On 11/6/23 17:01, tetrosalame wrote:
Il 05/11/2023 12:16, m...@phosphorus.com.br ha scritto:
[...]
Now I use FDE with a keydisk, but would like to protect the bootable
system with a keydisk + passphase (something you have + something you
know).
Any chance doing this directly using bioctl ?
I don't think so: softraid's on-disk volume key can be encrypted with
a keydisk or with a passphrase. Not both of them.
See this recent explanation written by Stefan Sperling:
https://marc.info/?l=openbsd-misc&m=168500028802972&w=2
@https://marc.info/?l=openbsd-misc&m=168500028802972&w=2
It is not yet possible to encrypt a key disk with a passphrase, which would
provide two-factor authentication. There is no technical reason which would
prevent this from being implemented, it just hasn't been done.
Thanks. Will take a look in the code.