-
Notifications
You must be signed in to change notification settings - Fork 51
/
ykfde.conf
53 lines (39 loc) · 1.67 KB
/
ykfde.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
### Configuration for 'yubikey-full-disk-encryption'.
### Remove hash (#) symbol and set non-empty ("") value for chosen options to
### enable them.
### *REQUIRED* ###
# Set to non-empty value to use 'Automatic mode with stored challenge (1FA)'.
#YKFDE_CHALLENGE=""
# Use 'Manual mode with secret challenge (2FA)'.
#YKFDE_CHALLENGE_PASSWORD_NEEDED="1"
# YubiKey slot configured for 'HMAC-SHA1 Challenge-Response' mode.
# Possible values are "1" or "2". Defaults to "2".
#YKFDE_CHALLENGE_SLOT="2"
### OPTIONAL ###
# Enable communication with YubiKey via NFC (Experimental).
#YKFDE_NFC="1"
# UUID of device to unlock with 'cryptsetup'.
# Leave empty to use 'cryptdevice' boot parameter.
#YKFDE_DISK_UUID=""
# LUKS encrypted volume name after unlocking.
# Leave empty to use 'cryptdevice' boot parameter.
#YKFDE_LUKS_NAME=""
# Device to unlock with 'cryptsetup'. If left empty and 'YKFDE_DISK_UUID'
# is enabled this will be set as "/dev/disk/by-uuid/$YKFDE_DISK_UUID".
# Leave empty to use 'cryptdevice' boot parameter.
#YKFDE_LUKS_DEV=""
# Optionally pass '--allow-discards' to 'cryptsetup' for TRIM
# support. Leave empty to use 'cryptdevice' boot parameter.
#YKFDE_LUKS_OPTIONS="--allow-discards"
# Number of times to try assemble 'ykfde passphrase' and run 'cryptsetup'.
# Defaults to "5".
#YKFDE_CRYPTSETUP_TRIALS="5"
# Number of seconds to wait for inserting YubiKey, "-1" means 'unlimited'.
# Defaults to "30".
#YKFDE_CHALLENGE_YUBIKEY_INSERT_TIMEOUT="30"
# Number of seconds to wait after successful decryption.
# Defaults to empty, meaning NO wait.
#YKFDE_SLEEP_AFTER_SUCCESSFUL_CRYPTSETUP=""
# Verbose output. It will print all secrets to terminal.
# Use only for debugging.
#DBG="1"