extended readme

README.md

@@ -1,6 +1,6 @@
 # fido2luks
 
-This will allow you to unlock your luks encrypted disk with an fido2 compatable key
+This will allow you to unlock your luks encrypted disk with an fido2 compatible key
 
 Note: This has only been tested under Fedora 30 using a Solo Key
 
@@ -43,14 +43,22 @@ sudo make install
 
 ### Grub
 
-Add `rd.luks.2fa=<CREDENTIAL_ID>:<DISK_UUID>` to `GRUB_CMDLINE_LINUX`
+Add `rd.luks.2fa=<CREDENTIAL_ID>:<DISK_UUID>` to `GRUB_CMDLINE_LINUX` in /etc/default/grub
 
-Note: This is only required for your root disk, systemd will try to unlock all other luks partions using the same key if you added it using `fido2luks addkey`
+Note: This is only required for your root disk, systemd will try to unlock all other luks partions using the same key if you added it using `fido2luks add-key`
 
 ```
 grub2-mkconfig > /boot/grub2/grub.cfg
 ```
 
+I'd also recommend to copy the executable onto /boot so that it is accessible in case you have to access your disk from a live system
+
+```
+mkdir /boot/fido2luks/
+cp /usr/bin/fido2luks /boot/fido2luks/
+cp fido2luks.conf /boot/fido2luks/
+```
+
 ## Test
 
 Just reboot and see if it works, if thats the case you should remove your old less secure password from your luks header:
@@ -61,3 +69,15 @@ cryptsetup luksHeaderBackup /dev/disk/by-uuid/<DISK_UUID> --header-backup-file l
 #There is no turning back if you mess this up, make sure you made a backup
 fido2luks -i add-key --exclusive /dev/disk/by-uuid/<DISK_UUID>
 ```
+
+## Removal
+
+Remove `rd.luks.2fa` from `GRUB_CMDLINE_LINUX` in /etc/default/grub
+
+```
+set -a
+. fido2luks.conf
+sudo -E fido2luks -i replace-key /dev/disk/by-uuid/<DISK_UUID>
+
+sudo rm -rf /usr/lib/dracut/modules.d/96luks-2fa /etc/dracut.conf.d/luks-2fa.conf
+```