Vincent43

I don't know if I understand this correctly - dmidecode reads specification of your laptop and hashes it. Reading this information is available for anyone who has access to your...

So the LUKS partition is on external SSD and laptop is only needed as _unlocker_? Recent [systemd-cryptenroll](https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html) support unlocking LUKS with TPM2 module which you may find interesting.

Yes uuid is changeable so there will be significant risk of locking out user from the data.

You have to open [bug report](https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=yubikey-luks) in debian. Package is maintained by different person not affiliated with github repo.

Are the other files like `sbin/ykluks-keyscript` and `etc/ykluks.cfg` correctly copied? What yubikey-luks version do you use? The newest one [need slight modifications of /etc/crypttab](https://github.com/cornelinux/yubikey-luks#enable-yubikey-luks-initramfs-module) to work (however it may be...

> Because my initramfs not gunzip file. > > $ file /boot/initrd.img-4.15.0-43-generic > /boot/initrd.img-4.15.0-43-generic: ASCII cpio archive (SVR4 with no CRC) > This is ok. I have the same. >...

The only difference from my setup is that I use microcode for Intel. maybe AMD is screwing something.

Among other things which can be checked are: existence of luks device, valid yubikey slot, etc.

You may take a look how I handled various errors [here](https://github.com/agherzan/yubikey-full-disk-encryption/blob/master/src/ykfde-open).

You can use `yubikey-luks-open` script for unlocking after bootup.