You are not logged in.
I recently had a broken laptop keyboard. A few keys that had to be pressed really hard to trigger. My usb keyboards have a different layout and I didn't want to carry them along.
So while waiting for 3 weeks for a replacement keyboard I got frustrated typing the luks passphrase in the boot sequence. I'd like to prevent that frustration in the future. That's why I'd like to see feedback when typing it.
Can I modify the encrypt hook in a way that the script echos * placeholders while typing? Is the read command available? How does Plymouth (which I do not which to use) handle passphrase input? Should I look at modifying cryptsetup?
related: question about the fact that linux prevents /dev/console to be a controlling tty.
Offline
Is switching to the systemd and sd-encrypt hook which does echo * placeholders a viable solution for your system?
Offline
Hi, thanks for replying. Sorry I was hasty and buisy when I posted. I forgot the grub loads from the ROM, and that it uses the rather slow cryptomount command to decrypt the full disk (including /boot).
with Libreboot, GRUB is already included as a payload, so even /boot can be encrypted; this protects /boot from tampering by someone with physical access to the system [...]
I can't find the cryptomount utility in the GRUB source though. **edit:** found it, maybe I'll try to make a patch to add John Lane's grub which I'll try to use in stead. I could use some help though.
Last edited by sharethewisdom (2019-10-15 15:20:42)
Offline
cryptomount is defined in grub-core/disk/cryptodisk.c. Is this a hyperbola installation?
Edit:
You probably want to look at luks_recover_key in grub-core/disk/luks.c and grub_password_get in grub-core/osdep/unix/password.c
Last edited by loqs (2019-10-15 15:26:55)
Offline
Thanks I had found it. No, I use a mainline Arch install.
Offline
I can't find the cryptomount utility in the GRUB source though. **edit:** found it, maybe I'll try to make a patch to add John Lane's grub which I'll try to use in stead. I could use some help though.
There is package in AUR which includes John Lane patches (https://aur.archlinux.org/packages/grub-luks-keyfile), however, I do not see how this is related to echoing password. Is it '0003-Cryptomount-luks-allow-multiple-passphrase-attempts.patch'?
Offline