b997d1115b
Optionally, embedd PKCS#11 token URI and encrypted key in LUKS2 JSON metadata header. That way it becomes very easy to unlock properly set up PKCS#11-enabled LUKS2 volumes, a simple /etc/crypttab line like the following suffices: mytest /dev/disk/by-partuuid/41c1df55-e628-4dbb-8492-bc69d81e172e - pkcs11-uri=auto Such a line declares that unlocking via PKCS#11 shall be attempted, and the token URI and the encrypted key shall be read from the LUKS2 header. An external key file for the encrypted PKCS#11 key is hence no longer necessary, nor is specifying the precise URI to use. |
||
---|---|---|
.. | ||
cryptsetup-generator.c | ||
cryptsetup-keyfile.c | ||
cryptsetup-keyfile.h | ||
cryptsetup-pkcs11.c | ||
cryptsetup-pkcs11.h | ||
cryptsetup.c |