Hardware

YubiKey unlock

fd0 can use a YubiKey PIV slot as an unlock method. The slot private key stays on the device. Build fd0 with -tags=yubikey.

Enroll

$ fd0 auth add --yubikey
$ fd0 lock
$ fd0 unlock --method=yubikey

Multiple readers

If more than one compatible reader is present, set FD0_YUBIKEY_CARD=<substring>. Without it, fd0 refuses to choose a card silently.