grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LUKS Encryption and Fingerprint readers?


From: Glenn Washburn
Subject: Re: LUKS Encryption and Fingerprint readers?
Date: Thu, 29 Aug 2013 14:13:27 -0500

On Thu, 15 Aug 2013 17:51:03 +0100
TJ <address@hidden> wrote:

> So I'd like to know what support for key-files and/or fingerprint
> reading is/could be as input for LUKS unlocking?
> 
> My other thought, to keep things simple, is to encrypt the entire
> hard drive and install GRUB and the /boot/ files on the removable USB
> key. More clunky but maybe easier to achieve.

Based on this comment I assume you currently have an unencrypted boot
area on the harddrive and using an initrd.  In this case, grub need not
be in the picture at all.  Grub will load the kernel and initrd, who
will then attempt to unlock the rest of the drive.  Its at that stage
that you'll want to include your secret gathering mechanism.  So your
you prospects are much brighter because you have all of linux at your
disposal.

Currently, I have my drive fully encrypted (excepting the luks header)
and do a boot from USB.  I use grub to decrypt the drive to load the
encrypted kernel and initrd from there.  So in my case, I would need to
have grub support if I wanted to use some arbitrary auth mechanism.
However, this could be mitigated by having the kernel and initrd on the
USB.  I don't find it clunky, if you always keep the USB on your person
(eg on your keychain).



reply via email to

[Prev in Thread] Current Thread [Next in Thread]