sdm icon indicating copy to clipboard operation
sdm copied to clipboard
verified publisher icon gitbls

Get Luks key from OTP?

Open henryjliu opened this issue 1 year ago • 1 comments

Any chance you can add getting the LUKS key from OTP on boot with initramfs? It's pretty easy with https://github.com/raspberrypi/rpi-eeprom/blob/e430a41e7323a1e28fb42b53cf79e5ba9b5ee975/tools/rpi-otp-private-key

This would make it a lot more convenient and secure. Namely can sign the boot loader to prevent it from being modified then just decrypt LUKS automatically for reasonably security.

Sure you can dump the key if you manage root access but without root access, it seems secure.

henryjliu avatar Jul 29 '24 00:07 henryjliu

I've actually got this on my todo list, and have a couple of yubi keys in hand. I'll def get to it, no target date yet.

In the meantime, I hope you're finding sdm useful for your Pi projects.

gitbls avatar Jul 29 '24 00:07 gitbls