diff options
author | Christian Hesse <mail@eworm.de> | 2014-12-22 22:03:21 +0100 |
---|---|---|
committer | Christian Hesse <mail@eworm.de> | 2014-12-22 23:20:10 +0100 |
commit | 0498dd512161b7fb07e703e03bc9b8ca8b3dd400 (patch) | |
tree | 0ced97f5e7015af52d712c53cf312adfa6c2dfa7 /README.md | |
parent | ebcce373b196cd4ad44667a05c856ed0f4b472b5 (diff) | |
download | mkinitcpio-ykfde-0498dd512161b7fb07e703e03bc9b8ca8b3dd400.tar.gz mkinitcpio-ykfde-0498dd512161b7fb07e703e03bc9b8ca8b3dd400.tar.zst |
replace shell script with C code, and many more
* place bin/ykfde with C source code bin/ykfde.c
* challenge/response can be updated in place
WARNING: This required config file syntax change!
* updates and simplification to udev/ykfde
* a lot more...
Signed-off-by: Christian Hesse <mail@eworm.de>
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 30 |
1 files changed, 26 insertions, 4 deletions
@@ -43,8 +43,23 @@ adding a line to `/etc/crypttab.initramfs`. It should read like: > `mapping-name` /dev/`LUKS-device` - -`ykfde` will read its information from there. Then prepare the key. Plug -it in, make sure it is configured for `HMAC-SHA1`. After that run: +Update `/etc/ykfde.conf` with correct settings. Add `mapping-name` from +above to `device name` in the `general` section. Then add a new section +with your key's decimal serial number containing the key slot setting. +The file should look like this: + + [general] + device name = crypt + + [1234567] + luks slot = 1 + +*Be warned*: Do not remove or overwrite your interactive key! Keep that +for backup and rescue! + +`ykfde` will read its information from these files. Then prepare +the key. Plug it in, make sure it is configured for `HMAC-SHA1`. +After that run: > ykfde @@ -62,6 +77,13 @@ Limitation / TODO * At the moment this is specific to Arch Linux. Though everything should run with upstream `systemd` just fine anybody has to hook things up with [dracut](https://dracut.wiki.kernel.org/) or whatever. -* The challenge is not updated. The file is accessible read only in +* The challenge is not updated on boot. The file is accessible read only in initramfs, but we have no easy way to write it to persistant storage. - So probably this is a design limitation... + So probably this is a design limitation... However the install hook does + update the challenge when building a new initramfs and and Yubikey is + inserted. + +### Upstream + +URL: [GitHub.com](https://github.com/eworm-de/mkinitcpio-ykfde) +Mirror: [eworm.de](http://git.eworm.de/cgit.cgi/mkinitcpio-ykfde/) |