Full disk encryption support for Linux (Debian)

53 views
Skip to first unread message

Tollef Fog Heen

unread,
Mar 13, 2011, 6:03:38 PM3/13/11
to yubico...@googlegroups.com

Hi,

while playing around with the challenge/response support in the 2.2
keys, I implemented support for using a yubikey to unlock your root file
system (from initramfs).

Code and all is at https://github.com/tfheen/ykfde

Changing the challenge is currently a manual process, I'll make that an
(optional) automatic process, and I'll provide a simple tool for
updating the encryption key.

This has been lightly tested on my laptop, so while I'd appreciate
feedback, please do keep backups in case something goes wrong and it
eats all your data. I've also only tested this on Debian, so while it
might work on other Linuxes, I give absolutely no guarantees.

Regards,
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

Fredrik Thulin

unread,
Mar 13, 2011, 6:12:10 PM3/13/11
to yubico...@googlegroups.com, Tollef Fog Heen
On Sun, Mar 13, 2011 at 11:03 PM, Tollef Fog Heen <tfh...@err.no> wrote:
>
> Hi,
>
> while playing around with the challenge/response support in the 2.2
> keys, I implemented support for using a yubikey to unlock your root file
> system (from initramfs).

Very impressive - good job!!!

(I never use more than one exclamation mark)

Meanwhile, I've been reading pam_ecryptfs.c and it seems almost too
easy to get pam_yubico to play nice with ecryptfs, so it looks like
we'll really have a couple of options for encrypting your data using
the Yubikey as key - as long as you run Linux at least. But that's for
another forum thread.

/Fredrik

Reply all
Reply to author
Forward
0 new messages