Closed filipe-cantarelli closed 5 years ago
That would need patching GRUB which is non-trivial and rather unlikely. You may consider booting from EFISTUB, i.e. combine microcode+kernel+initramfs+cmdline, put it to EFI system partition and protect with UEFI Secure Boot. There are existing projects which will handle this for you. It can be used with systemd-boot.
Thanks,
I'll take a look into those options.
@filipe-cantarelli I'm in the same situation. What solution did you end up using? Edit: I'm not that familiar with GRUB2 architecture, would it be possible to achieve something like this with a module? Writing GRUB modules Yubico C library
Hello,
I have an UEFI boot setup where my EFI system partition is unencrypted, but my boot partition is encrypted. In fact, I don't have a proper boot partition, boot lives in the root partition, which is encrypted.
Following the README I'm able to have this working after I manually unlock boot with a passphrase. Current boot process steps: (passphrase for unlocking boot) -> GRUB -> (yubikey for unlocking root) -> system booted.
I'm wondering if yubikey can be used for unlocking the boot partition as well. Eliminating step 1.