RomanNum3ral
/
archinstall
mirror of https://github.com/archlinux/archinstall.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added PIN support for FIDO2 devices (#1209) 

* Adding support for PIN for FIDO2 unlock

* Added a more clear output since systemd-cryptenroll isn't clear on it's output
This commit is contained in:
Anton Hvornum 2022-05-18 13:57:44 +02:00 committed by GitHub
parent e154a6809d
commit 089c46db4a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
archinstall/lib/hsm/fido.py
View File

@ -1,7 +1,10 @@
import typing
import pathlib
import getpass
import logging
from ..general import SysCommand, SysCommandWorker, clear_vt100_escape_codes
from ..disk.partition import Partition
from ..general import log
def get_fido2_devices() -> typing.Dict[str, typing.Dict[str, str]]:
"""
@ -41,7 +44,14 @@ def get_fido2_devices() -> typing.Dict[str, typing.Dict[str, str]]:
def fido2_enroll(hsm_device_path :pathlib.Path, partition :Partition, password :str) -> bool:
worker = SysCommandWorker(f"systemd-cryptenroll --fido2-device={hsm_device_path} {partition.real_device}", peak_output=True)
pw_inputted = False
pin_inputted = False
while worker.is_alive():
if pw_inputted is False and bytes(f"please enter current passphrase for disk {partition.real_device}", 'UTF-8') in worker._trace_log.lower():
worker.write(bytes(password, 'UTF-8'))
pw_inputted = True
elif pin_inputted is False and bytes(f"please enter security token pin", 'UTF-8') in worker._trace_log.lower():
worker.write(bytes(getpass.getpass(" "), 'UTF-8'))
pin_inputted = True
log(f"You might need to touch the FIDO2 device to unlock it if no prompt comes up after 3 seconds.", level=logging.INFO, fg="yellow")