Tang and Clevis can be used in order to unlock disks over network. This post will not cover all possible ways how to unlock LUKS devices. It will focus on unlocking devices over network if both TPM2 and Tang are available. The disk can only be decrypted if it is still on the same mainboard (connected to the same TPM 2 device) and if the Tang server is reachable. A more complex setup with multiple Tang servers is also possible. ...
This is a short howto enable WiFi early in initramfs. There are several reasons why this can be helpful. One possible reason is to use Tang/Clevis for full disk encryption. This post should give a short walk through how to enable WiFi early in initramfs. Special thanks goes to fangfufu who made the actual work. There is no relationship to fangfufu, I just found this repository and tried it out. On a Debian / Ubuntu often initramfs is used. The setup will not work for dracut. ...
In this blog post I will show how LUKS works perfect with FIDO2 devices. You can learn how to setup a LUKS device and then switch from password to a FIDO2 device. This ensures, that not only a password is required but also a hardware device (security factors “Knowledge: Something you know” and “Possession: Something you have”). Test environment setup First we will setup a small test environment. Let’s create a small new (virtual) disk. ...
What is dn42? DN42 (wikipedia) is a big internet overlay network (also called darknet). It’s less about the services within this network and more about the routing protocols. The participants have to connect to each other usually over a vpn tunnel and through those vpn tunnels they establish a bgp session. Instead of building a small lab somewhere, this projects provides a big network of networks with more than 1500 subnets. ...
I recently had to deal with a bunch of Yubikeys. I wanted to reuse them for another purpose and therefore I wanted to factory reset them. This post won’t describe how to factory reset the whole Yubikey. Yubikeys have multiple parts, e.g. slot 1 and 2 and a Smart Card (PIV). During this post you can learn how to reset the Smart Card (PIV) and how to generate and flash a new OpenPGP key. ...