From: david@hardeman.nu 
  
 August 14, 2025 at 11:11 PM, "Luca Boccassi"  wrote: 
 > On Thu, 14 Aug 2025 at 22:08, David H€€rdeman  wrote: 
 > >  I'm not 100% sure, no. I just assumed that cryptsetup didn't support 
 these 
 > >  kinds of keys in the initramfs since it spits out warnings about 
 unrecognised 
 > >  options for e.g. "fido2-device=" cfg options in crypttab when the 
 initramfs 
 > >  is regenerated. But if it's the general consensus that systemd- 
 cryptenroll 
 > >  support is useful in debian-installer, I could certainly look into it... 
 > 
 > cryptsetup supports these keys via the token plugins that get 
 > installed via the systemd-cryptsetup package. It complains about 
 > unknown options, but that can be ignored. 
  
 Ok, I'll have a look...I'm fairly certain it didn't work in the initramfs 
 stage 
 last time I checked, but that was probably 1-2 years ago and I've changed 
 all 
 relevant installations to dracut since... 
  
 > > If it does indeed support it, I'd still need to figure out a way to pass 
 > >  the password/PIN requests from cryptsetup to debconf, like the C utility 
 > >  I wrote (in the branch I linked) for the systemd-style password agent 
 protocol. 
 > > 
 > 
 > At boot? I don't think that is needed? Either the prompt is on the tty 
 > or in plymouth, shouldn't need anything else at boot 
  
 Nevermind, I'm tired, I was thinking of systemd-cryptenroll prompts in d-i, 
 but 
 that won't change depending on the initramfs generator... 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2)