git.ipfire.org Git - thirdparty/systemd.git/commit

]> git.ipfire.org Git - thirdparty/systemd.git/commit - src/home/homectl-fido2.c

projects / thirdparty / systemd.git / commit

author	Luca Boccassi <luca.boccassi@microsoft.com>
	Mon, 12 Apr 2021 20:06:59 +0000 (21:06 +0100)
committer	Luca Boccassi <bluca@debian.org>
	Fri, 7 May 2021 20:36:27 +0000 (21:36 +0100)
commit	cde2f8605e0c3842f9a87785dd758f955f2d04ba
tree	26d259cdb23f9ace361340a87d584ab379259fde	tree \| snapshot
parent	cd5f57bda71dc9485d7eddf6cfcbfba843f5126c	commit \| diff

FIDO2: support pin-less LUKS enroll/unlock

Closes: https://github.com/systemd/systemd/issues/19246
Some FIDO2 devices allow the user to choose whether to use a PIN or not
and will HMAC with a different secret depending on the choice.
Some other devices (or some device-specific configuration) can instead
make it mandatory.
Allow the cryptenroll user to choose whether to use a PIN or not, but
fail immediately if it is a hard requirement.
Record the choice in the JSON-encoded LUKS header metadata so that the
right set of options can be used on unlock.

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom

man/systemd-cryptenroll.xml		diff \| blob \| blame \| history
src/cryptenroll/cryptenroll-fido2.c		diff \| blob \| blame \| history
src/cryptenroll/cryptenroll-fido2.h		diff \| blob \| blame \| history
src/cryptenroll/cryptenroll.c		diff \| blob \| blame \| history
src/cryptsetup/cryptsetup-fido2.c		diff \| blob \| blame \| history
src/cryptsetup/cryptsetup-fido2.h		diff \| blob \| blame \| history
src/cryptsetup/cryptsetup.c		diff \| blob \| blame \| history
src/home/homectl-fido2.c		diff \| blob \| blame \| history
src/home/homework-fido2.c		diff \| blob \| blame \| history
src/shared/libfido2-util.c		diff \| blob \| blame \| history
src/shared/libfido2-util.h		diff \| blob \| blame \| history