Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for using a whole device as a keyfile #8

merged 1 commit into from Aug 30, 2016


Copy link

@giddie giddie commented Jul 19, 2016

OK, this is what I have to solve #7. It fixes the situation where a device is passed as a parameter to --keyfile instead of the path to a file. For instance:

cryptomount (hd1,gpt2) -k (crypto0)

This can be used to offer two-factor authentication by first unlocking a LUKS container using a passphrase, then using the content of the unlocked container as a keyfile for the boot partition.

The --keyfile-offset and --keyfile-size parameters work with this option in the same way as for a regular keyfile.

One thing I've noticed: I seem unable to get the correct size of the key-device when it's a crypto device. I think this may be a bug in the luks module, but I haven't been able to track it down. The device size is correctly detected for a physical disk (e.g hd1,gpt2), but I get 2057 instead of 1 returned by grub_disk_get_size (keydisk) when using crypt0 as a key device. I can work around this easily in practice by providing the keyfile size as a parameter, but it's still unfortunate. I've spent quite some time trying to figure out what I might be missing with the size calculation, but for now I'm stumped. Incidentally, the size is returned correctly when using an older version of luks.module, but then the keyfile unlocking doesn't work :D

Copy link
Contributor Author

giddie commented Aug 9, 2016

@johnlane bump?

Copy link

johnlane commented Aug 15, 2016

@giddie sorry I have been away. I will take a look...

@johnlane johnlane merged commit dbc9233 into johnlane:master Aug 30, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

Successfully merging this pull request may close these issues.

None yet

2 participants