[systemd-devel] Ordering units and targets with devices
Lennart Poettering
lennart at poettering.net
Thu Aug 25 12:22:48 UTC 2022
On Do, 25.08.22 10:50, Michael Cassaniti (michael at cassaniti.id.au) wrote:
> It seems to be somewhat more complicated than that, and perhaps it has more
> to do with my setup. Here's my /etc/crypttab which just might explain a bit:
>
> # Mount root and swap
> # These will initially have an empty password
> root /dev/disk/by-partlabel/root - fido2-device=/dev/yubico-fido2,token-timeout=0,try-empty-password=true,x-initrd.attach
> swap /dev/disk/by-partlabel/swap - fido2-device=/dev/yubico-fido2,token-timeout=0,try-empty-password=true,x-initrd.attach
>
> I think the fact that both of these get setup at boot and will concurrently
> try to access the FIDO2 token is causing issues. That crypttab is included
> in the initrd.
There was an issue with concurrent access to FIDO2 devices conflicting
with each other. This was addressed in libfido2 though, it will now
take a BSD lock on the device while talking to it, thus synchronizing
access properly.
See this bug:
https://github.com/systemd/systemd/issues/23889
Maybe it's sufficient to update libfido2 on your system?
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list