On 11/04/2020 16:49, JT Moree wrote: > On Thu, 2020-04-09 at 20:01 -0700, Dan Farrell wrote: >> >> The idea is to popen out to programs/scripts which then do the vendor >> specific implementation, but over stdin/stdout use a common protocol. > > The next release (2.4.0) is reported to have some plugin features to > make this easier. I don't know if there is an ETA yet but they seem to > be working toward it as a major milestone. Well, as upstream maintainer, I tried to be silent here, but... The loadable plugins are something I tried to avoid for years, and now we have some plan, but please - there is no ETA, there is not even promise that it happens in 2.4 (despite we need it because of TPM2 support). Please do not rely on it yet. (And I warned Ondra to not tell any ETA here :-) For this thread - there is a lot of implementations for tokens/smartcard for LUKS. Some are abandoned, some not. For the upstream cryptsetup, I will strictly reject all contributions that are distro-specific or introduces direct binding to any hw libraries into cryptsetup core (either open-source or proprietary). I hope we can provide some way in LUKS2 how to integrate it through plugins later, but as I said above... For the integration, if there is a reliable code that just uses the cryptsetup binary, it is definitely useful. Also, see the system-homed project, there are several interesting ideas (using hw tokens and LUKS2 metadata). > Arno is working on updating the docs for new features of luks2. Arno did not add anything to FAQ in this regard for the last two+ years (the last contribution was in 2017, I do not count last week change for "LUKS2 is not covered" FAQ commit. The FAQ is really obsolete now, and we have to update it or remove it from distribution soon. (Many people already complained through various channels.) Anyway, please be patient. If you think there should be a strict plan, I had several plans... and life changed everything upside-down several times in the last year. So you have to trust upstream maintainer for now, it will settle, eventually. Stay tuned, and thanks for all the fish^W support :) Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
