discusses this on non-atomic desktops:
https://fedoramagazine.org/use-systemd-cryptenroll-with-fido-u2f-or-tpm2-to-decrypt-your-disk/
Therefore, I believe that there should be an article that discusses this, especially since Atomic Desktops are becoming more and more popular.
I would not be able to write this article since I have yet to find the solution. Maybe there is someone that already has the solution that would be able to document it in an article?
Metadata Update from @tffhrtp: - Issue tagged with: needs-image
I can help with testing with FIDO2 keys, I have an abundance. I just don't know what needs to be changed with systemd-cryptenroll and rpm-ostree initramfs
Metadata Update from @tffhrtp: - Issue assigned to tffhrtp
Metadata Update from @tffhrtp: - Custom field preview-link adjusted to https://fedoramagazine.org/use-tpm2-or-fido2-to-decrypt-your-atomic-desktop-disk/
Metadata Update from @tffhrtp: - Custom field preview-link adjusted to https://fedoramagazine.org/?p=40082 (was: https://fedoramagazine.org/use-tpm2-or-fido2-to-decrypt-your-atomic-desktop-disk/)
Metadata Update from @tffhrtp: - Custom field preview-link adjusted to https://fedoramagazine.org/?p=40082&preview=1&_ppp=0b4371d3cf (was: https://fedoramagazine.org/?p=40082)
Blocking issue has been filed on GitHub: https://github.com/fedora-silverblue/issue-tracker/issues/546
Error with rpm-ostree initramfs with arg
@tffhrtp Any update on this article? Still waiting for resolution of your blocking issue?
Metadata Update from @rlengland: - Custom field preview-link adjusted to https://fedoramagazine.org/?p=40082&preview=1 (was: https://fedoramagazine.org/?p=40082&preview=1&_ppp=0b4371d3cf)
@tffhrtp Do you have an update on the status of this article?
@tffhrtp It appears that the blocking issue has still not been closed. Is there any side conversations taking place around this? Any update?
Blocking issue (see above) has been changed to an "enhancement" as of 2 weeks ago.
@tffhrtp what do you see as the status for this article. Given the change of the blocking issue to enhancement will it be appropriate in the future? ( I am not tracking the details so please enlighten me as required.) Thanks.
I think that this would be a great contribution for the Atomic Desktops if someone could add the dracut modules to the upstream configs (https://pagure.io/workstation-ostree-config), test it and update the docs. Then this magazine article would be a "repeat" of the docs (but that's fine, people don't regularly check the docs for update).
Metadata Update from @rlengland: - Assignee reset
Log in to comment on this ticket.