From: Milan Broz <gmazyland@gmail.com>
To: JT Moree <moreejt@yahoo.com>, dm-crypt <dm-crypt@saout.de>
Subject: Re: [dm-crypt] cryptsetup Yubikey challenge-response support
Date: Sat, 11 Apr 2020 18:09:46 +0200 [thread overview]
Message-ID: <6114e747-a8cd-c0c6-ccc8-7f666f04d32b@gmail.com> (raw)
In-Reply-To: <65d9482aafb2bb4c4753f272d3c8b418c1f1d590.camel@yahoo.com>
On 11/04/2020 16:49, JT Moree wrote:
> On Thu, 2020-04-09 at 20:01 -0700, Dan Farrell wrote:
>>
>> The idea is to popen out to programs/scripts which then do the vendor
>> specific implementation, but over stdin/stdout use a common protocol.
>
> The next release (2.4.0) is reported to have some plugin features to
> make this easier. I don't know if there is an ETA yet but they seem to
> be working toward it as a major milestone.
Well, as upstream maintainer, I tried to be silent here, but...
The loadable plugins are something I tried to avoid for years,
and now we have some plan, but please - there is no ETA, there is not even
promise that it happens in 2.4 (despite we need it because of TPM2 support).
Please do not rely on it yet.
(And I warned Ondra to not tell any ETA here :-)
For this thread - there is a lot of implementations for tokens/smartcard
for LUKS. Some are abandoned, some not.
For the upstream cryptsetup, I will strictly reject all contributions that
are distro-specific or introduces direct binding to any hw libraries into
cryptsetup core (either open-source or proprietary).
I hope we can provide some way in LUKS2 how to integrate it through plugins later,
but as I said above...
For the integration, if there is a reliable code that just uses the cryptsetup
binary, it is definitely useful.
Also, see the system-homed project, there are several interesting ideas
(using hw tokens and LUKS2 metadata).
> Arno is working on updating the docs for new features of luks2.
Arno did not add anything to FAQ in this regard for the last two+ years (the last
contribution was in 2017, I do not count last week change for "LUKS2 is not
covered" FAQ commit.
The FAQ is really obsolete now, and we have to update it or remove it
from distribution soon.
(Many people already complained through various channels.)
Anyway, please be patient. If you think there should be a strict plan,
I had several plans... and life changed everything upside-down several times
in the last year.
So you have to trust upstream maintainer for now, it will settle, eventually.
Stay tuned, and thanks for all the fish^W support :)
Milan
next prev parent reply other threads:[~2020-04-11 16:09 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <233063842.2717340.1586366160963.ref@mail.yahoo.com>
2020-04-08 17:16 ` [dm-crypt] cryptsetup Yubikey challenge-response support JT Morée
2020-04-10 3:01 ` Dan Farrell
2020-04-11 14:49 ` JT Moree
2020-04-11 16:09 ` Milan Broz [this message]
2020-04-11 19:56 ` Arno Wagner
2020-04-11 21:05 ` JT Moree
2020-04-11 22:23 ` Arno Wagner
2020-04-12 13:00 ` [dm-crypt] LUKS FAQ separate for LUKS1/LUKS2, or combined? Was: " Michael Kjörling
2020-04-14 10:56 ` Milan Broz
2020-04-15 22:25 ` Arno Wagner
2020-04-14 11:35 ` [dm-crypt] " Milan Broz
2020-04-15 21:47 ` Arno Wagner
2020-04-15 6:37 ` Dan Farrell
2020-04-15 6:48 ` Dan Farrell
2020-04-15 7:08 ` Dan Farrell
2020-04-15 19:38 ` Milan Broz
2020-04-16 2:03 ` Dan Farrell
2020-04-16 10:36 ` Milan Broz
2020-04-08 8:37 7heo
2020-04-08 10:07 ` Nikolay Kichukov
2020-04-08 16:31 ` Tim Steiner
2020-04-08 22:18 ` Dan Farrell
-- strict thread matches above, loose matches on Subject: below --
2020-04-08 7:54 Dan Farrell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6114e747-a8cd-c0c6-ccc8-7f666f04d32b@gmail.com \
--to=gmazyland@gmail.com \
--cc=dm-crypt@saout.de \
--cc=moreejt@yahoo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox