Skip to content

Unlock encrypted root partition via smart card

Lucid One requested to merge Lucid/mkinitfs:l1/gpg-smart-card into master

Support for using OpenPGP Card based smart cards, such as YubiKey and Nitrokey to unlock an encrypted root partition. Devices such as the Nitrokey Storage 2 can store cryptographic key material in read-only memory, given a LABEL=PASSKEY.

/media/passkey/.config/cryptsetup/keyring.gpg
/media/passkey/.config/cryptsetup/${KOPT_cryptdm}_cryptkey.gpg

Requires adding gpgsc to features="..." in mkinitfs.conf and adding cryptsc, and optionally passkeystore to the kernel command line.

Merge request reports