All of lore.kernel.org
 help / color / mirror / Atom feed
From: westlake <westlake2012@videotron.ca>
To: Andrei Borzenkov <arvidjaar@gmail.com>,
	bug-grub@gnu.org, grub-devel@gnu.org
Subject: Re: cryptodisk enabled returns to rescue prompt
Date: Sat, 07 Nov 2015 03:58:22 -0500	[thread overview]
Message-ID: <563DBD2E.6060504@videotron.ca> (raw)
In-Reply-To: <563DA826.9080104@gmail.com>

actually the crypt would be internal inside the grub mbr that gets 
generated because even if i comment out cryptmount -u in grub.cfg and 
apply update-initramfs&&update-grub there's no effect(there still is a 
passphrase prompt), here the cryptsetup is taking effect prior the 
reading of grub.cfg..

it shouldn't also be hard to implement. afaik the lacking of 
documentation for using GRUB_ENABLE_CRYPTODISK='y' tells me this should 
be an area encouraging suggestion and feedback from those who are 
bothering to using it... It works but it can be improved.  Here my main 
concern is a "grub rescue" shouldn't be showing up right after the first 
failed attempt.

thanks


On 07/11/15 02:28 AM, Andrei Borzenkov wrote:
> 07.11.2015 07:13, westlake пишет:
>> enabling GRUB_ENABLE_CRYPTODISK=y has crypt prompting only once on
>> bootup, is it possible to have an option with grub-install or another
>> option here with GRUB_EMABLE_CRYPTODISK so that the keypass prompts in a
>> loop? (a wrong passphrase typed brings the user to a grub rescue shell
>> and has to issue ctl-alt-delete which is imho not very presentable to
>
> You need to just do
>
> cryptomount -u xxxxxxxxxxx
> normal
>
> I am not convinced that being stuck in password entry loop is better.
> May be a command that retries to execute embedded config and enter
> normal may be useful.
>
>> staff) -- I understand this is all in mbr bootcode so I suppose the best
>> place to implement this would be when first generating the code in order
>> to keep it small.
>>
>> it would be imho really great if this can be implemented
>
> There was suggested patch that allowed multiple password entry attempts
> for LUKS. It was a part of patch series that implemented other things.
> May be it could be reconsidered if rebased to not depend on other changes.
>




  reply	other threads:[~2015-11-07 13:47 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <563D7A68.1030409@videotron.ca>
2015-11-07  7:28 ` cryptodisk enabled returns to rescue prompt Andrei Borzenkov
2015-11-07  8:58   ` westlake [this message]
2015-11-07  9:04     ` Andrei Borzenkov
2019-06-25  4:48 Jason Kushmaul
2019-06-30  1:44 ` Jason Kushmaul

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=563DBD2E.6060504@videotron.ca \
    --to=westlake2012@videotron.ca \
    --cc=arvidjaar@gmail.com \
    --cc=bug-grub@gnu.org \
    --cc=grub-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.