Le Mon, Jun 12, 2017 à 12:11 AM, Andrew Ross <address@hidden
> a écrit :
I'm contemplating an attempt at writing a module to enable use of the
challenge-response feature of the Yubikey to provide part of the
passphrase for a luks partition, using grub to do the initial
decryption. I'm after some advice on whether this is going to be
impossible or not.
The device is a USB token, and appears with a few different device
descriptors. The one I'll need is the HID one:
bInterfaceClass 3 Human Interface Device
bInterfaceSubClass 0 No Subclass
bInterfaceProtocol 0 None
HID Device Descriptor:
bCountryCode 0 Not supported
bDescriptorType 34 Report
In the libusb version of the code, the main API calls that are used
(along with the ones to find the devices, etc) are:
Obviously I'll need to replace these with some code just using grub2
apis. It looks like the usb_keyboard module might already have some
support for HID devices. And grub_usb_control_msg looks like the
equivalent to usb_control_msg.
So, do you think this is realistic?
It's realistic. But you may need to call nativedisk to switch from firmware to native disk drivers.
I'll start by trying to expose the
challenge-response as a function before worrying about using it for the
Also, any tips on debugging this without endless rebooting gratefully
qemu and pass-through the USB device
Grub-devel mailing list