Gosh, I've been using PKCS11 unlocking since Systemd 248 on my Gentoo host. But on Ubuntu 22.04 it still doesn't work (-P11KIT):
/usr/bin/systemd-cryptenroll --version systemd 249 (249.11-0ubuntu3.6) +PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1983758 Title: systemd-cryptenroll does not support PKCS#11 tokens Status in systemd package in Ubuntu: Confirmed Bug description: linux 5.19.0-13-generic #13-Ubuntu SMP PREEMPT_DYNAMIC Thu Jul 28 15:28:43 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux systemd 249.11-0ubuntu3.4 ykman piv keys generate --algorithm ECCP256 9a pubkey.pem Enter a management key [blank to use default key]: ykman piv certificates generate --subject "PKCS#11" 9a pubkey.pem Enter a management key [blank to use default key]: Enter PIN: ****** systemd-cryptenroll --pkcs11-token-uri=auto /dev/sda5 PKCS#11 tokens not supported on this build. where /dev/sda5 is luks-encrypted. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1983758/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
