Le Mon, Jun 12, 2017 à 12:11 AM, Andrew Ross <ubu...@rossfamily.co.uk> a écrit :
> I'm contemplating an attempt at writing a module to enable use of the > challenge-response feature of the Yubikey to provide part of the > passphrase for a luks partition, using grub to do the initial > decryption. I'm after some advice on whether this is going to be > impossible or not. > > The device is a USB token, and appears with a few different device > descriptors. The one I'll need is the HID one: > > Interface Descriptor: > bLength 9 > bDescriptorType 4 > bInterfaceNumber 1 > bAlternateSetting 0 > bNumEndpoints 2 > bInterfaceClass 3 Human Interface Device > bInterfaceSubClass 0 No Subclass > bInterfaceProtocol 0 None > iInterface 0 > HID Device Descriptor: > bLength 9 > bDescriptorType 33 > bcdHID 1.10 > bCountryCode 0 Not supported > bNumDescriptors 1 > bDescriptorType 34 Report > wDescriptorLength 34 > > In the libusb version of the code, the main API calls that are used > (along with the ones to find the devices, etc) are: > usb_claim_interface > usb_control_msg > usb_release_interface > > Obviously I'll need to replace these with some code just using grub2 > apis. It looks like the usb_keyboard module might already have some > support for HID devices. And grub_usb_control_msg looks like the > equivalent to usb_control_msg. > > So, do you think this is realistic? It's realistic. But you may need to call nativedisk to switch from firmware to native disk drivers. > I'll start by trying to expose the > challenge-response as a function before worrying about using it for the > actual crypt. > > Also, any tips on debugging this without endless rebooting gratefully > received. > qemu and pass-through the USB device > > Thanks, > Andy > > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel >
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
