On Monday, 18 September 2017 23:32:53 UTC-4, cooloutac wrote:
> On Sunday, September 10, 2017 at 6:02:24 PM UTC-4, joev...@gmail.com wrote:
> > On Monday, 29 August 2016 01:34:11 UTC-4, Raphael Susewind wrote:
> > > > while initially I thought it would be interesting to try, the only
> > > > sit
On Sunday, September 10, 2017 at 6:02:24 PM UTC-4, joev...@gmail.com wrote:
> On Monday, 29 August 2016 01:34:11 UTC-4, Raphael Susewind wrote:
> > > while initially I thought it would be interesting to try, the only
> > > situation when yubikey could actually improve security is having to boot
On Monday, 29 August 2016 01:34:11 UTC-4, Raphael Susewind wrote:
> > while initially I thought it would be interesting to try, the only
> > situation when yubikey could actually improve security is having to boot a
> > Qubes PC under unavoidable surveilance.
>
> came to the same conclusion - p
> while initially I thought it would be interesting to try, the only situation
> when yubikey could actually improve security is having to boot a Qubes PC
> under unavoidable surveilance.
came to the same conclusion - probably not worth the security
tradeoff... Perhaps one can implement a 2FA so
after giving it a thought I decided keep usb devices out of dom0. the solution
for debian is real 2FA but ykfde is for lazy people. I gave it as an example of
dracut hooks. theoretically you can rearrange hooks so that yubikey
authentification happens before rd.qubes.hide_all_usb is processed bu
> this is an interesting idea. initramfs is generated by dracut. read this
> https://github.com/nj0y/ykfde/blob/master/README-dracut.md
Yes, I gave ykfde a try. Problem is that Qubes still shows its custom
FDE password screen on startup, and never the ykfde second factor one...
(possibly - but j
this is an interesting idea. initramfs is generated by dracut. read this
https://github.com/nj0y/ykfde/blob/master/README-dracut.md
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2016-08-25 06:55, Raphael Susewind wrote:
> Dear all,
>
> how can I create a custom initramfs for dom0, using the current one as
> template? I was hoping for something like initramfs-tools in Debian...
>
> The aim is to include yubikey-luks in
Dear all,
how can I create a custom initramfs for dom0, using the current one as
template? I was hoping for something like initramfs-tools in Debian...
The aim is to include yubikey-luks in the FDE unlocking:
https://github.com/cornelinux/yubikey-luks
There might be other usecases, too - perhaps
