From 089c46db4a3c89dd8ba670419369c405bec3a270 Mon Sep 17 00:00:00 2001 From: Anton Hvornum Date: Wed, 18 May 2022 13:57:44 +0200 Subject: Added PIN support for FIDO2 devices (#1209) * Adding support for PIN for FIDO2 unlock * Added a more clear output since systemd-cryptenroll isn't clear on it's output --- archinstall/lib/hsm/fido.py | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'archinstall') diff --git a/archinstall/lib/hsm/fido.py b/archinstall/lib/hsm/fido.py index 69f42890..8707ac52 100644 --- a/archinstall/lib/hsm/fido.py +++ b/archinstall/lib/hsm/fido.py @@ -1,7 +1,10 @@ import typing import pathlib +import getpass +import logging from ..general import SysCommand, SysCommandWorker, clear_vt100_escape_codes from ..disk.partition import Partition +from ..general import log def get_fido2_devices() -> typing.Dict[str, typing.Dict[str, str]]: """ @@ -41,7 +44,14 @@ def get_fido2_devices() -> typing.Dict[str, typing.Dict[str, str]]: def fido2_enroll(hsm_device_path :pathlib.Path, partition :Partition, password :str) -> bool: worker = SysCommandWorker(f"systemd-cryptenroll --fido2-device={hsm_device_path} {partition.real_device}", peak_output=True) pw_inputted = False + pin_inputted = False while worker.is_alive(): if pw_inputted is False and bytes(f"please enter current passphrase for disk {partition.real_device}", 'UTF-8') in worker._trace_log.lower(): worker.write(bytes(password, 'UTF-8')) pw_inputted = True + + elif pin_inputted is False and bytes(f"please enter security token pin", 'UTF-8') in worker._trace_log.lower(): + worker.write(bytes(getpass.getpass(" "), 'UTF-8')) + pin_inputted = True + + log(f"You might need to touch the FIDO2 device to unlock it if no prompt comes up after 3 seconds.", level=logging.INFO, fg="yellow") \ No newline at end of file -- cgit v1.2.3-54-g00ecf