Yubikey full disk encryption
Switch branches/tags
Nothing to show
Pull request Compare This branch is 2 commits behind tfheen:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
debian
README
helper
hook
script

README

ykfde - yubikey-based full disk encryption

Quick start:

install the package
uuidgen > /boot/yubikey-challenge
ykchalresp $(cat /boot/yubikey-challenge)
cryptsetup luksAddKey /dev/sda2 /boot/yubikey-challenge

On bootup, you will be asked to insert a yubikey (2.2 or newer) which
will then provide the response.  If you do not want to use a yubikey,
press enter and then enter a normal passphrase during bootup.

Limitations/bugs:
- uses the default ykchalresp settings, meaning no support for slot 2
- does not update the challenge after each boot.