-
Notifications
You must be signed in to change notification settings - Fork 58
/
ykluks.cfg
29 lines (23 loc) · 1.25 KB
/
ykluks.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# If you change this file, you need to run
# update-initramfs -u
# Set to the prompt that appears when the LUKS password is needed to decrypt
# the volume protected with a Yubikey
WELCOME_TEXT="Please insert Yubikey and press enter or enter a valid passphrase"
# Set to "1" if you want both your password and Yubikey response be bundled
# together and written to the key slot
CONCATENATE=0
# Set to "1" if you want to hash your password with sha256.
HASH=0
# Set which Slot to use (1 or 2), defaults to 2
YUBIKEY_LUKS_SLOT=2
# Set this to "1" if you want to use Yubikey with suspend (default to 0)
SUSPEND=0
# Set this to a previously-enrolled challenge password if you want to use 1FA
# (one-factor authentication), which checks for the paired Yubikey's presence.
# This will suppress the interactive prompt for the password during boot time.
# If the Yubikey is not presetnt at boot time, then the password prompt
# is displayed and will unlock if one of the LUKS slots is using that as
# a normal password. This is weaker than 2-factor authentication, but allows
# for an unattended boot so long as the Yubikey is present.
# Leave this empty (or unset), if you want to do 2FA -- i.e. being asked for the password during boot time.
# YUBIKEY_CHALLENGE="password"