You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The fido2 specification includes the hmac-secret extension that is supported by most vendors and can be used as substitude for a local password.
Recent contributions to systemd-homed have already provided an option to use hmac-secret for both login and automatic fscrypt decryption through pam. However, it would be great to have this feature available outside of systemd-homed as well.
A minor adjustment of the fscrypt-pam module could allow the use of the hmac-secret for fscrypt to provide the same functionality.
This could possibly be introduced as a fourth option during setup as well.
Is there some way to sponsor this feature?
It sounds like it would not be too difficult to implement for someone familiar with pam modules and at the moment the only alternative is systemd-homed which still uses fscrypt v1 policy.
The fido2 specification includes the hmac-secret extension that is supported by most vendors and can be used as substitude for a local password.
Recent contributions to systemd-homed have already provided an option to use hmac-secret for both login and automatic fscrypt decryption through pam. However, it would be great to have this feature available outside of systemd-homed as well.
A minor adjustment of the fscrypt-pam module could allow the use of the hmac-secret for fscrypt to provide the same functionality.
This could possibly be introduced as a fourth option during setup as well.
Related to #250
The text was updated successfully, but these errors were encountered: