Newish Arch user here of a couple of months and I've been tinkering with my system today trying to make it do some nice things.
I wanted to set things up so that I could decrypt my system after boot by either
1) Inserting my PGP capable YubiKey and using it to decrypt a master keyfile
2) Entering a long passphrase, if I don't have the YubiKey on me for some reason but I really need to use the laptop
I installed this excellent little initcpio hook: https://github.com/fuhry/initramfs-scencrypt
Managed to get the YubiKey based decryption working, which is great!
Now here's the problem: supposedly this hook allows you to enter a passphrase manually if after 60 seconds you fail to plug in your YubiKey.
I found that this functionality does not work (at least for me).
The first problem I found was that it simply did not realize that a YubiKey hadn't been plugged in, due to what I believe was an error in the code from the author:
https://github.com/fuhry/initramfs-scen … t-hook#L13
I inserted a line after line 13:
return $result
This appeared to fix this problem, it was now correctly reaching the part of the script dealing with a passphrase based unlock.
I then ran into a much more annoying issue, every time it hit this part of the code it would display "Nothing to read on input" without giving me a chance to type a passphrase.
It appeared to be a problem with there not being an input console hooked up to STDIN and as such it was instantly failing. Looking earlier in the script I saw that the author used the line
0</dev/console 1>/dev/console 2>/dev/console
when running a GPG command that would ask for a PIN.
I added this after the command to open the drive with LUKS and voila, it now allowed me to enter the passphrase and login.
My question for someone experienced here is: why is this line needed? I checked the official encrypt hook bundled with Arch and it seems to work fine without any kind of redirection like shown above. Is there a cleaner way to do this without the /dev/console redirection?
Many thanks in advance.
]]>