francsw

I noticed that some applications, in my case Passwordsafe, resets the Yubikey constantly in the lockscreen. You can monitor it with `udevadm monitor --udev` That might be what's draining you...

The yubikey-keyscript file is setup in the `/etc/crypttab`. e.g. ``` sda6_crypt UUID=97ba8852-5d14-4ee8-ba9e-20b2cd6bb550 none luks,keyscript=/usr/share/yubikey-luks/ykluks-keyscript ``` You should see the following text prompt at boot "Please insert yubikey and press enter...

A workaround for this problem is to add --insecure to the curl command here https://github.com/latchset/clevis/blob/master/src/pins/tang/clevis-decrypt-tang#L78 `if ! rep="$(curl --insecure -sfg -X POST -H "$ct" --data-binary @- "$url"

If someone ends up here trying to get Clevis to use HTTPS, here are some steps and scripts to help you along. https://github.com/francsw/clevis-HTTPS