sudo systemd-cryptenroll --fido2-device=auto /dev/sdXn
# Test: Let's run systemd-cryptsetup to test if this worked.
-sudo systemd-cryptsetup attach mytest /dev/sdXn - fido2-device=auto
+sudo systemd-cryptsetup attach mytest /dev/sdXn none fido2-device=auto
# If that worked, let's now add the same line persistently to /etc/crypttab,
# for the future. We do not want to use the (unstable) /dev/sdX name, so let's
udevadm info -q symlink -r /dev/sdXn
# Now add the line using the by-uuid symlink to /etc/crypttab:
-sudo bash -c 'echo "mytest /dev/disk/by-uuid/... - fido2-device=auto" >>/etc/crypttab'
+sudo bash -c 'echo "mytest /dev/disk/by-uuid/... none fido2-device=auto" >>/etc/crypttab'
# Depending on your distribution and encryption setup, you may need to manually
# regenerate your initramfs to be able to use a FIDO2 device to unlock the
<para>In order to unlock a LUKS2 volume with an enrolled PKCS#11 security token, specify the
<option>pkcs11-uri=</option> option in the respective <filename>/etc/crypttab</filename> line:</para>
- <programlisting>myvolume /dev/sda1 - pkcs11-uri=auto</programlisting>
+ <programlisting>myvolume /dev/sda1 none pkcs11-uri=auto</programlisting>
<para>See
<citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry> for a
<para>In order to unlock a LUKS2 volume with an enrolled FIDO2 security token, specify the
<option>fido2-device=</option> option in the respective <filename>/etc/crypttab</filename> line:</para>
- <programlisting>myvolume /dev/sda1 - fido2-device=auto</programlisting>
+ <programlisting>myvolume /dev/sda1 none fido2-device=auto</programlisting>
<para>See
<citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry> for a
<para>In order to unlock a LUKS2 volume with an enrolled TPM2 security chip, specify the
<option>tpm2-device=</option> option in the respective <filename>/etc/crypttab</filename> line:</para>
- <programlisting>myvolume /dev/sda1 - tpm2-device=auto</programlisting>
+ <programlisting>myvolume /dev/sda1 none tpm2-device=auto</programlisting>
<para>See
<citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry> for a
sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/sdXn
# Test: Let's run systemd-cryptsetup to test if this worked.
-sudo systemd-cryptsetup attach mytest /dev/sdXn - tpm2-device=auto
+sudo systemd-cryptsetup attach mytest /dev/sdXn none tpm2-device=auto
# If that worked, let's now add the same line persistently to /etc/crypttab,
# for the future. We do not want to use the (unstable) /dev/sdX name, so let's
udevadm info -q symlink -r /dev/sdXn
# Now add the line using the by-uuid symlink to /etc/crypttab:
-sudo bash -c 'echo "mytest /dev/disk/by-uuid/... - tpm2-device=auto" >>/etc/crypttab'
+sudo bash -c 'echo "mytest /dev/disk/by-uuid/... none tpm2-device=auto" >>/etc/crypttab'
# And now let's check that automatic unlocking works:
sudo systemd-cryptsetup detach mytest
sudo systemd-cryptenroll --pkcs11-token-uri=auto /dev/sdXn
# Test: Let's run systemd-cryptsetup to test if this all worked.
-sudo systemd-cryptsetup attach mytest /dev/sdXn - pkcs11-uri=auto
+sudo systemd-cryptsetup attach mytest /dev/sdXn none pkcs11-uri=auto
# If that worked, let's now add the same line persistently to /etc/crypttab,
# for the future. We do not want to use the (unstable) /dev/sdX name, so let's
udevadm info -q symlink -r /dev/sdXn
# Now add the line using the by-uuid symlink to /etc/crypttab:
-sudo bash -c 'echo "mytest /dev/disk/by-uuid/... - pkcs11-uri=auto" >>/etc/crypttab'
+sudo bash -c 'echo "mytest /dev/disk/by-uuid/... none pkcs11-uri=auto" >>/etc/crypttab'
# Depending on your distribution and encryption setup, you may need to manually
# regenerate your initramfs to be able to use a Yubikey / PKCS#11 token to
projects / thirdparty / systemd.git / commitdiff
