[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Writing support for Yubikey in Grub?
From: |
Andrew Ross |
Subject: |
Writing support for Yubikey in Grub? |
Date: |
Sun, 11 Jun 2017 23:11:02 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1 |
I'm contemplating an attempt at writing a module to enable use of the
challenge-response feature of the Yubikey to provide part of the
passphrase for a luks partition, using grub to do the initial
decryption. I'm after some advice on whether this is going to be
impossible or not.
The device is a USB token, and appears with a few different device
descriptors. The one I'll need is the HID one:
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 3 Human Interface Device
bInterfaceSubClass 0 No Subclass
bInterfaceProtocol 0 None
iInterface 0
HID Device Descriptor:
bLength 9
bDescriptorType 33
bcdHID 1.10
bCountryCode 0 Not supported
bNumDescriptors 1
bDescriptorType 34 Report
wDescriptorLength 34
In the libusb version of the code, the main API calls that are used
(along with the ones to find the devices, etc) are:
usb_claim_interface
usb_control_msg
usb_release_interface
Obviously I'll need to replace these with some code just using grub2
apis. It looks like the usb_keyboard module might already have some
support for HID devices. And grub_usb_control_msg looks like the
equivalent to usb_control_msg.
So, do you think this is realistic? I'll start by trying to expose the
challenge-response as a function before worrying about using it for the
actual crypt.
Also, any tips on debugging this without endless rebooting gratefully
received.
Thanks,
Andy
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Writing support for Yubikey in Grub?,
Andrew Ross <=