On Tue, Nov 06, 2018 at 10:49:36PM +0100, Guilhem Moulin wrote: > On Tue, 06 Nov 2018 at 11:15:57 -0800, Kyle Rankin wrote: > > On Sun, Nov 04, 2018 at 02:38:29PM +0100, Guilhem Moulin wrote: > >> On Sun, 04 Nov 2018 at 05:35:44 -0500, Chris Lamb wrote: > >>>>> https://salsa.debian.org/cryptsetup-team/cryptsetup/tree/openpgp-smartcard > >>>> > >>>> Did you have time to look at this branch yet? (Just rebased it on top > >>>> of ‘debian/2%2.0.5-1’ and applied a couple of changes.) > >>> > >>> Oh dear, I was not aware this was blocking on my end. > >> > >> Oops sorry for the bad communication, should have poked you earlier > >> in October then :-P > >> > >>> Kyle, how'd you feel about checking this branch out? > > > > Providing me the deb would remove any risk that any bugs I find were caused > > by some mistake on my part in merging and building that branch, so if you > > could provide me the deb that would be much appreciated, that way we are at > > least a QA team of two :) > > There is no merging involved as I rebased the branch on top of master :-) > > But fair enough, you can use the cryptsetup packages from my private APT > repository: > > echo "deb http://guilhem.org/debian sid main" >>/etc/apt/sources.list > apt-key add /tmp/7420DF86BCE15A458DCE997639278DA8109E6244.asc > apt update > apt upgrade > > The OpenPGP key used to sign the ‘Release’ file (and the source > packages) is the one I'm using for Debian uploads; its primary key has > the following fingerprint: > > 7420 DF86 BCE1 5A45 8DCE 9976 3927 8DA8 109E 6244 > > Alternatively, you can manually download & install the binary packages > from > > https://guilhem.org/debian/pool/main/c/cryptsetup/ > > (Only ‘cryptsetup-initramfs’ and ‘cryptsetup-run’ are relevant in this > context: the former for the initramfs boot scripts, the latter for the > decryption script and documentation.) > > Cheers, > -- > Guilhem.
I've tested these debs and can confirm everything works. I was also able to add this support to an existing LUKS root partition by just using luksAddKey and making sure the crypttab was updated and update-initramfs was run. Note that in the case of a root partition, boot splash needs to be disabled so you can enter the GPG PIN. -Kyle
signature.asc
Description: PGP signature
