aboutsummaryrefslogtreecommitdiffstats
path: root/README.md
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2014-12-22 22:03:21 +0100
committerGravatar Christian Hesse <mail@eworm.de>2014-12-22 23:20:10 +0100
commit0498dd512161b7fb07e703e03bc9b8ca8b3dd400 (patch)
tree0ced97f5e7015af52d712c53cf312adfa6c2dfa7 /README.md
parentebcce373b196cd4ad44667a05c856ed0f4b472b5 (diff)
downloadmkinitcpio-ykfde-0498dd512161b7fb07e703e03bc9b8ca8b3dd400.tar.gz
mkinitcpio-ykfde-0498dd512161b7fb07e703e03bc9b8ca8b3dd400.tar.zst
replace shell script with C code, and many more
* place bin/ykfde with C source code bin/ykfde.c * challenge/response can be updated in place WARNING: This required config file syntax change! * updates and simplification to udev/ykfde * a lot more... Signed-off-by: Christian Hesse <mail@eworm.de>
Diffstat (limited to 'README.md')
-rw-r--r--README.md30
1 files changed, 26 insertions, 4 deletions
diff --git a/README.md b/README.md
index 083a19b..6f47e94 100644
--- a/README.md
+++ b/README.md
@@ -43,8 +43,23 @@ adding a line to `/etc/crypttab.initramfs`. It should read like:
> `mapping-name` /dev/`LUKS-device` -
-`ykfde` will read its information from there. Then prepare the key. Plug
-it in, make sure it is configured for `HMAC-SHA1`. After that run:
+Update `/etc/ykfde.conf` with correct settings. Add `mapping-name` from
+above to `device name` in the `general` section. Then add a new section
+with your key's decimal serial number containing the key slot setting.
+The file should look like this:
+
+ [general]
+ device name = crypt
+
+ [1234567]
+ luks slot = 1
+
+*Be warned*: Do not remove or overwrite your interactive key! Keep that
+for backup and rescue!
+
+`ykfde` will read its information from these files. Then prepare
+the key. Plug it in, make sure it is configured for `HMAC-SHA1`.
+After that run:
> ykfde
@@ -62,6 +77,13 @@ Limitation / TODO
* At the moment this is specific to Arch Linux. Though everything should
run with upstream `systemd` just fine anybody has to hook things up with
[dracut](https://dracut.wiki.kernel.org/) or whatever.
-* The challenge is not updated. The file is accessible read only in
+* The challenge is not updated on boot. The file is accessible read only in
initramfs, but we have no easy way to write it to persistant storage.
- So probably this is a design limitation...
+ So probably this is a design limitation... However the install hook does
+ update the challenge when building a new initramfs and and Yubikey is
+ inserted.
+
+### Upstream
+
+URL: [GitHub.com](https://github.com/eworm-de/mkinitcpio-ykfde)
+Mirror: [eworm.de](http://git.eworm.de/cgit.cgi/mkinitcpio-ykfde/)