LUKS unlock method priority #2539
Unanswered
Arbel-arad
asked this question in
Q&A
Replies: 1 comment 1 reply
-
I think your issue is related to systemd, not to dracut. Anyway:
The order is defined by systemd: https://github.com/systemd/systemd/blob/d203e5e008eaf5cfc040407646535ee47b4bc9c1/src/cryptsetup/cryptsetup.c#L2011-L2022 |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
my setup:
i have two LUKS partitions: cryptroot and cryptswap.
they are both configured to unlock with TPM2 automatically on boot, but they also have a FIDO2 key enrolled as a backup.
the issue:
when i boot the system normally everything works fine and i get to the login screen without any intervention, but if the FIDO key is plugged in while booting the system would try to use it first instead of the TPM, thus getting stuck if there is no user present to verify it.
i would like a way to set which keyslot gets used first so the TPM is always tried before switching to the backup.
Beta Was this translation helpful? Give feedback.
All reactions