From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1Zv3pp-0001HR-7a for mharc-grub-devel@gnu.org; Sat, 07 Nov 2015 08:47:13 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34666) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZuzKN-0006Jk-5K for grub-devel@gnu.org; Sat, 07 Nov 2015 03:58:28 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZuzKM-00063z-4p for grub-devel@gnu.org; Sat, 07 Nov 2015 03:58:27 -0500 Received: from relais.videotron.ca ([24.201.245.36]:19649) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZuzKH-00062i-10; Sat, 07 Nov 2015 03:58:21 -0500 Received: from dh87mc.localdomain (modemcable108.157-131-66.mc.videotron.ca [66.131.157.108]) by VL-VM-MR005.ip.videotron.ca (Oracle Communications Messaging Exchange Server 7u4-22.01 64bit (built Apr 21 2011)) with ESMTPA id <0NXF00JM0SX8KM90@VL-VM-MR005.ip.videotron.ca>; Sat, 07 Nov 2015 03:58:20 -0500 (EST) Date: Sat, 07 Nov 2015 03:58:22 -0500 From: westlake Subject: Re: cryptodisk enabled returns to rescue prompt In-reply-to: <563DA826.9080104@gmail.com> To: Andrei Borzenkov , bug-grub@gnu.org, grub-devel@gnu.org Message-id: <563DBD2E.6060504@videotron.ca> MIME-version: 1.0 Content-type: text/plain; charset=utf-8; format=flowed Content-transfer-encoding: QUOTED-PRINTABLE References: <563D7A68.1030409@videotron.ca> <563DA826.9080104@gmail.com> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.8.0 X-detected-operating-system: by eggs.gnu.org: Solaris 10 X-Received-From: 24.201.245.36 X-Mailman-Approved-At: Sat, 07 Nov 2015 08:47:11 -0500 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Nov 2015 08:58:28 -0000 actually the crypt would be internal inside the grub mbr that gets= =20 generated because even if i comment out cryptmount -u in grub.cfg and= =20 apply update-initramfs&&update-grub there's no effect(there still is = a=20 passphrase prompt), here the cryptsetup is taking effect prior the= =20 reading of grub.cfg.. it shouldn't also be hard to implement. afaik the lacking of=20 documentation for using GRUB_ENABLE_CRYPTODISK=3D'y' tells me this sh= ould=20 be an area encouraging suggestion and feedback from those who are= =20 bothering to using it... It works but it can be improved. Here my ma= in=20 concern is a "grub rescue" shouldn't be showing up right after the fi= rst=20 failed attempt. thanks On 07/11/15 02:28 AM, Andrei Borzenkov wrote: > 07.11.2015 07:13, westlake =D0=BF=D0=B8=D1=88=D0=B5=D1=82: >> enabling GRUB_ENABLE_CRYPTODISK=3Dy has crypt prompting only once = on >> bootup, is it possible to have an option with grub-install or anot= her >> option here with GRUB_EMABLE_CRYPTODISK so that the keypass prompt= s in a >> loop? (a wrong passphrase typed brings the user to a grub rescue s= hell >> and has to issue ctl-alt-delete which is imho not very presentable= to > > You need to just do > > cryptomount -u xxxxxxxxxxx > normal > > I am not convinced that being stuck in password entry loop is bette= r. > May be a command that retries to execute embedded config and enter > normal may be useful. > >> staff) -- I understand this is all in mbr bootcode so I suppose th= e best >> place to implement this would be when first generating the code in= order >> to keep it small. >> >> it would be imho really great if this can be implemented > > There was suggested patch that allowed multiple password entry atte= mpts > for LUKS. It was a part of patch series that implemented other thin= gs. > May be it could be reconsidered if rebased to not depend on other c= hanges. >