Writing support for Yubikey in Grub?

[Andrew Ross]

I'm contemplating an attempt at writing a module to enable use of the 
challenge-response feature of the Yubikey to provide part of the 
passphrase for a luks partition, using grub to do the initial 
decryption. I'm after some advice on whether this is going to be 
impossible or not.

The device is a USB token, and appears with a few different device 
descriptors. The one I'll need is the HID one:

    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        1
      bAlternateSetting       0
      bNumEndpoints           2
      bInterfaceClass         3 Human Interface Device
      bInterfaceSubClass      0 No Subclass
      bInterfaceProtocol      0 None
      iInterface              0
        HID Device Descriptor:
          bLength                 9
          bDescriptorType        33
          bcdHID               1.10
          bCountryCode            0 Not supported
          bNumDescriptors         1
          bDescriptorType        34 Report
          wDescriptorLength      34

In the libusb version of the code, the main API calls that are used 
(along with the ones to find the devices, etc) are:
usb_claim_interface
usb_control_msg
usb_release_interface

Obviously I'll need to replace these with some code just using grub2 
apis. It looks like the usb_keyboard module might already have some 
support for HID devices. And grub_usb_control_msg looks like the 
equivalent to usb_control_msg.

So, do you think this is realistic? I'll start by trying to expose the 
challenge-response as a function before worrying about using it for the 
actual crypt.

Also, any tips on debugging this without endless rebooting gratefully 
received.

Thanks,
Andy