Unlock encrypted root partition via smart card (!134) · Merge requests · alpine / mkinitfs

Lucid One requested to merge Lucid/mkinitfs:l1/gpg-smart-card into master Oct 10, 2023

Support for using OpenPGP Card based smart cards, such as YubiKey and Nitrokey to unlock an encrypted root partition. Devices such as the Nitrokey Storage 2 can store cryptographic key material in read-only memory, given a LABEL=PASSKEY.

/media/passkey/.config/cryptsetup/keyring.gpg
/media/passkey/.config/cryptsetup/${KOPT_cryptdm}_cryptkey.gpg

Requires adding gpgsc to features="..." in mkinitfs.conf and adding cryptsc, and optionally passkeystore to the kernel command line.

Unlock encrypted root partition via smart card

Merge request reports