You are not logged in.
I am familiar with the more traditional methods, but I am having trouble locating a BBS forum post or blog post elsewhere where someone had done this with Arch. I am setting up a new laptop and would love to do it righ this time.
Set up LVM on a full-disk (no /boot on internal /dev/sdX) LUKS/dm-crypt partition, /dev/sdX1.
Set up /boot on an external USB drive, /dev/sdY1
Generate a keyfile and add that to a keyslot.
Create a LUKS partition /dev/sdY2 that holds just the keyfile, so it is protected with a passphrase.
Someone once suggested this is as close to 2FA with LUKS as I can get as a cheap bastard who will not buy a Yubikey and the older OpenSSL and GnuPG 1.x methods of 2FA with LUKS passphrase/keyfile are increasing pain.
Does anyone know what I am talking about? I keep searching BBS and Google and I cannot find what I am looking for. Sorry for such a stupid post but I clearly failed to bookmark this even though I saw great potential for it whent the time came.
Last edited by ajstein (2015-08-29 11:57:20)
Offline
Nevermind, the wiki has been updated with the post where the guy that came up with the method even posted to me asking about this a while ago. I cannot read the wiki, not scroll down on my old post.
https://bbs.archlinux.org/viewtopic.php?id=193451
PEBKAC on my part, marking this solved.
Offline