On Sunday, 22 October 2017 08:56:55 UTC-4, the2nd  wrote:
> Regarding the other questions/problems.
> 
> 2) If you want to unlock the luks device without yubikey you can use the 
> steps from the "Something went wrong :(" section, skipping step 4. This 
> should disable the ykluks module and re-enable normal luks handling for one 
> boot.
> 
Thanks.

> 3) I do have two notebooks with Qubes 3.2 and yubikey for luks unlock Both do 
> a re-prompt on wrong password. Can you please describe in detail what steps 
> could be used to reproduce?
I actually meant to write originally, that it is not a problem with wrong 
password.  But rather a timeout if waiting for a while.  Entering the password 
after a few minutes results in an error and I must reboot.
> 
> Thanks
> the2nd
> 
> 
> 
> 
> 
> 
> 
> 
> 
> On Tue, Oct 3, 2017 at 5:11 AM, Ron Hunter-Duvar <ro...@shaw.ca> wrote:
> On 10/02/2017 08:34 PM, joev...@gmail.com wrote:
> 
> 
> On Saturday, 5 August 2017 11:20:27 UTC-4, the2nd  wrote:
> 
> 
> Hi,
> 
> 
> 
> i switched to Qubes OS 3.2 on my notebook some weeks ago. Besides some issues 
> i had it works very well.
> 
> 
> 
> One problem was to get the installer to install qubes on LVM-on-LUKS. I 
> preferred this over the default LUKS-on-LVM setup because you dont have to 
> encrypt any LV separately.
> 
> ...
> 
> Please note that the current version will probably not work with a default 
> qubes LUKS-on-LVM installation. But if some experienced user is willing to 
> help testing i'll try to come up with a version that supports this too.
> 
> 
> 
> Besides the yubikey/luks stuff the module handles the rd.qubes.hide_all_usb 
> stuff via its own rd.ykluks.hide_all_usb command line parameter because the 
> yubikey is connected via USB and needs to be accessable until we got the 
> challenge from it. i am still unsure if this is the best method to implement 
> this. So if anyone with a deeper knowledge of qubes/dracut does have a 
> better/more secure solution i happy about any help.
> 
> 
> 
> Regards
> 
> the2nd
> 
> 
> This is working great for me.
> 
> A few questions though:
> 
> 
> 
> 1)  The default Qubes 3.2 install seems to be LVM-on-LUKS where there is only 
> one LUKS encryption and root/swap LVMs within that.  So your instructions 
> work with the default install.
> 
> 
> 
> ...
> 
> 
> I'd have to say that the2nd is right. I didn't notice on my first Qubes 3.2 
> install, because I only had one encrypted partition on my OS drive (skipped a 
> swap partition, despite the installer's whining). Second time around I gave 
> in and created one.
> 
> 
> 
> lsblk shows sda2 with a luks-encrypted / within it, and sda3 with a 
> luks-encrypted swap. If it were LVM-on-LUKS, it would be a single 
> luks-encrypted partition two logical volumes within it.
> 
> 
> 
> Ron
> 
> 
> 
> PS: I'm a Qubes-noob, but long-time Linux user.
> 
> 
> 
> -- 
> 
> You received this message because you are subscribed to a topic in the Google 
> Groups "qubes-users" group.
> 
> To unsubscribe from this topic, visit 
> https://groups.google.com/d/topic/qubes-users/hB0XaquzBAg/unsubscribe.
> 
> To unsubscribe from this group and all its topics, send an email to 
> qubes-users...@googlegroups.com.
> 
> To post to this group, send email to qubes...@googlegroups.com.
> 
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/814cee70-0b5c-12a4-ee3e-bdb1f5479f3e%40shaw.ca.
> 
> 
> 
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/78d52a21-22fd-4fea-9c24-996ec5d86ad9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to