automatically unlock and mount external luks-encrypted partition using security token without requesting passphrase

I have a luks-encrypted partition on a usb flash drive. LUKS key slot 0 contains a passphrase/word. Key slot 1 references a security token (yubikey). When I plug in the flash drive, I want it to automatically unlock, map, and mount the partition using the security token without requesting the passphrase/word. But it always requests the passphrase/word.

This is my setup: A usb flash drive contains 4 partitions. It is not present at boot. The 4th partition is encrypted with LUKS. It contains a btrfs fs. (This is a learning experience. The drive does not contain important data.)

Key slot 0 contains a password. Priority is marked as normal. (Ultimately I intend to remove the password in slot 0, so the security token will be the only way to unlock.)

Key slot 1 references a FIDO2 token (yubikey). Priority is marked as preferred. It does not require a pin.

Key slot 2 will reference a backup token. Not yet installed.

/etc/crypttab contains:

verbatim-p4-luks-09 UUID=xxxxxxxx-...xxx - fido2-device=auto,key-slot=1

CRYPTTAB(5) says: The /etc/crypttab file describes encrypted block devices that are set up during system boot. However, I know that it is also used when plugging in an external drive.

There is no entry in fstab. Distribution is fedora.

This is what I want to happen when I plug in the flash memory (token is already plugged in):

Using the token in slot 1, request a touch on the key, then automatically unlock the partition, map it with the name from crypttab, then mount it at /run/media/<me>/whatever. (Later I will insert a line in fstab to specify a mountpoint.)

This is what actually happens: It requests a passphrase/word.

If I enter the password specified in slot 1, then it unlocks the partition, maps it with the name from crypttab, then mounts it at /run/media/<me>/whatever. (The mapping and mounting are what I want, but I don't want it to request a password.)

sudo dmsetup ls

No devices found

PLUG IN DEVICE AND ENTER PASSWORD

sudo dmsetup ls

verbatim-p4-luks-09 (252:0)

mount | grep verbatim

/dev/mapper/verbatim-p4-luks-09 on /run/media/<me>/xxxxxxxx...xx type btrfs (rw,other options)

If I cancel the password request, the open fails. I can then open it with cryptsetup open and mount it with mount. (Or mount -a after I insert an entry in fstab.)

sudo dmsetup ls

No devices found

PLUG IN DEVICE, CANCEL PW REQUEST. OPEN FAILS

sudo cryptsetup open --type luks /dev/sda4 verbatim-p4-luks-09

Asking FIDO2 token for authentication.

👆 Please confirm presence on security token to unlock.

TOUCH KEY

sudo dmsetup ls

verbatim-p4-luks-09 (252:0)

sudo mount /dev/mapper/verbatim-p4-luks-09 /mnt

mount | grep verbatim

/dev/mapper/verbatim-p4-luks-09 on /mnt type btrfs (rw,other options)

Some things I have tried or thought about:

(-1) I need to intercept the "hot plug" and get it to issue a cryptsetup open and mount before it requests the password.

(0) I tried removing the password from slot 0. It still requests a passphrase/word (I must cancel the request), so it seems the "hot plug" software does not look at the LUKS data at this point.

(1) I tried an fstab entry, but no success. I tried an entry for /dev/sda4 (using its UUID), and specifying the type as crypto_LUKS, but a message said it was an unknown type, even though mount identified the partition as crypto_LUKS.

(2) Maybe a udev noscript could mount it. But I think it should be achievable without going down that path, just by getting the right options in the luks slots, crypttab, and maybe fstab.

(3) Maybe a systemd definition?

(4) Can dmsetup achieve anything?

(5) Can systemd-cryptsetup achieve anything? It can attach the device, but I think cryptsetup open does that. How to invoke the attach automatically?

This is a long post. Sorry you have so much to absorb. I'm not sure how much is relevant. Thank you for investing the time to read it.

Maemo Leste - 2025 Daedalus release
https://maemo-leste.github.io/maemo-leste-2025-daedalus-release.html

https://redd.it/1osbhiv
@r_linux

Consolidated archive or torrent of many of the useful, stable, and popular versions of Debian or similar highly versatile distros?

Kind of a strange use case, but a friend and I are creating bug-out data cache hard drives for possible apocalyptic scenarios, and we're wondering if there's a way we can download or torrenr them all at once instead of needing to pick and choose them all.


I should clarify, we intend to use these on scavenged computers, including everything from consumer tech to embedded systems and computerized appliances like cash registers and order systems. So older 32 bit versions from the 90s and early 2000s are just as important.

We also intend on archiving Windows XP and 7 for our data caches.

https://redd.it/1osb1jv
@r_linux

A Lost Unix Treasure: Fourth Edition Tape Finally Found
https://ponderwall.com/index.php/2025/11/09/unix-lost-tape/

https://redd.it/1osi8wp
@r_linux

What happened to Unix Stickers?

In the 2010s Sticker Mule offered Unix Sticker Packs for just 1$ per package.
I am out of stickers and wanted to order a new pack today and just realized that sticker mule now does not offer these packages anymore and instead wants to have 5$(!!) for each sticker (completely insane, considering that you would get a full package for just a dollar back then).

Do you know about any other good shop that offers open source / technology / linux stickers in good quality?

https://redd.it/1oslr3j
@r_linux

wayland global positioning

If I understand things correctly, most steam games current rely on xwayland or a compositor specific feature to position their window on the user's preferred monitor, while in a wayland-only scenario the wayland devs prefer to have it open randomly, and the application should be able to be resized without any error, despite the fact that I always want it to open on my preferred monitor

Been reading some of the current discussion over the wayland protocols related to global positioning, e.g. https://gitlab.freedesktop.org/wayland/wayland-protocols/-/merge\_requests/264, though it gets into some other discussions about multi-window apps that need to move their windows dynamically around the screen. Some of the sentiment that I'm getting is that some, not all, of the waylands devs want to remove the idea of global positioning at all costs, even if it breaks existing UI paradigms that are still in use and are thriving over on windows and macos. Some of the cross-platform toolkits have their own devs in the discussion, like SDL, and tbh I would feel frustrated in their position too because if I had to support windows, macos, and linux/wayland, I honestly feel like there would be no other way to handle this besides just saying, "the user experience on wayland is borked and is impossible to fix on our end"

Why is it not impossible to provide a protocol that implements global positioning, and then leave it up to the compositors if they want to support it in the first place? I feel like that would leave applications functioning correctly on regular desktop setups, while giving other setups like VR the choice to say, hey, we don't support global positioning because it literally makes no sense here. Reading these wayland discussions is honestly maddening

https://redd.it/1osqmy4
@r_linux

How screwed am I?

Inherited a non-boot system from a cnc machine

custom linux distro (heros5) unknown based on?
legacy bios, not efi
no installation source

(supposedly) machine was shutdown without drive shutting down successfully, came up with errors. drive was placed in another machine, who knows what then returned to cnc machine non-boot., incorrect signatures

forensic recovery pulled up a deleted partition which corrected one set of errors.

spent days going through grub repair. looks as if all the files and directories, etc. are there

finally get it to boot to a kernel panic.

able to try anything as I'm working off cloned drive.
have attempted live environments, no success
fsck seems to checkout

Hopefully someone will have a better solution than me repeating myself.
Any help appreciated Thanks in advance

panic at the kernel



https://redd.it/1osthy3
@r_linux

UxPlay and iOS hotspot

UxPlay works flawlessly in my home network and I can mirror the screen of an iPad on my Debian laptop.

However, when the two devices (iPad and Debian laptop) are connected to the hotspot of my iPhone, UxPlay does not work.

I guess this has to do with the default settings of the iOS hotspot, any idea how to circumvent the problem?

https://redd.it/1osozv5
@r_linux

What makes a Linux Distribution good for you?

Just want personal opinions, to see how the Linux community views each distribution differently, and what unites the Linux community together. Please answer with honesty and your own opinion. Include qualities such as “ease of use/security/customizability/CLI/GUI/etc.” And include a distro example!

Thank you!

https://redd.it/1osvkuh
@r_linux

What is the best Linux I can install on my old MacBook Pro (13-inch, Mid 2009)?

That's it. What is the best Linux I can install on my old MacBook Pro (13-inch, Mid 2009)? I love that old school laptop and it has a MacOs installed, decent, but wanted to know if I could install a really fast Linux so get better juice from it.

The Mac has an SSD 250 kingston upgraded.

2.53GHz Intel Core 2 Duo processor with 3MB on-chip shared L2 cache running 1:1 with processor speed.

4GB (two 2GB SO-DIMMs) of 1066MHz DDR3 memory.

NVIDIA GeForce 9400M graphics processor with 256MB of DDR3 SDRAM shared with main memory.


Thank you.

https://redd.it/1osytkf
@r_linux

nvidia libdrm support

(This is a bit of a technical post, bear with me)

I recently stumbled upon this post from august 2022:

https://developer.nvidia.com/docs/drive/drive-os/archives/6.0.4/linux/sdk/common/topics/window\_system\_stub/libdrmSupport12.html

It says there that libdrm is *not* implemented on top of the drm-kms driver. This seems odd (or outdated) to me, since nvidia's drivers have a drm kernel module and the kernel module was open-sourced a while back. Is this still current? I'm currently reading up on the linux graphic stack.

https://redd.it/1oszply
@r_linux

Reminder that Linux is AMAZING for your old systems!
https://redd.it/1ot21gq
@r_linux

The Linux conversion is complete
https://redd.it/1ot22n5
@r_linux

Any distros that are lightweight and can run on a Chromebook without issues? I just installed Lubuntu and my 16 GB of space is already full.
https://redd.it/1ot44sa
@r_linux

Linux 6.18-rc5 Released: "Small And Boring"
https://www.phoronix.com/news/Linux-6.18-rc5-Released

https://redd.it/1ot513m
@r_linux

Hibernate mode is being abandoned by most Distros. Why?

Does this have to do with security issues? If so, why not just encrypt the SWAP partition? I saw that Fedora leans more toward ZRAM, but as I understand it's not an alternative to hibernate. Wouldn't hibernate be helpful for battery quick drain (which is a known problem on many laptops)?

https://redd.it/1ot8rah
@r_linux

From Gtk+libadwaita to Qt+KDE Frameworks: Easyeffects rewrite
https://github.com/wwmm/easyeffects

https://redd.it/1ot9xcl
@r_linux

The airplane’s passenger screen infront of me was running Linux code mid flight, which seemed abit unusual to me
https://streamable.com/4l8l8j

https://redd.it/1ota5o3
@r_linux

Based on a true story
https://redd.it/1otc42y
@r_linux

The Linux Kernel Looks To "Bite The Bullet" In Enabling Microsoft C Extensions
https://www.phoronix.com/news/Linux-6.19-Patch-Would-MS-Ext

https://redd.it/1otdo8h
@r_linux