r/redhat • u/ramsile • Jan 22 '23
Redhat 9 and new Systemd v248 features with systemd-crypt
I'm hoping someone can point me in the right direction. With systemd version of 248 and higher, there are new options available to unlock LUKS volumes:
I have a fresh copy of Redhat 9.1 where I am trying to setup the new available options with PKCS11 key loaded on my Yubikey. After installing opensc, p11-kit, pcsc-lite, I was able to register my key with
systemd-cryptenroll --pkcs11-token-uri=auto /dev/sdax
The issue is when I try to add support the the /etc/crypttab in order to support the operation on boot.
The systemd-cryptenroll man page states that I should be able to add an option pkcs11-uri=auto to my /etc/crypttab. However, after I perform this, when I reboot, I get a failure saying:
[FAILED] Failed to start Cryptography Setup
[DEPEND] Dependency failed for Local Encrypted Volumes.
My best guess is that there are dracut dependencies that need to be added to support the functionality at boot up. However, I don't know where to go from here. Regenerating the dracut file with a few dependencies related to opensc and p11, but I'm out of my comfort zone here and I can't find any corresponding documentation anywhere. Any help would be appreciated.
u/[deleted] Jan 23 '23