Closed NTICompass closed 5 years ago
Currently this project doesn't work with systemd
hook in initramfs ,see https://github.com/agherzan/yubikey-full-disk-encryption/issues/14
@Vincent43 I'll keep an eye on that issue. I guess I can try to switch back to the "busybox" hooks and see what happens.
Do I need to plug in the yubikey before booting my machine for this to work?
No. There is 30 second timeout per retry for inserting YubiKey + configurable number of retries (default 5).
I'm using Manjaro, and my root partition (as well as home, var and opt) are part of an LVM that's inside a LUKS-encrypted partition. Slots 0 and 1 in LUKS are already configured.
I installed
yubikey-full-disk-encryption-git
, and ran:This worked correctly, and when I tested with
ykfde-open -d /dev/nvme0n1p3 -s 2 -t
, it came back with "Device successfully opened".I added
ykfde
to my mkinitcpio HOOKS, but after rebooting, it just asked me for my passphrase (slot 1, btw), like normal.I realized that when I ran the test command above, it would fail unless the yubikey was inserted before I ran it. Do I need to plug in the yubikey before booting my machine for this to work?
Here are the
HOOKS
in my/etc/mkinitcpio.conf
: