diff options
author | Christian Hesse <mail@eworm.de> | 2014-12-23 18:25:17 +0100 |
---|---|---|
committer | Christian Hesse <mail@eworm.de> | 2014-12-23 18:25:17 +0100 |
commit | 11bd572adf4a861e4c42123c2dadbacd3349af93 (patch) | |
tree | 995a932a7c13b463ec46c1b096012bc999561fd1 /README.md | |
parent | c96ab47092b799c274a4021b19b7f9cb3ddbb98d (diff) | |
download | mkinitcpio-ykfde-11bd572adf4a861e4c42123c2dadbacd3349af93.tar.gz mkinitcpio-ykfde-11bd572adf4a861e4c42123c2dadbacd3349af93.tar.zst |
support updating the challenge on boot
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 27 |
1 files changed, 20 insertions, 7 deletions
@@ -18,6 +18,7 @@ To compile and use yubico full disk encryption you need: * [mkinitcpio](https://projects.archlinux.org/mkinitcpio.git/) (Though it may be easy to port this to any initramfs that uses systemd) * [markdown](http://daringfireball.net/projects/markdown/) (HTML documentation) +* [libarchive](http://www.libarchive.org/) (Update challenge on boot) Additionally it is expected to have `make` and `pkg-config` around to successfully compile. @@ -64,24 +65,36 @@ After that run: > ykfde This will store a challenge in `/etc/ykfde.d/` and add a new slot to -your LUKS device. Last add `ykfde` to your hook list in -`/etc/mkinitcpio.conf` and rebuild your initramfs with: +your LUKS device. Now you have two choices: + +### `ykfde` hook + +Last add `ykfde` to your hook list in `/etc/mkinitcpio.conf` and rebuild +your initramfs with: > mkinitcpio -p linux Reboot and have fun! +### `ykfde-cpio` hook + +Add `ykfde-cpio` to your hook list in `/etc/mkinitcpio.conf` and rebuild +your initramfs with: + +> mkinitcpio -p linux + +Additionally enable `systemd` service `ykfde-cpio.service` and make your +bootloader load the new `cpio` image `/boot/ykfde-challenges.img` (in +addition to your usual initramfs). + +Reboot and have fun! + Limitation / TODO ----------------- * At the moment this is specific to Arch Linux. Though everything should run with upstream `systemd` just fine anybody has to hook things up with [dracut](https://dracut.wiki.kernel.org/) or whatever. -* The challenge is not updated on boot. The file is accessible read only in - initramfs, but we have no easy way to write it to persistant storage. - So probably this is a design limitation... However the install hook does - update the challenge when building a new initramfs and and Yubikey is - inserted. ### Upstream |