Add Ubuntu fallback to passphrase, add defaults (#35)

Co-authored-by: cbachert <1316659-cbachert@users.noreply.gitlab.com>

initramfs-tools/fido2luks.conf

@@ -1,3 +1,5 @@
 FIDO2LUKS_SALT=Ask
 #FIDO2LUKS_PASSWORD_HELPER="/usr/bin/plymouth ask-for-password --prompt 'FIDO2 password salt'"
 FIDO2LUKS_CREDENTIAL_ID=
+FIDO2LUKS_USE_TOKEN=0
+FIDO2LUKS_PASSWORD_FALLBACK=1

initramfs-tools/keyscript.sh

@@ -2,6 +2,17 @@
 set -a
 . /etc/fido2luks.conf
 
+# Set Defaults
+if [ -z "$FIDO2LUKS_USE_TOKEN" ]; then
+    FIDO2LUKS_USE_TOKEN=0
+fi
+
+if [ -z "$FIDO2LUKS_PASSWORD_FALLBACK" ]; then
+    FIDO2LUKS_PASSWORD_FALLBACK=1
+fi
+
+
+
 if [ -z "$FIDO2LUKS_PASSWORD_HELPER" ]; then
 	MSG="FIDO2 password salt for $CRYPTTAB_NAME"
 	export FIDO2LUKS_PASSWORD_HELPER="plymouth ask-for-password --prompt '$MSG'"
@@ -12,3 +23,8 @@ if [ "$FIDO2LUKS_USE_TOKEN" -eq 1 ]; then
 fi
 
 fido2luks print-secret --bin
+
+# Fall back to passphrase-based unlock if fido2luks fails
+if [ "$?" -gt 0 ] && [ "$FIDO2LUKS_PASSWORD_FALLBACK" -eq 1 ]; then
+  plymouth ask-for-password --prompt "Password for $CRYPTTAB_SOURCE"
+fi