Re: Hiding systemd-cryptsetup password prompt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Do, 06.06.24 19:42, Sergio Arroutbi (sarroutb@xxxxxxxxxx) wrote:

> > > I miss an option where systemd-cryptsetup is executed headless, but
> > > continues running, without exiting.
> > >
> > > I have tried with keyfile=/dev/urandom and option=keyfile-size=600000,
> > but
> > > it is too quick. I also tried try-empty-password, but this is tried only
> > > once.
> > >
> > > I am running out of ideas.
> >
> > Hmm, I am not sure I follow? So do you or do you not want cryptsetup
> > ask for passwrds via the ask-password agent stuff?
> >
>
> We are developing a PKCS11 plugin for Clevis (
> https://github.com/latchset/clevis). Clevis allows automatic boot encrypted
> disks unlocking by storing some information into LUKS metadata.

systemd-cryptsetup supports TPM2 and PKCS#11 natively, you know that?
Why isn't that enough for your usecase? What are you missing?
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux