Public bug reported: On clean new installation of Ubuntu 24.04 the yubikey-luks initramfs unlock script does not work (load).
after installation of yubikey-luks (sudo apt-get install yubikey-luks -y, no errors) I am able to enroll yubi keys in key slots. (both for default system partition (/dev/nvme0n1p3), and for external USB pen drive I used for test /dev/sda3) with yubikey-luks-enroll command. I am able to use yubikey-luks-open for external pendrive (/dev/sda3) I used for testing. So making key slots and using chalange-responses from yubi keys definitely works. However after reboot of system OS in LUKS unlock screen, no yubikey-luks welcome text is shown and unlock for keyslots containing enrolled keys are not working. Only those I made with luksAddKeys and therefore with passwords only are working. It indicates yubikey-luks isn't started for some reason. I am using same laptop as for previous 18.04-23.10 where everything worked ok. (Dell XPS 13 9350 and one extra system for testing) This did not work first time (depending on automatically add keyscript to crypttab - that worked for me before) Did not work after manual sudo update-initramfs -u Did not work after adding to /etc/crypttab cryptroot /dev/nvme0n1p3 none luks,keyscript=/usr/share/yubikey-luks/ykluks-keyscript and doing sudo update-initramfs -u again. Did not work after passing os option to GRUB (cryptoptions=target=cryptroot,source=/dev/nvme0n1p3,keyscript=/sbin/ykluks- keyscript Both yubikeys NFC5c I have are initialized for ch-response (ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api- visible) Bug also reported here: https://github.com/cornelinux/yubikey- luks/issues/95 This bug means no 2FA LUKS unlocking for 24.04 ** Affects: yubikey-luks (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2075568 Title: yubikey-luks initramfs unlock script does not load on Ubuntu 24.04 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/yubikey-luks/+bug/2075568/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
