Announcement

Collapse
No announcement yet.

Arch Linux Installer Preparing FIDO2 Support For Handling Disk Encryption

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Arch Linux Installer Preparing FIDO2 Support For Handling Disk Encryption

    Phoronix: Arch Linux Installer Preparing FIOD2 Support For Handling Disk Encryption

    The Arch Linux installer "Archinstall" that makes it simple to quickly and easily get this popular distribution installed has prepared a new release candidate where they are introducing FIDO2 support...

    https://www.phoronix.com/scan.php?pa...hinstall-FIDO2

  • #2
    Yubikeys are really cool (Linux friendly FIDO support, Smartcard support, HSM replacement, etc)... ...but I'm not sure if I trust myself to not lose it for my own systems. At the office, I'd just ask for a replacement. At home, it'd be a definite "@£$% how do I get back in now?" moment.

    Comment


    • #3
      The arch community is something.. From No installer to one of the best installers in just over a year, all of this on a rolling base. Don't let debian know this.

      Comment


      • #4
        Originally posted by OneTimeShot View Post
        Yubikeys are really cool (Linux friendly FIDO support, Smartcard support, HSM replacement, etc)... ...but I'm not sure if I trust myself to not lose it for my own systems. At the office, I'd just ask for a replacement. At home, it'd be a definite "@£$% how do I get back in now?" moment.
        This is why you get two and store one as the backup.

        Comment


        • #5
          Originally posted by Mr.Elendig View Post

          This is why you get two and store one as the backup.
          What do you do after you lose the first one? Can you get another spare?

          Comment


          • #6
            Originally posted by bug77 View Post

            What do you do after you lose the first one? Can you get another spare?
            enroll both, keep one in a safe location as a spare

            Comment


            • #7
              Originally posted by bzs0 View Post

              enroll both, keep one in a safe location as a spare
              I think what's being asked is:

              I've enrolled key1 and key2, and put key2 in a safe location as a spare.

              Now I lose key1. So I grab key2 and use that to unlock my encrypted disk.

              Now what? If I also lose key2, I'm totally hosed.

              So the question is: while I possess key2, can I purchase key3 and enroll it, then put it in a safe space, and continue to use key2 as my main key?

              Presumably I'd also take key1 off the list of keys that can unlock my encryption since I no longer possess that key.

              Comment


              • #8
                I'm one of the developers of ArchInstall along with Torxed, who wrote this feature and is also on the Phoronix forums. This is a very early and experimental feature still, and I believe you need to provide the '--advanced' flag to the archinstall command to even be able to try this out. I just want to set realistic expectations that this isn't well-tested yet. That said, feel free to try it out, and the devs are really receptive to bug reports and issues. I'm interested in seeing how well this works for you all.

                Comment


                • #9
                  Originally posted by dylanmtaylor View Post
                  I'm one of the developers of ArchInstall along with Torxed, who wrote this feature and is also on the Phoronix forums. This is a very early and experimental feature still, and I believe you need to provide the '--advanced' flag to the archinstall command to even be able to try this out. I just want to set realistic expectations that this isn't well-tested yet. That said, feel free to try it out, and the devs are really receptive to bug reports and issues. I'm interested in seeing how well this works for you all.
                  Thank you very much.

                  Comment


                  • #10
                    Originally posted by jjmcwill2003 View Post

                    I think what's being asked is:

                    I've enrolled key1 and key2, and put key2 in a safe location as a spare.

                    Now I lose key1. So I grab key2 and use that to unlock my encrypted disk.

                    Now what? If I also lose key2, I'm totally hosed.

                    So the question is: while I possess key2, can I purchase key3 and enroll it, then put it in a safe space, and continue to use key2 as my main key?

                    Presumably I'd also take key1 off the list of keys that can unlock my encryption since I no longer possess that key.
                    Yes, that is what I was asking. Also, what happens to the keys you lose? Can they be deactivated? Because when you lose the keys to your house, you kinda have to change the locks.

                    Comment

                    Working...
                    X