Re: USB key requirement.
On Tue, 11 Jan 2011 22:52:06 +0100
deloptes <email@example.com> wrote:
> > My case is different in the sense that I'm not decrypting my block
> > volumes, just halting a boot sequence.
> There is something wrong with the setup of your case.
> If you are doing a diskless boot from a share ... how could you use a
> device (usb or something else) to authenticate before the system has
> booted? The idea with the GPG/PGP key is not bad, but it won't help
> you for the setup with the USB drive.
I figured that after the root partition is mounted (nfs), I would have
an init.d script that would work its magic.. if it's there, allow the
continuation of the boot sequence (load gdm and other non-essential
services). All I would require is to match against an encrypted key
without user intervention.
> Q: Do you have a keyboard and is it desirable to use it on boot time?
> Or you want just to plugin and if the right usb is inside the boot
> will go on. you can do this after the system has already booted and
> you can access the usb from the diskless station.
Second option, no keyboard interaction is required in my mind. If you
miss having the usb stick inserted, then to move forward, hit the reset
> Q: have you heard of security
I have heard of them, but I don't personally understand the actual
difference of a specialized key, versus a usb block device with an
encryption file on it.