Guilhem Moulin <guil...@debian.org> 于2023年12月31日周日 21:23写道: > > Hi, > > On Sun, 31 Dec 2023 at 18:49:30 +0800, YunQiang Su wrote: > > 2 mthods are supported for 2 FA: > > - Yubikey Challenge > > - TPM2 Keypair > > If your concern is to make these work with cryptsetup-initramfs, there > are #1023700 and #1031254 open against src:cryptsetup. The plan is to
I tried some methods before I write this script, and I also tried dracut. Yes, dracut works well with cryptsetup-initramfs. The problem for me is that none of these ways, can work with suspend. I mean that when the PC resumes from suspend, I wish that the disk is encrypted instead of decrypted. In fact, hibernate is an option for me, but currently, Linux kernel cannot support hibernate if crypt disk is used. > have that in trixie. Did you check if the solutions proposed there > cover your use case? Otherwise, IMHO a wishlist bug against > src:cryptsetup would be better than using a separate source package. > If this scripts can be accepted into src:cryptset, I will be very glad to help it happen. Yes, I noticed cryptsetup-suspend does in src:cryptsetup, while src:yubikey-luks is a seperate source package. I tried src:yubikey-luks, while it leaks some features, and upstream seems not active now. https://github.com/cornelinux/yubikey-luks/pull/92 > > PIN-less is also supported, if the PINs are present in > > /etc/cryptsetup/2fa.conf. > > I'm not really thrilled to see /etc/cryptsetup (and /lib/cryptsetup) > used outside src:cryptsetup. These directories are not documented as > drop-in. > > -- > Guilhem.