Unlock encrypted root partition via smart card
Support for using OpenPGP Card based smart cards, such as YubiKey and Nitrokey to unlock an encrypted root partition.
Devices such as the Nitrokey Storage 2 can store cryptographic key material in read-only memory, given a LABEL=PASSKEY
.
/media/passkey/.config/cryptsetup/keyring.gpg
/media/passkey/.config/cryptsetup/${KOPT_cryptdm}_cryptkey.gpg
Requires adding gpgsc
to features="..."
in mkinitfs.conf
and adding cryptsc
, and optionally passkeystore
to the kernel command line.