Experimental support is in Dracut 007. In future 008 it will be even
better (see my latest patches).
Where are they? FC Rawhide or somewhere else?
There are some improvements I'm working
on. Although I'm not sure which version Fedora supports, will support
and when.
Glad to see there is progress made. What are the plans? As I pointed out
I am currently interested in making dracut work with external key files
and tokens (the latter is a much-pressing need on my as I am going to
rely on it heavily!).
I am also interested to see whether there are plans (or, indeed
attempted implementations) to introduce smartcard support to LUKS
partitions (boot or not)? Many thanks
I haven't planned that and haven't heard of anybody planning that, but
if I would have such a gadget I'd probably be happy to implement support
for it soon or later.
I am still in a learning curve as far as dracut is concerned - hence why
I was glad when I found your patch as I intend to use it as a template
to implement token support.
It won't be easy as there are dependencies on (at least) 3 packages, but
if I finally manage to overcome these the 'login' is very similar to the
'password' authentication currently present - once the password (PIN
token in this case) is captured then there is a program (pkcs11-tool
and/or pkcs15-tool) which reads the relevant key data and which then
could present it to luksOpen (as a pipe, i.e. 'cat keydata | cryptsetup
luksOpen --key-file=-') without further need for input from the user.
I have 'manually' done this (via command line shell script) and it works
without a problem, so once I get to grips with dracut and find out how
to install dependancies/packages in the initramfs image then it won't be
difficult.
--
To unsubscribe from this list: send the line "unsubscribe initramfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
