From: Mr Dash Four <mr.dash.four-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
To: "Amadeusz Żołnowski" <aidecoe-2qtfh70TtYba5EbDDlwbIw@public.gmane.org>
Cc: initramfs <initramfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [PATCH] 90crypt: keys on external devices support
Date: Tue, 19 Oct 2010 15:33:33 +0100 [thread overview]
Message-ID: <4CBDAC3D.7050906@googlemail.com> (raw)
In-Reply-To: <1287497223-sup-3606@etiriah>
> Experimental support is in Dracut 007. In future 008 it will be even
> better (see my latest patches).
Where are they? FC Rawhide or somewhere else?
> There are some improvements I'm working
> on. Although I'm not sure which version Fedora supports, will support
> and when.
>
Glad to see there is progress made. What are the plans? As I pointed out
I am currently interested in making dracut work with external key files
and tokens (the latter is a much-pressing need on my as I am going to
rely on it heavily!).
>> I am also interested to see whether there are plans (or, indeed
>> attempted implementations) to introduce smartcard support to LUKS
>> partitions (boot or not)? Many thanks
>>
>
> I haven't planned that and haven't heard of anybody planning that, but
> if I would have such a gadget I'd probably be happy to implement support
> for it soon or later.
>
I am still in a learning curve as far as dracut is concerned - hence why
I was glad when I found your patch as I intend to use it as a template
to implement token support.
It won't be easy as there are dependencies on (at least) 3 packages, but
if I finally manage to overcome these the 'login' is very similar to the
'password' authentication currently present - once the password (PIN
token in this case) is captured then there is a program (pkcs11-tool
and/or pkcs15-tool) which reads the relevant key data and which then
could present it to luksOpen (as a pipe, i.e. 'cat keydata | cryptsetup
luksOpen --key-file=-') without further need for input from the user.
I have 'manually' done this (via command line shell script) and it works
without a problem, so once I get to grips with dracut and find out how
to install dependancies/packages in the initramfs image then it won't be
difficult.
next prev parent reply other threads:[~2010-10-19 14:33 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-19 13:54 [PATCH] 90crypt: keys on external devices support Mr Dash Four
[not found] ` <4CBDA328.40401-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-19 14:19 ` Amadeusz Żołnowski
2010-10-19 14:33 ` Mr Dash Four [this message]
[not found] ` <4CBDAC3D.7050906-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-20 1:24 ` Mr Dash Four
[not found] ` <4CBE44D3.6070000-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-20 14:12 ` Amadeusz Żołnowski
2010-10-20 14:44 ` Mr Dash Four
[not found] ` <4CBF004F.9070201-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-20 15:17 ` Amadeusz Żołnowski
2010-10-20 15:37 ` Mr Dash Four
[not found] ` <4CBF0CA3.1070801-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-22 16:51 ` Amadeusz Żołnowski
2010-10-21 13:29 ` Karel Zak
[not found] ` <20101021132916.GC22186-sHeGUpI7y9L/9pzu0YdTqQ@public.gmane.org>
2010-10-21 13:54 ` Mr Dash Four
[not found] ` <4CC0462E.20507-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-21 15:18 ` Karel Zak
[not found] ` <20101021151802.GD22186-sHeGUpI7y9L/9pzu0YdTqQ@public.gmane.org>
2010-10-21 15:48 ` Mr Dash Four
[not found] ` <4CC060B3.3050508-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-22 16:40 ` Amadeusz Żołnowski
2010-10-22 18:34 ` Karel Zak
2010-10-20 13:19 ` Amadeusz Żołnowski
2010-10-20 14:06 ` Mr Dash Four
[not found] ` <4CBEF768.90908-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-20 14:25 ` Amadeusz Żołnowski
2010-10-20 14:48 ` Mr Dash Four
[not found] ` <4CBF0133.2070709-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-20 15:26 ` Amadeusz Żołnowski
2010-10-20 15:39 ` Mr Dash Four
2010-10-22 11:50 ` Mr Dash Four
[not found] ` <4CC17A87.7050804-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-22 17:07 ` Amadeusz Żołnowski
2010-10-23 15:13 ` Mr Dash Four
2010-10-22 11:35 ` dracut Mr Dash Four
[not found] ` <4CC17713.4030504-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-22 17:13 ` dracut Amadeusz Żołnowski
2010-10-26 11:09 ` dracut Harald Hoyer
[not found] ` <4CC6B6E5.50402-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2010-10-26 11:23 ` dracut Amadeusz Żołnowski
2010-10-26 11:36 ` dracut Mr Dash Four
2010-10-26 11:26 ` dracut Mr Dash Four
[not found] ` <4CC6BB02.9040901-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
2010-10-29 21:40 ` dracut Mr Dash Four
2010-10-30 7:57 ` dracut Ambroz Bizjak
[not found] ` <AANLkTinO0edPay_HxUW93Dm2PpHkchxKDC1yezhV-u2K-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2010-10-30 11:18 ` dracut Mr Dash Four
-- strict thread matches above, loose matches on Subject: below --
2010-07-13 17:14 [PATCH] 90crypt: keys on external devices support Amadeusz Żołnowski
2010-07-21 11:41 ` Harald Hoyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CBDAC3D.7050906@googlemail.com \
--to=mr.dash.four-gm/ye1e23mwn+bqq9rbeug@public.gmane.org \
--cc=aidecoe-2qtfh70TtYba5EbDDlwbIw@public.gmane.org \
--cc=initramfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.