GNU bug report logs - #66746
LUKS password prompt invisible, prompts twice

Previous Next

Package: guix;

Reported by: Caleb Herbert <csh <at> bluehome.net>

Date: Wed, 25 Oct 2023 11:51:01 UTC

Severity: normal

Done: Tomas Volf <wolf <at> wolfsden.cz>

Bug is archived. No further changes may be made.

Full log

Message #14 received at 66746 <at> debbugs.gnu.org (full text, mbox):

From: Saku Laesvuori <saku <at> laesvuori.fi>
To: Josselin Poiret <dev <at> jpoiret.xyz>
Cc: Caleb Herbert <csh <at> bluehome.net>, 66746 <at> debbugs.gnu.org
Subject: Re: bug#66746: LUKS password prompt invisible, prompts twice
Date: Fri, 27 Oct 2023 22:02:58 +0300

[Message part 1 (text/plain, inline)]
> Hi Caleb,
> 
> Caleb Herbert <csh <at> bluehome.net> writes:
> 
> > Hardware: ThinkPad X200
> > Firmware: Libreboot 2016
> > OS: Guix System
> >
> > Expected behavior:
> > Password prompt. Enter LUKS passphrase. Log into computer.
> >
> > Actual behavior:
> > Password prompt. Enter LUKS passphrase. Select boot option from GRUB menu. Hangs, no password prompt. Enter passphrase (again) anyway: Boots normally.
> 
> I think this is a combination of two things: first, we currently need to
> unlock the drive once for GRUB, and then once when Linux boots, hence
> the two password prompts.  This is a known limitation, but the usual
> workaround of adding a keyfile to the initrd wouldn't work in our case
> for security reasons: the keyfile would end up in the store and be
> world-readable, a disaster.

I believe a patch[1] enabling this is waiting for a review.

[1]: https://issues.guix.gnu.org/65002

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 1 year and 261 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.