New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for using a whole device as a keyfile #8

Merged
merged 1 commit into from Aug 30, 2016

Conversation

Projects
None yet
2 participants
@giddie
Contributor

giddie commented Jul 19, 2016

OK, this is what I have to solve #7. It fixes the situation where a device is passed as a parameter to --keyfile instead of the path to a file. For instance:

cryptomount (hd1,gpt2) -k (crypto0)

This can be used to offer two-factor authentication by first unlocking a LUKS container using a passphrase, then using the content of the unlocked container as a keyfile for the boot partition.

The --keyfile-offset and --keyfile-size parameters work with this option in the same way as for a regular keyfile.

One thing I've noticed: I seem unable to get the correct size of the key-device when it's a crypto device. I think this may be a bug in the luks module, but I haven't been able to track it down. The device size is correctly detected for a physical disk (e.g hd1,gpt2), but I get 2057 instead of 1 returned by grub_disk_get_size (keydisk) when using crypt0 as a key device. I can work around this easily in practice by providing the keyfile size as a parameter, but it's still unfortunate. I've spent quite some time trying to figure out what I might be missing with the size calculation, but for now I'm stumped. Incidentally, the size is returned correctly when using an older version of luks.module, but then the keyfile unlocking doesn't work :D

@giddie

This comment has been minimized.

Show comment
Hide comment
@giddie

giddie Aug 9, 2016

Contributor

@johnlane bump?

Contributor

giddie commented Aug 9, 2016

@johnlane bump?

@johnlane

This comment has been minimized.

Show comment
Hide comment
@johnlane

johnlane Aug 15, 2016

Owner

@giddie sorry I have been away. I will take a look...

Owner

johnlane commented Aug 15, 2016

@giddie sorry I have been away. I will take a look...

@johnlane johnlane merged commit dbc9233 into johnlane:master Aug 30, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment