All of lore.kernel.org
 help / color / mirror / Atom feed
From: TJ <grub-devel@iam.tj>
To: grub-devel@gnu.org
Subject: LUKS Encryption and Fingerprint readers?
Date: Thu, 15 Aug 2013 17:51:03 +0100	[thread overview]
Message-ID: <520D06F7.5030900@iam.tj> (raw)

I was searching for any hint that GRUB might support using a fingerprint reading device as input for unlocking encryption.

I found discussion on the mailing list from 2009 centred mostly around TPM which didn't seem to go anywhere, so I wondered what the current thoughts are on supporting one?

The use-case I have is a fleet of laptops equipped with fingerprint readers running Linux which need to be secure in the event of theft. BIOS passwords will be used. The hard disks will be using
full-disk LUKS encryption.  I'd like to avoid using pass-phrases since complex phrases inevitably end up being forgotten by users, which points to using a key-file.

I've been unsuccessful in determining if support for a key-file via an external USB device is supported, but that led me to thinking that using the built-in fingerprint reader as a source of the key
(via integration of the libfprint [1]) might also be possible.

So I'd like to know what support for key-files and/or fingerprint reading is/could be as input for LUKS unlocking?

My other thought, to keep things simple, is to encrypt the entire hard drive and install GRUB and the /boot/ files on the removable USB key. More clunky but maybe easier to achieve.

[1] http://www.freedesktop.org/wiki/Software/fprint/libfprint/


             reply	other threads:[~2013-08-15 16:51 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-08-15 16:51 TJ [this message]
2013-08-15 17:27 ` LUKS Encryption and Fingerprint readers? Vladimir 'φ-coder/phcoder' Serbinenko
2013-08-29 19:13 ` Glenn Washburn
2013-08-29 20:20   ` TJ
2013-08-30 19:22     ` Glenn Washburn
2013-08-31  9:09       ` TJ
     [not found]   ` <20130829202042.F058E193308@jmr5021.mindef.local>
2013-08-30  9:10     ` J.Witvliet
2013-08-30 14:38       ` Lennart Sorensen
2013-08-30 15:03       ` TJ

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=520D06F7.5030900@iam.tj \
    --to=grub-devel@iam.tj \
    --cc=grub-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.