fido2-luks-open

#!/bin/sh
NAME="fido2-luks"

set -e
. /usr/share/fido2-luks/fido2-utils.sh

if [ "$(id -u)" -ne 0 ]; then
    echo "You must be root." 1>&2
    exit 1
fi

while getopts ":d:n:hv" opt; do
    case $opt in
    d)
        DISK=$OPTARG
        ;;
    n)
        NAME=$OPTARG
        ;;
    h)
        echo
        echo " -d <partition>: select existing partition"
        echo " -n <name>     : set the new container name"
        echo
        exit 1
        ;;
    \?)
        echo "Invalid option: -$OPTARG" >&2
        ;;
    esac
done

while true ; do
    if fido2_device > /dev/null ; then break; fi
    printf "Please insert a FIDO2 token and press enter."
    read -r _ <&1
done

if fido2_is_pin_required "$DISK" ; then
    pin=$(/lib/cryptsetup/askpass "Enter FIDO2 token PIN:")
else
    pin=
fi
_passphrase=$(fido2_authenticate "$pin" "$DISK")

printf %s "${_passphrase}" | cryptsetup luksOpen "$DISK" "$NAME" 2>&1;