2 files changed, 36 insertions, 0 deletions

diff --git a/systemd/ykfde-2f b/systemd/ykfde-2f
new file mode 100644
index 0000000..3aac298
--- /dev/null
+++ b/systemd/ykfde-2f
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# (C) 2016 by Christian Hesse <mail@eworm.de>
+#
+# This software may be used and distributed according to the terms
+# of the GNU General Public License, incorporated herein by reference.
+
+YKFDEFACTOR="$(systemd-ask-password --no-tty 'Please enter second factor for Yubikey full disk encryption!')"
+YKFDESERIAL="$(keyctl 'add' 'user' 'ykfde-2f' "${YKFDEFACTOR}" '@u')"
+keyctl 'timeout' "${YKFDESERIAL}" '150'
+
+if [ -s '/run/ykfde.pid' ]; then
+	kill -USR1 $(cat '/run/ykfde.pid')
+	# ykfde started from udev needs a moment to set up the key
+	# in store. It is out of systemd control, so wait a moment
+	# here.
+	sleep 0.2
+fi
+
+true
diff --git a/systemd/ykfde-2f.service b/systemd/ykfde-2f.service
new file mode 100644
index 0000000..acb6d67
--- /dev/null
+++ b/systemd/ykfde-2f.service
@@ -0,0 +1,16 @@
+# (C) 2016 by Christian Hesse <mail@eworm.de>
+#
+# This software may be used and distributed according to the terms
+# of the GNU General Public License, incorporated herein by reference.
+
+[Unit]
+Description=Get 2nd Factor for YKFDE
+DefaultDependencies=no
+Before=cryptsetup-pre.target
+Wants=cryptsetup-pre.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+TimeoutSec=0
+ExecStart=/usr/lib/systemd/scripts/ykfde-2f