[dm-crypt] Fwd: Detect successful passphrase entry for dmcrypt +LUKS from initramfs busybox prompt
dominic at timedicer.co.uk
Sat Apr 22 13:38:02 CEST 2017
On 22 April 2017 at 12:13, Michael Kjörling <michael at kjorling.se> wrote:
> On 22 Apr 2017 11:22 +0100, from dominic at timedicer.co.uk (Dominic Raferd):
> > [ -z "$DONE" ] && echo " Failed, sorry." || echo " Success! Boot is
> > proceeding"
> As an aside, consider adding a read to the failure case. That would
> give the user a chance to reboot the system manually before the boot
> continues, which is particularly useful in the case when files within
> the encrypted container are required for a successful boot.
> I was in a very similar situation for a while but with ZFS, where if
> the ZFS pool import failed for some reason the system was _mostly_
> bootable but aside from fixing whatever caused the pool to not import,
> I'd have to also clean out a bunch of directories so that the file
> systems would mount cleanly. (ZFS does not do overlay mounts by
> default.) That wasn't particularly fun!
Hi Michael, I'm not sure I understand your situation. In my case, if the
script doesn't find that cryptroot has terminated i.e. the user entered the
right passphrase (after 3 tries) it just ends and drops the user back to
the busybox prompt - or if it has been run as a single line command from
the remote machine, it would return to the remote machine. Either way the
user can just repeat the action because the booting machine will sit and
wait indefinitely for the root system to be unlocked - I think. With remote
access and pushing the passphrase straight into /lib/cryptsetup/passfifo I
don't think there is any fundamental limitation on the number of attempts
that can be made.
In short, I could add a reboot option after failure but is there any point?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dm-crypt