Grub initrd injection doesn't work on Fedora

eworm-de / mkinitcpio-ykfde

Full disk encryption with Yubikey (Yubico key)

GNU General Public License v3.0

109 stars 26 forks source link

Grub initrd injection doesn't work on Fedora #37

Closed Diniboy1123 closed 2 years ago

Diniboy1123 commented 2 years ago

Hi,

First of all, thanks for the project, it looks incredibly promising! However I had some issues setting this up on a fresh Fedora 35 installation. You mention the need to edit /etc/default/grub with the following line:

GRUB_EARLY_INITRD_LINUX_CUSTOM="ykfde-challenges.img"

However Fedora uses grub2 and it seems to ignore this line. Due to dracut there is no support for initramfs-tools' hooks either, so I am unsure where to put this to survive updates.

Diniboy1123 commented 2 years ago

Nvm, I had a different issue. Seemingly grub2 just adds a line to grubenv and it still works that way. However you cannot use this project to do a full system encryption. That'd be worth noting. /etc needs to be readable and writable at the time of mounting the encrypted disk.

eworm-de commented 2 years ago

Sure you can use this for full disk encryption, I do. The challenges are available in initramfs via extra image.

Updating the encryption keys and challenges happens later, at regular system boot.