Yubikey LUKS with Qubes?
36 views
Skip to first unread message
Jeremy Hansen
Jan 31, 2023, 4:10:54 PM1/31/23
to qubes...@googlegroups.com
I’m trying to figure out the things required to use my Yubikey to decrpyt my LUKS root filesystem. As I understand it, dom0 in 4.1.1 doesn’t have the functions require in cryptsetup. It looks like systemd in Fedora 36 added systemd-cryptenroll, which I see in the Fedora guests. Has anyone attempted to get the required utilities to make this work in to dom0, which is based on Fedora 32 I believe.
I see Qubes 4.2 is going to base dom0 on Fedora 37, which should have all the tools, but I can’t seem to find any kind of iso nightly builds for 4.2.
I’ve worked through getting my Yubikey working for auth, but it would be very nice to get the LUKS functionality in there as well.
Thank you
-jeremy
Ulrich Windl
Feb 3, 2023, 5:14:31 AM2/3/23
to qubes...@googlegroups.com, jer...@skidrow.la
>>> "'Jeremy Hansen' via qubes-users" <qubes...@googlegroups.com> schrieb
am
31.01.2023 um 10:24 in Nachricht
<2d985c80-a4d0-45a6-b0d2-512c62335dfb@Canary>:
It depends *how* you want to use the YibiKey: In the simplest mode the key
enters a constant string (password) via an emulated USB keyboard. So iy you can
enter the pass phase over a USB keyboard, it should also work for the YubiKey.
> systemd-cryptenroll, which I see in the Fedora guests. Has anyone attempted
> to get the required utilities to make this work in to dom0, which is based
on
> Fedora 32 I believe.
So you want to use FIDO2?
>
> I see Qubes 4.2 is going to base dom0 on Fedora 37, which should have all
> the tools, but I can’t seem to find any kind of iso nightly builds for 4.2.
>
> I’ve worked through getting my Yubikey working for auth, but it would be
> very nice to get the LUKS functionality in there as well.
>
> Thank you
> -jeremy
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users...@googlegroups.com.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/qubes-users/2d985c80-a4d0-45a6-b0d2-512c623
> 35dfb%40Canary.
am
31.01.2023 um 10:24 in Nachricht
<2d985c80-a4d0-45a6-b0d2-512c62335dfb@Canary>:
> I’m trying to figure out the things required to use my Yubikey to decrpyt my
> LUKS root filesystem. As I understand it, dom0 in 4.1.1 doesn’t have the
> functions require in cryptsetup. It looks like systemd in Fedora 36 added
Hi!
> LUKS root filesystem. As I understand it, dom0 in 4.1.1 doesn’t have the
> functions require in cryptsetup. It looks like systemd in Fedora 36 added
It depends *how* you want to use the YibiKey: In the simplest mode the key
enters a constant string (password) via an emulated USB keyboard. So iy you can
enter the pass phase over a USB keyboard, it should also work for the YubiKey.
> systemd-cryptenroll, which I see in the Fedora guests. Has anyone attempted
> to get the required utilities to make this work in to dom0, which is based
on
> Fedora 32 I believe.
>
> I see Qubes 4.2 is going to base dom0 on Fedora 37, which should have all
> the tools, but I can’t seem to find any kind of iso nightly builds for 4.2.
>
> I’ve worked through getting my Yubikey working for auth, but it would be
> very nice to get the LUKS functionality in there as well.
>
> Thank you
> -jeremy
>
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users...@googlegroups.com.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/qubes-users/2d985c80-a4d0-45a6-b0d2-512c623
> 35dfb%40Canary.
deeplow
Mar 1, 2023, 4:52:24 AM3/1/23
to Jeremy Hansen, qubes...@googlegroups.com
I see Qubes 4.2 is going to base dom0 on Fedora 37, which should have all the tools, but I can’t seem to find any kind of iso nightly builds for 4.2.
Cheers,
deeplow
------- Original Message -------
Reply all
Reply to author
Forward
0 new messages