Librem 5 LUKS Status

As Byzantium for Librem5 is coming closer:
Is there an update regarding LUKS with an individual key?

May be also with support for the Smartcard?

2 Likes

i think Byzantium will ship with luks by default at some point. Meanwhile I wrote this tutorial into how to manually enable and use luks encryption. its not an ideal method yet, but good enough to test. it also shows with confidence that sooner than later it will work natively

2 Likes

But there is still the issue left that its not using unique keys, correct?

And no smartcard support for decrypting instead of the password.

thats correct, hence the “not ideal” method.
at the bottom of the tutorial i hint at two possible methods to generate our own keys, like using the jumpdrive, would be great if someone takes it forward from there. otherwise hoping byzantium will bring native luks very soon!

I also wanted the smartcard feature and found a way to unlock Luks with a smartcard on the PinePhone with Mobian. Although this is not PureOS, both are Debian distros and in general it should work with the Librem 5 too. I’ve modified the script from Purism to automate the configuration. Fell free to have a look at https://github.com/sam-m7/smartcard-luks-osk.

As I’ve only tested it on the PinePhone (don’t have my Librem 5 yet) and you might need to add other kernel modules to the initramfs on a Librem 5 I wouldn’t recommend to just execute it, if you’re not feeling ok with reinstalling the OS and loosing all the data stored on the phone.

5 Likes

I just reencrypted my LUKS partition and posted the steps in the Tutorial post

3 Likes

I would assume that the following needs to be integrated in the initramfs for your smartcard-luks-osk script in one way or another:

Thats a part from here:

1 Like