Vincent43
Vincent43
This should be fixed in mkinitcpio v34, https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio/-/commit/7930b797a255505f84120f07cab3893cc1f31a3e
That would need grub to support ykfde or yubikey in general which is rather unlikely. Depending on your use case you you may use [uki](https://wiki.archlinux.org/title/Unified_kernel_image) + secure boot instead (storing...
No, I'm not familiar with grub scripting. Beside ykfde you would need also [yubikey-personalization](https://archlinux.org/packages/extra/x86_64/yubikey-personalization/) support which ykfde depends on so this is really nontrivial to achieve.
> Environment variables are considered to be safe on most Linux systems. Environment variables definitely aren't considered safe for storing secrets as they leak as easy as command args i.e....
As discussed in the [issue](https://github.com/agherzan/yubikey-full-disk-encryption/issues/101#issuecomment-1644569143) ykman isn't drop-in replacement for yubikey-personalization so this is incompatible change
Yes yubikey-manager has a lot of python [deps](https://archlinux.org/packages/extra/any/yubikey-manager/). Adding them to initramfs would be a challenge.
> I'm probably being a bit obtuse right now, but didn't ykchalresp require the challenge in hex as well, and we get it in hex from sha256sum anyway? No, ykchalresp...
BTW: there is https://github.com/Frederick888/ykchalresp-nfc which we support to some [degree](https://github.com/agherzan/yubikey-full-disk-encryption#enable-nfc-support-in-ykfde-initramfs-hook-experimental).
I found the fact ykman encodes challenge as hex is the answer. If I call ykchalresp in _hex mode_ then the output matches: ``` ❯ ykchalresp -2 -x 61e748be34d998d8c5a13db63c2b50c4f129d2828a46bae182e6ddec5ff1ff8a a47aa802aedcf28c6f0391d74028da887f006e8d...
Note that in Arch ykman (yubikey-manager) package depends on yubikey-personalization so all users always need them both installed.