On Sun, Nov 04, 2012 at 11:07:49AM +0100, Stefan Sperling wrote: > On Sat, Nov 03, 2012 at 07:08:58PM -0400, Jiri B wrote: > > This is totally fantastic what jsing@ did, boot(8) can now ask > > for passphrase for root disk laying on softraid crypto volume. > > It works OK. > > > > But I didn't know it works with passphrase beforeso I first > > tried with keydisk... What a surprise, boot(8) could not use key > > disk for crypto volume (still printing 'Passphrase:'). > > > > Is this my PEBKAC/a bug or this feature is still WIP? > > It seems the current code doesn't support it yet. It could be made to > work as long as the bios exposes the key disk. If you can boot from your > keydisk the bios can see it. I believe booting from USB sticks is usually > possible with today's laptops, while booting from SD card rarely works.
Well I moved to position that booting with a passphrase and then concatenate strong passphrase from an Yubikey configured with static passphrase would be better solution than keydisk and passphrase. Although I don't have an Yubikey token now but as an Yubikey token is simulatin usb keyboard it should work. Has anybody tested Yubikey with new boot(8) asking for passphrase? jirib
