diff options
| author | Luca Boccassi <luca.boccassi@microsoft.com> | 2021-04-12 22:48:05 +0100 |
|---|---|---|
| committer | Luca Boccassi <bluca@debian.org> | 2021-05-07 21:36:27 +0100 |
| commit | 06f087192d27d6bbb237f8966c2fa2d6b790f7f2 (patch) | |
| tree | 8daf3fe42fdf69acc142c0fe2669e179e7b29bc4 /src/home/homectl-fido2.c | |
| parent | cde2f8605e0c3842f9a87785dd758f955f2d04ba (diff) | |
| download | systemd-06f087192d27d6bbb237f8966c2fa2d6b790f7f2.tar.gz | |
FIDO2: ask and record whether user presence was used to lock the volume
In some cases user presence might not be required to get _a_
secret out of a FIDO2 device, but it might be required to
the get actual secret that was used to lock the volume.
Record whether we used it in the LUKS header JSON metadata.
Let the cryptenroll user ask for the feature, but bail out if it is
required by the token and the user disabled it.
Enabled by default.
Diffstat (limited to 'src/home/homectl-fido2.c')
| -rw-r--r-- | src/home/homectl-fido2.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/home/homectl-fido2.c b/src/home/homectl-fido2.c index 76775ee6bd..a2054fcf73 100644 --- a/src/home/homectl-fido2.c +++ b/src/home/homectl-fido2.c @@ -158,7 +158,7 @@ int identity_add_fido2_parameters( /* user_display_name= */ rn ? json_variant_string(rn) : NULL, /* user_icon_name= */ NULL, /* askpw_icon_name= */ "user-home", - FIDO2ENROLL_PIN, // FIXME: add a --lock-with-pin parameter like cryptenroll + FIDO2ENROLL_PIN | FIDO2ENROLL_UP, // FIXME: add a --lock-with-pin/up parameter like cryptenroll &cid, &cid_size, &salt, &salt_size, &secret, &secret_size, |