update & tidy readme

2020-01-15 16:41:44 +01:00 · 2020-01-15 16:41:44 +01:00 · 7ed948d53b
commit 7ed948d53b
parent c4e08413c0
1 changed files with 18 additions and 13 deletions
--- a/README.md
+++ b/README.md
@ -17,18 +17,22 @@ dnf install cargo cryptsetup-devel -y
 ```
 git clone https://github.com/shimunn/fido2luks.git && cd fido2luks

-#Alternativly cargo build --release && sudo cp target/release/fido2luks /usr/bin/
-CARGO_INSTALL_ROOT=/usr sudo -E cargo install -f --path .
+# Alternativly cargo build --release && sudo cp target/release/fido2luks /usr/bin/
+sudo -E cargo install -f --path . --root /usr

-echo FIDO2LUKS_CREDENTIAL_ID=$(fido2luks credential) >> dracut/96luks-2fa/fido2luks.conf
+# Copy template
+cp dracut/96luks-2fa/fido2luks.conf /etc/
+# Name is optional but useful if your authenticator has a display
+echo FIDO2LUKS_CREDENTIAL_ID=$(fido2luks credential [NAME]) >> /etc/fido2luks.conf

+# Load config into env
 set -a
-. dracut/96luks-2fa/fido2luks.conf
+. /etc/fido2luks.conf

-#Repeat for each luks volume
+# Repeat for each luks volume
 sudo -E fido2luks -i add-key /dev/disk/by-uuid/<DISK_UUID>

-#Test(only works if the luks container isn't active)
+# Test(only works if the luks container isn't active)
 sudo -E fido2luks -i open /dev/disk/by-uuid/<DISK_UUID> luks-<DISK_UUID>

 ```
@ -45,13 +49,13 @@ sudo make install

 Add `rd.luks.2fa=<CREDENTIAL_ID>:<DISK_UUID>` to `GRUB_CMDLINE_LINUX` in /etc/default/grub

-Note: This is only required for your root disk, systemd will try to unlock all other luks partions using the same key if you added it using `fido2luks add-key`
+Note: This is only required for your root disk, systemd will try to unlock all other LUKS partions using the same key if you added it using `fido2luks add-key`

 ```
 grub2-mkconfig > /boot/grub2/grub.cfg
 ```

-I'd also recommend to copy the executable onto /boot so that it is accessible in case you have to access your disk from a live system
+I'd also recommend to copy the executable onto /boot so that it is accessible in case you have to access your disk from a rescue system

 ```
 mkdir /boot/fido2luks/
@ -61,12 +65,12 @@ cp /etc/fido2luks.conf /boot/fido2luks/

 ## Test

-Just reboot and see if it works, if thats the case you should remove your old less secure password from your luks header:
+Just reboot and see if it works, if that's the case you should remove your old less secure password from your LUKS header:

 ```
-#Recommend in case you lose your authenticator, store this backupfile somewhere safe
+# Recommend in case you lose your authenticator, store this backupfile somewhere safe
 cryptsetup luksHeaderBackup /dev/disk/by-uuid/<DISK_UUID> --header-backup-file luks_backup_<DISK_UUID>
-#There is no turning back if you mess this up, make sure you made a backup
+# There is no turning back if you mess this up, make sure you made a backup
 fido2luks -i add-key --exclusive /dev/disk/by-uuid/<DISK_UUID>
 ```

@ -74,9 +78,10 @@ fido2luks -i add-key --exclusive /dev/disk/by-uuid/<DISK_UUID>

 ### Password less

-Remove your previous secret as described in the next section, incase you already added one.
+Remove your previous secret as described in the next section, in case you've already added one.

 Open `/etc/fido2luks.conf` and replace `FIDO2LUKS_SALT=Ask` with `FIDO2LUKS_SALT=string:<YOUR_RANDOM_STRING>`
+but be warned that this password will be included to into your initramfs.

 Import the new config into env:

@ -96,5 +101,5 @@ set -a
 . fido2luks.conf
 sudo -E fido2luks -i replace-key /dev/disk/by-uuid/<DISK_UUID>

-sudo rm -rf /usr/lib/dracut/modules.d/96luks-2fa /etc/dracut.conf.d/luks-2fa.conf
+sudo rm -rf /usr/lib/dracut/modules.d/96luks-2fa /etc/dracut.conf.d/luks-2fa.conf /etc/fido2luks.conf
 ```