Page MenuHomePureOS Tracker

Libremkey smartcard-key-luks risk when changing key
Open, NormalPublic

Description

Hello, I received my libremkey last week and started using it, thnaks for the quick delivery !

The script smartcard-key-luks didn't work out of the box with my librem v2, (probably because I added a drive and sda was renamed to sdb in te process and the crypttab name was not UUID based).
So I did run the script manually. At first run I missed adding the keyring to the initramfs, so a comment just above line 70 could help others.

Also by reading the comment on this commit it looks that there is a risk in the sequence here :

The script replace the keyring first and then only update cryptkey.gpg if it does not exists.

That could lead to replacing the keyring without updating the cryptkey.gpg which I guess will have the same effect as my missing keyring...

Hope this helps,
Julien VdG

P.S.: I should probably have open this discussion on source.puri.sm but it require another registering so I didn't bother... sorry.

Event Timeline

JulienVdG created this task.May 22 2019, 01:56

Thanks for opening the discussion here.

jeremiah.foster triaged this task as Normal priority.Oct 22 2019, 06:46