Thanks for the insight! I've compiled and added your module with no
issues, and I do like that it's simple enough that I can understand
the code.
Unfortunately, `keyctl_read_alloc` fails with EACCES. So we manage to
get the serial for the (presumably correct) key in an earlier step, but
then the keyring won't give us read access to it.
I tried changing KeyringMode to "inherit" and using the default, and
neither made a difference.
I've got pam_fde_boot_pw.so running as a session module in my PAM
configuration, not as an auth module. (As shown in the readme for the
project.)
Thanks for putting this together! Do you have any ideas about how to
solve the permissions issue?