Ubuntustudio 20.10: Encryption + Yubikey

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Ubuntustudio 20.10: Encryption + Yubikey

Andre Tann
Hi folks,

I'm trying to install now Ubuntustudio 20.10 for a good while now, but
don't get the intended result:

    - I want it fully encrypted (works)
    - I want to use a Yubikey for the passphrase (works, but...)

I'd like to use the Yubikey in challenge/response mode so that I can
type in a short password, and the Yubikey turns this into a strong one
that is used to unlock the luks container.


The problem now is that I'm asked for the passphrase twice: once in a
black screen with white text, then a second time in a nice gui.

The first time I cannot use the Yubikey. I have to type in a passphrase
that works as it is. During setup I have a short passphrase in slot 0 of
the luks container to make setup easier. So I type in this easy phrase,
and then boot process moves on.

The second time the password dialog shows I can type in my Yubikey
challenge. This is sent to the YK, the green LED blinks, and the boot
process completes.


Of course this is annoying:
- I don't want to be asked twice for a password
- I don't want to have a short typable password for the luks container


My guess is that this comes from /boot being inside the luks container,
while with 20.04, /boot was on a separate non-encrypted partition. But I
cannot find a way to make /boot a separate partition during setup.

Anyone any ideas what to do?

--
Andre Tann


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users