On Sun, 23 Sep 2018 at 16:00:30 +0200, Peter Lebbing wrote: > I'm not really happy with the "wait for a random smartcard to be > available and import that as stubs" solution,
Note that in principle we can wait for a smartcard with a given serial number to be inserted, with `gpg-connect-agent 'SCD SERIALNO openpgp' /bye` or similar. > but copying the whole homedir might need some more tuning as > well... Or we just accept that people who put data in a directory named > cryptsetup-initramfs should expect that this data ends up in their > initramfs, and limit our safety checks. We can still document it, > obviously, with a clearly phrased warning that although the key itself > is encrypted, nothing else is. If we want this to be widely used we should make initramfs image generation as quiet as possible. Users (understandably) become worried — and file bugs — when kernel upgrades or similar produce warnings, especially when early boot stage is involved ;-) > Anyway, Guilhem, thanks for working on this! Well, thank you for the original code! :-) -- Guilhem.
signature.asc
Description: PGP signature
