The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Yubikey-full-disk-encryption Alternatives
Similar projects and alternatives to yubikey-full-disk-encryption
-
rclone
"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Wasabi, Google Cloud Storage, Yandex Files
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
heads
A minimal Linux that runs as a coreboot or LinuxBoot ROM payload to provide a secure, flexible boot environment for laptops, workstations and servers.
-
-
fido2luks
Decrypt your LUKS partition using a FIDO2 compatible authenticator
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
sbupdate
Discontinued Generate and sign kernel images for UEFI Secure Boot on Arch Linux
-
solokey-full-disk-encryption
Use SoloKey to unlock a LUKS encrypted partition
-
OpenSC
Open source smart card tools and middleware. PKCS#11/MiniDriver/Tokend
-
yubikey-luks
Two factor authentication for harddisk encryption
-
wireguard-initramfs
Use dropbear over wireguard.
-
zfsUnlocker
A modular zfs unlocker hook for mkinitcpio on Archlinux.
-
disk-encryption-hetzner
Discontinued Encrypt a hetzner server from the "serverbörse" and unlock it remote via ssh
-
GlobalPlatformPro
🌐 🔐 Manage applets and keys on JavaCard-s like a pro (via command line or from your Java project)
-
pam-u2f
Pluggable Authentication Module (PAM) for U2F and FIDO2
-
https-keyscript
Allow a machine with an encrypted boot drive to passwordlessly boot by fetching a key over HTTPS.
-
dracut-sshd
Provide SSH access to initramfs early user space on Fedora and other systems that use Dracut
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
yubikey-full-disk-encryption reviews and mentions
- I have seen in a lot of posts here people say not to use Google Authentication for 2FA. Can someone simply explain why, and what should I use instead?
-
LUKS with Yubikey
Would using this be possible? https://github.com/agherzan/yubikey-full-disk-encryption/tree/master/src
-
Getting LUKS, Btrfs, Hibernation and Swap file working in tandem
> Hibernate is less interesting, and apparently unsupported using secure boot anyway.
That's not the case. I have a similar setup to yours (/ on ext4 with separate swap, on LVM on LUKS, separate /efi) and my box hibernates just fine with secure boot and auto-unlock via TPM.
The difference with your setup is I don't use grub, but have the UEFI load a signed unified kernel image directly. Since this works so well, I never had a reason to mess around with yet another moving piece (grub or other bootloader).
As another commenter said, I haven't attempted to mess around with the MOK. I just replaced all the secure boot keys with my own, and I've also signed MS's Windows key (but not the 3rd party one) for my dual-boot needs.
---
For specifics: This is an up-to-date Arch Linux install, running on an HP EliteBook 840 G8 (11th gen intel). I know Debian may have older components than arch, but this setup has been working for more than a year now.
IIRC, the most significant change was brought by systemd 251 which started supporting auto-unlocking LUKS with the TPM. Before that, on an older computer with the same general setup, hibernation worked well, too. I just needed to input the unlock password (which I was too lazy to do, so I just used my yubikey - see https://github.com/agherzan/yubikey-full-disk-encryption).
-
systemd 253 Released With Ukify Tool, systemd-cryptenroll Unlocking Via FIDO2 Tokens
Does yubikey-full-disk-encryption provide anything systemd 253 doesn't now?
-
Tillitis Security Key – Mullvad spin-off inspired by measured boot and DICE
Do you mean something like this: https://github.com/agherzan/yubikey-full-disk-encryption
-
Encrypt data on server (Linux, LUKS) on Raspberry Pi
Full disk encryption is rarely as portable as simply encrypting the files you need. When I ran a “homemade” NAS, I had everything LUKS encrypted. I used a Yubikey to unlock the encrypted data.
-
Using a YubiKey to unlock LUKS - How to secure or encrypt /boot?
A few days ago I akquiriere a Yubikey and I'm currently trying to set up 2FA with the Yubikey and a password to unlock the LUKS container. Since I am running Arch I came across the yubikey-full-disk-encryption package and tested it in an Arch VM. So far it worked really well. The only issue I am having is that compared to my old setup I need to have /boot unencrypted because it seems GRUB itself cannot deal with the 2FA setup and ykfde if /boot is encrypted. Previously I had most of /boot inside the LUKS volume with only the /efi part unencrypted (this is used when telling grub where the efi-directory is - see the previous guide for the full details please) and the GRUB_ENABLE_CRYPTODISK=y option set in the GRUB config.
-
LUKS boot unlock fido2 issue
I don't know about the hanging, I use yubikey-full-disk-encryption which uses challenge-response (1FA or 2FA) which you can set up how many attempts to use the YubiKey before it falls back to the passphrase.
-
Is it possible to crack drive encryption without header?
Related: https://github.com/agherzan/yubikey-full-disk-encryption
-
How safe is encryption?
https://github.com/cornelinux/yubikey-luks or https://github.com/agherzan/yubikey-full-disk-encryption with yubikey 5 will get you going. It is a bit expensive to get two keys (regular and backup), but these can be also used to secure most of the online accounts.
-
A note from our sponsor - WorkOS
workos.com | 18 Apr 2024
Stats
agherzan/yubikey-full-disk-encryption is an open source project licensed under Apache License 2.0 which is an OSI approved license.
The primary programming language of yubikey-full-disk-encryption is Shell.
Popular Comparisons
- yubikey-full-disk-encryption VS dracut
- yubikey-full-disk-encryption VS fido2luks
- yubikey-full-disk-encryption VS solokey-full-disk-encryption
- yubikey-full-disk-encryption VS wireguard-initramfs
- yubikey-full-disk-encryption VS zfsUnlocker
- yubikey-full-disk-encryption VS void-packages
- yubikey-full-disk-encryption VS disk-encryption-hetzner
- yubikey-full-disk-encryption VS https-keyscript
- yubikey-full-disk-encryption VS booster
- yubikey-full-disk-encryption VS dracut-sshd