I'm trying to install now Ubuntustudio 20.10 for a good while now, but
don't get the intended result:
- I want it fully encrypted (works)
- I want to use a Yubikey for the passphrase (works, but...)
I'd like to use the Yubikey in challenge/response mode so that I can
type in a short password, and the Yubikey turns this into a strong one
that is used to unlock the luks container.
The problem now is that I'm asked for the passphrase twice: once in a
black screen with white text, then a second time in a nice gui.
The first time I cannot use the Yubikey. I have to type in a passphrase
that works as it is. During setup I have a short passphrase in slot 0 of
the luks container to make setup easier. So I type in this easy phrase,
and then boot process moves on.
The second time the password dialog shows I can type in my Yubikey
challenge. This is sent to the YK, the green LED blinks, and the boot
Of course this is annoying:
- I don't want to be asked twice for a password
- I don't want to have a short typable password for the luks container
My guess is that this comes from /boot being inside the luks container,
while with 20.04, /boot was on a separate non-encrypted partition. But I
cannot find a way to make /boot a separate partition during setup.