This article describes how to use YubiKeys for FIDO2-based Full Disk Encryption (FDE) on NixOS. The keys can be used as single-factor authentication devices or in combination with a pin. Throughout this guide, names surrounded by < > characters are used as placeholders, replace them with the appropriate values. Preparations Installer Get a minimal ISO image and boot it. Switch to the root user. sudo -i Optionally, change the keyboard layout. ...
Note: I have found a different approach to achieve the same thing as described in this post. It is, in my experience, both easier to configure, more reliable, and easier to maintain. This article describes how to set up YubiKey-based Full Disk Encryption (FDE) on NixOS. The YubiKeys are used as single-factor authentication devices and allow the system to automatically decrypt the disk during boot without user interaction, as long as a key is plugged in. ...
Quick guide for creating and using FIDO2 resident keys for ssh authentication. Verified working on YubiKey 5 Series keys. Prerequisites Make sure the ssh-agent is running: eval "$(ssh-agent -s)" Generate a new ssh key on a YubiKey ssh-keygen -t ed25519-sk -O resident -C "[email protected]" Temporarily add key to a computer This adds the key to the ssh agent and it will continue working until the computer is rebooted, after which it must be readded. ...