]> git.ipfire.org Git - thirdparty/systemd.git/commit - src/home/homectl-fido2.c
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cde2f86) | patch
FIDO2: ask and record whether user presence was used to lock the volume
authorLuca Boccassi <luca.boccassi@microsoft.com>
Mon, 12 Apr 2021 21:48:05 +0000 (22:48 +0100)
committerLuca Boccassi <bluca@debian.org>
Fri, 7 May 2021 20:36:27 +0000 (21:36 +0100)
commit06f087192d27d6bbb237f8966c2fa2d6b790f7f2
tree8daf3fe42fdf69acc142c0fe2669e179e7b29bc4tree | snapshot
parentcde2f8605e0c3842f9a87785dd758f955f2d04bacommit | diff
FIDO2: ask and record whether user presence was used to lock the volume

In some cases user presence might not be required to get _a_
secret out of a FIDO2 device, but it might be required to
the get actual secret that was used to lock the volume.
Record whether we used it in the LUKS header JSON metadata.
Let the cryptenroll user ask for the feature, but bail out if it is
required by the token and the user disabled it.
Enabled by default.
man/systemd-cryptenroll.xml diff | blob | blame | history
src/cryptenroll/cryptenroll-fido2.c diff | blob | blame | history
src/cryptenroll/cryptenroll.c diff | blob | blame | history
src/cryptsetup/cryptsetup-fido2.c diff | blob | blame | history
src/cryptsetup/cryptsetup.c diff | blob | blame | history
src/home/homectl-fido2.c diff | blob | blame | history
src/home/homework-fido2.c diff | blob | blame | history
src/shared/libfido2-util.c diff | blob | blame | history
src/shared/libfido2-util.h diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.