Yubikey LUKS FIDO2

dilute886 · February 12, 2025, 6:28pm

Hi folks!

I’m trying to get my yubikey to unlock the luks encrypted nvme at boot time, as opposed to using a password.

But I cannot find systemd-cryptenroll anywhere on the system. Pardon my lack of knowledge in Linux: does anyone know why systemd v257 running debian trixie/sid on the pocket reform does not have systemd-cryptenroll, and how to get it? I know there are other ways, like using cryptsetup, but I think cryptsetup does not support FIDO2 like systemd-cryptenroll does.

Thanks!!

mountain · February 12, 2025, 6:33pm

According to this thread it is now in the systemd-cryptsetup package.

invictvs · June 17, 2026, 2:41am

Hi there,

A few months ago (February 2026), I encrypted my boot drive (1TB NVMe) with my YubiKey. Everything worked perfectly, and now during boot, my MNT Reform asks for the YubiKey PIN if the key is plugged in, or a passphrase if it’s not—and LUKS handles the rest. It’s my workhorse these days.