FS#16806 - [mkinitcpio] issue with encrypt password (visibility)
Attached to Project:
Arch Linux
Opened by Karol Babioch (johnpatcher) - Friday, 23 October 2009, 16:55 GMT
Last edited by Thomas Bächler (brain0) - Saturday, 08 May 2010, 18:36 GMT
Opened by Karol Babioch (johnpatcher) - Friday, 23 October 2009, 16:55 GMT
Last edited by Thomas Bächler (brain0) - Saturday, 08 May 2010, 18:36 GMT
|
Details
Description:
First of all i'm not quite sure whether this is a bug or not, but at least it seems to be really annoying and I don't know how to solve it. I've set up an encryption for my whole system, so I have to enter a password during the boot process. Therefore I need some hooks to be added in "/etc/mkinicpio.conf". I've added usbinput as well as encrypt, and recreated the image. The problem is that the usbinput hook is much too slow, it takes a few seconds before all usb devices get recognized, but the encrypt hook is executed beforehand, so while I can see the message "Enter LUKS password" I also see a lot of messages regarding some usb devices, which makes the display quite confusing and makes it impossible to type in the luks password, as it is visible whenever I try to type it in before. Additional info: * You'll find my mkinitcpio.conf in the attachment. Steps to reproduce: * Add usbinput as well as encrypt to your hooks array * Recreate your image * Reboot 
mkinitcpio.conf
(2.7 KiB)
|
This task depends upon
Closed by Thomas Bächler (brain0)
Saturday, 08 May 2010, 18:36 GMT
Reason for closing: Fixed
Additional comments about closing: The next mkinitcpio version includes the sleep and dmesg hooks that can be used to work around the problem.
Saturday, 08 May 2010, 18:36 GMT
Reason for closing: Fixed
Additional comments about closing: The next mkinitcpio version includes the sleep and dmesg hooks that can be used to work around the problem.
We could however set the console log level to a lower value, so that the messages about usb/keyboard won't be printed to the console - but that will make debugging much more difficult (we do that when initscript are launched, right at the beginning). What would you like to happen here?
I can't type in my password before all of my usb devices are detected, as everything I type in is visible, and therefore it makes not much sense to type in an encryption passphrase, which everyone around me could read right then.
So, a delay before the encryption hook is loaded would be fine for me, is this possible? If so, how? Do I need to write my own hook?
The rootdelay parameter has changed recently: If you set rootdelay=10 (the default) it will wait _at most_ 10 seconds, but will stop waiting as soon as the device you are waiting for is created. So on any normal SATA or IDE system, it will actually not wait at all - only on systems with USB (or with incorrect settings) it will wait longer.
About adding a delay: A custom hook would be the way to go.
So now I just need to change the loglevel. Could you tell me where to change it, or at least where to read something about it ;)?
Maybe it would also be an option to add a little delay before asking for the passphrase ...
Because it seems that the problem is that it asks to early for the passphrase, then some usb devices get recognized and the line asking for the passphrase gets displaced. So when the passphrase hook would get executed a few seconds later, it could actually solve the problem. On the other hand it is hard to say how long it should be delayed.
Would it be possible to add such a delay for me personally? I would like to try that also. What do you think about that?
/lib/initcpio/install/dmesg:
install ()
{
MODULES=""
BINARIES=""
FILES=""
SCRIPT="dmesg"
}
help ()
{
:
}
/lib/initcpio/hooks/dmesg:
run_hook ()
{
dmesg -n 3
}
Add "dmesg" as a hook before "encrypt", but preferably after "udev", run mkinitcpio -p kernel26. This should do it. If it works, we can add it to mkinitcpio.
Alternatively, sleeping before adding the passphrase is possible with the "sleep" hook which has been added in mkinitcpio.git, but not yet in a release: http://projects.archlinux.org/mkinitcpio.git/commit/?id=d5625e4bd28a9b3066777c539b05aef3fc551b8f
I have tried both ways, and chosen to go with the second one (sleep hook), because I don't like the idea to possibly miss kernel messages, although the dmesg hook works just great as well and is probably the better way to go, as the needed sleeptime is different on each system :(.