Peter Maffay wrote: > this is a request regarding a user verification improvement on bootup > for LUKS on OpenSUSE 11.2. > > 1. Though LUKS works great within OpenSUSE, we consider the sudden break > in the booting screen as an annoyance. > A small popup asking for the pass right after selecting the boot within > GRUB would do a much better job rather than jumping back to the bash. In Ubuntu, the prompt appears in color and font of the splash, which mildens the appearance style break. Probably that's easier than trying to put real GUI stuff into initrd. > 3. Also I am wondering, why LUKS does not support the use of a > fingerprint reader. If one is attached, it should be possible to provide > the fingerprint right after the password-prompt-popup (which is not > included yet) LUKS is basically just the framework for keeping metadata about the encryption method used, and key slots. Where the keys come from is not really part of LUKS. I (on Ubuntu 9.04) have existing "cryptopensc" initrd script which seems to handle placement of keys on a smart card (see also http://www.mail-archive.com/debian-bugs-closed@xxxxxxxxxxxxxxxx/msg121577.html) - a similar script could probably do fingerprint reader stuff, provided that the fingerprint reader has some kind of storage for the key which it would only reveal after match. Simply authenticating with a fingerprint reader in a yes/no scheme isn't sufficient, because that would require storage of the key in the initrd, which renders the whole encryption stuff useless unless you have the initrd with you (eg. USB stick). > 2. Furthermore it would be great if an option to cryptsetup would be > added to use a keyfile as an option on the command line, at the moment > you can either have password OR keyfile. A simple "if keyfile not found, > default to password" would be nice. That would be easy to do, any initrd script can take kernel cmdline parameters into account. But this is not really a LUKS task, but rather one of the distributors (some read here). Yours, Uwe _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
