From 493cccc18fa8c77c362b6abee2c3dc89d331c792 Mon Sep 17 00:00:00 2001 From: Anton Hvornum Date: Wed, 18 May 2022 11:28:59 +0200 Subject: Added a HSM menu entry (#1196) * Added a HSM menu entry, but also a safety check to make sure a FIDO device is connected * flake8 complaints * Adding FIDO lookup using cryptenroll listing * Added systemd-cryptenroll --fido2-device=list * Removed old _select_hsm call * Fixed flake8 complaints * Added support for locking and unlocking with a HSM * Removed hardcoded paths in favor of PR merge * Removed hardcoded paths in favor of PR merge * Fixed mypy complaint * Flake8 issue * Added sd-encrypt for HSM and revert back to encrypt when HSM is not used (stability reason) * Added /etc/vconsole.conf and tweaked fido2_enroll() to use the proper paths * Spelling error * Using UUID instead of PARTUUID when using HSM. I can't figure out how to get sd-encrypt to use PARTUUID instead. Added a Partition().part_uuid function. Actually renamed .uuid to .part_uuid and created a .uuid instead. * Adding missing package libfido2 and removed tpm2-device=auto as it overrides everything and forces password prompt to be used over FIDO2, no matter the order of the options. * Added some notes to clarify some choices. * Had to move libfido2 package install to later in the chain, as there's not even a base during mounting :P --- .flake8 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.flake8') diff --git a/.flake8 b/.flake8 index 39310a6c..d69ec92e 100644 --- a/.flake8 +++ b/.flake8 @@ -1,7 +1,7 @@ [flake8] count = True # Several of the following could be autofixed or improved by running the code through psf/black -ignore = E123,E126,E128,E203,E231,E261,E302,E402,E722,F541,W191,W292,W293 +ignore = E123,E126,E128,E203,E231,E261,E302,E402,E722,F541,W191,W292,W293,W503 max-complexity = 40 max-line-length = 236 show-source = True -- cgit v1.2.3-54-g00ecf