[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
LUKS Encryption and Fingerprint readers?
|
From: |
TJ |
|
Subject: |
LUKS Encryption and Fingerprint readers? |
|
Date: |
Thu, 15 Aug 2013 17:51:03 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8 |
I was searching for any hint that GRUB might support using a fingerprint
reading device as input for unlocking encryption.
I found discussion on the mailing list from 2009 centred mostly around TPM
which didn't seem to go anywhere, so I wondered what the current thoughts are
on supporting one?
The use-case I have is a fleet of laptops equipped with fingerprint readers
running Linux which need to be secure in the event of theft. BIOS passwords
will be used. The hard disks will be using
full-disk LUKS encryption. I'd like to avoid using pass-phrases since complex
phrases inevitably end up being forgotten by users, which points to using a
key-file.
I've been unsuccessful in determining if support for a key-file via an external
USB device is supported, but that led me to thinking that using the built-in
fingerprint reader as a source of the key
(via integration of the libfprint [1]) might also be possible.
So I'd like to know what support for key-files and/or fingerprint reading
is/could be as input for LUKS unlocking?
My other thought, to keep things simple, is to encrypt the entire hard drive
and install GRUB and the /boot/ files on the removable USB key. More clunky but
maybe easier to achieve.
[1] http://www.freedesktop.org/wiki/Software/fprint/libfprint/
- LUKS Encryption and Fingerprint readers?,
TJ <=