You are not logged in.

Pages: 1

#1 2017-07-24 11:45:53

gen2arch
Member
Registered: 2013-05-16
Posts: 182

SOLVED: Modify waiting time in initram encryption hook

Hi,

is it possible to reduce the default delay (10 seconds) the initram mechanism (encrypt hook) will wait during boot to get the key to unlock a full disk encryption? Is this default value of 10 seconds set in any config file?

Thanks

Last edited by gen2arch (2017-07-26 08:38:53)

Offline

#2 2017-07-24 12:49:42

seadanda
Member
Registered: 2015-05-11
Posts: 2

Re: SOLVED: Modify waiting time in initram encryption hook

This delay is determined by the iteration count, which is specified by the --iter-time parameters when the disk is first encrypted using cryptsetup's luksFormat option.

This can be changed as described here:

frostschutz wrote:

It's possible to change the key itercounts by luksChangeKey (change the key to the same key). Changing the master key itercount requires the LUKS header to be re-created as a whole, using cryptsetup-reencrypt --keep-key or the manual method http://unix.stackexchange.com/a/178722/30851
You should not do any of this without a backup.

However, by decreasing the iteration count, you are also decreasing the hardness of the encryption, although the default is usually 1 second, not 10 -- read 5.10 in Cryptsetup FAQs.

Also, to reiterate: back it up first!

Good luck.

Offline

#3 2017-07-24 13:01:50

Slithery
Administrator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 5,776

Re: SOLVED: Modify waiting time in initram encryption hook

Unless I'm misunderstanding then I've never come across this delay - The password prompt remains indefinitely until I enter my password.

No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

#4 2017-07-24 15:31:53

gen2arch
Member
Registered: 2013-05-16
Posts: 182

Re: SOLVED: Modify waiting time in initram encryption hook

Hi seadanda and slithery

thanks for your input!

In fact, the delay I'm talking of occurs when using an external drive that holds the passphrase of the encrypted disk, and the kernel is instructed to use the key on this external drive by the "cryptkey" directive in the kernel command line, cf:

https://wiki.archlinux.org/index.php/Dm … n#cryptkey

In this case a delay of 10 seconds is indicated during boot.

I'm not sure if this delay is in fact related to "iter-times"!

Thanks

Offline

#5 2017-07-24 15:33:09

seth
Member
Registered: 2012-09-03
Posts: 51,029

Re: SOLVED: Modify waiting time in initram encryption hook

He might be after the rootdelay or rootwait kernel parameters? *shrug*

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Online

#6 2017-07-26 08:38:37

gen2arch
Member
Registered: 2013-05-16
Posts: 182

Re: SOLVED: Modify waiting time in initram encryption hook

seth wrote:

He might be after the rootdelay or rootwait kernel parameters? *shrug*

seth thanks! this was exactly what I was looking for: "rootdelay=5" on the kernel command line makes the kernel only wait the indicated time of 5 seconds before it attempts to mount the encrypted root fs. Perfect.

Offline

Pages: 1

Board footer

Powered by FluxBB