You are not logged in.

#1 2022-09-01 12:17:19

Utill
Member
Registered: 2022-09-01
Posts: 1

Can GRUB use a Keymap with Strings to unlock an encrypted /boot?

I have a console keymap, which uses strings. This works great in the tty and in the passphrase prompt when /boot is not encrypted.
So I  encrypted my /boot by following this arch-wiki guide .
Now adding a keymap requires a early-boot image. I followed this arch-wiki guide.
This works for a X-keymap. but as for as I know these do not support strings.
So I tried to use grub-mklayout directly (grub-kbdcomp is just a wrapper around grub-mklayout) on the console keymap, which states in its man page:

grub-mklayout processes a keyboard layout description in keymaps(5) format into a format that can be used by GRUB's keymap command.

This sentence was added in 2009 as documented in this mail archive.
This does not work:

grub-mklayout -vi /usr/share/kbd/keymaps/i386/dvorak/dvorak.map.gz # this fails with 'ERROR: no valid keyboard layout found. Check the input.'
gunzip -c /usr/share/kbd/keymaps/i386/dvorak/dvorak.map.gz | grub-mklayout -v # here it fails with a lot of 'Unknown keyboard scan identifier (and here a keycode i.e. Control_underscore)'

So I took a look at the source code of GRUB and noticed:

  1. That Grub matches every entry in the input to a internal enum of supported keys and outputs four arrays with 160 entry's each https://git.savannah.gnu.org/cgit/grub. … out.c#n327 

  2. The generated keymap gets parsed an applied by keylayouts.c

  3. The F-keys stop at F12 (F24 with shift key), and input of strings is not supported.

I am a Rust developer, so it is rather likely that I missed something obvious.
If I am right is there a way to write an application that "catches" keystrokes, translates them to string and sends grub each key or has grub some build in guards that prevent that(because the application could easily be repurposed as a keylogger)?

Offline

Board footer

Powered by FluxBB