Received: by 10.192.165.156 with SMTP id m28csp11159imm; Sun, 15 Apr 2018 15:37:24 -0700 (PDT) X-Google-Smtp-Source: AIpwx4933EajK0gE7T4XwLUUyg0rzUpvgAhuRTiX01Aa1UcQ1E874DyOXw3mgtEuUWWGoO70xIL2 X-Received: by 10.98.223.149 with SMTP id d21mr19375727pfl.160.1523831844862; Sun, 15 Apr 2018 15:37:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523831844; cv=none; d=google.com; s=arc-20160816; b=fxdOTifu+peb4e0cSuTvsPj2RxvBQxd2oAwLElmCZWKo/CBL5ClHbZV/6Tbj01qmqJ G2LAcNDmqczZ0dftA/sUPLv4+izRtYOAUy9SqU/CZfzkWI5cnvzsyecgcD5NpOthFa+S WVyi+YNxPwFVQUKwPq+no9PRVAYHwbTh1GtZWkNQgnFnIn6m+guPBc15ztaljfZ9GdWH 47/WoSLTS3/mk3PivfZtqvrRlT8OuSetngLbASb2hCYGz3WhTnBzEPuViHypXq+SLGTA CBa6yqWgnIxtudgYcyqnvr58GD4t52o2+Op35N/uDyxlV0VRIYXBtDUzTHzwEUSO55ax /JGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=7GuQFiTGI6wlpK1Y8NgMBVJG/ExG4wwND6vLrxm89zY=; b=iG/joAWfJVuZlBkWRtqxbE3X9BNE5Irhjlw97fdC9L95wOrYYUPwmkhHDS6LEsIA7P 0QLP+boo6AwQTO0BI4Le8gKyDsDnX9n1i33pg3DZy1gm/0JyByAKzhEeQr3JNt1wV4KY S6z2Nym9SE0mixqmKYCyOAl+NQ0zMRTZ/4uZYtfmlCyMYOP8R1g62zIw3ZFzVPC+y5MZ LGnP/8U3tYj3b7QDs53WOPGpoihvqu8gF45DjgGPYKHDzz5Q455FsqvvXgVNz7j/u1nw xfA7BNqRYc2BMmROpYXg2kT+4chUXZnVsJJO3OGDxYDRGpDOW1X2LVvngcDJrSJh3l+8 klUQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=LLSzCGVE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b12-v6si9365455pls.542.2018.04.15.15.37.11; Sun, 15 Apr 2018 15:37:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=LLSzCGVE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752788AbeDOWgF (ORCPT + 99 others); Sun, 15 Apr 2018 18:36:05 -0400 Received: from mail-lf0-f66.google.com ([209.85.215.66]:44054 "EHLO mail-lf0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751931AbeDOWgE (ORCPT ); Sun, 15 Apr 2018 18:36:04 -0400 Received: by mail-lf0-f66.google.com with SMTP id g203-v6so19358066lfg.11 for ; Sun, 15 Apr 2018 15:36:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=7GuQFiTGI6wlpK1Y8NgMBVJG/ExG4wwND6vLrxm89zY=; b=LLSzCGVEfdupzcQoeuGwsPwohgFmgkpjrGNOhUaiUXjPsp0jK2rylctgfSO+Y9IhP4 ZDR9sPcCRI2ghkg+JI1BekZ++uRHf3klNvc0WbjG/PVpVwW4h9iCXueZPbCfsaPFpT32 FOYLh+CrfyM3dGywcnliz0r81JIZhEM4jrTzGmgqbDfcLhaoORzN7RxukDU2TsJe2mZZ HO1fqt6NAVj0fh7y43Kgr0Oe8bo9bFRZRyyJ0m2jMWW+rxqnOtogWqF89O80/GLEjJL5 Bf/as7mjFuId65y68z01q8Ewu0Wy3FMPyLwFg+7TMICsJvjobsl6liROiSyxS33ttwf5 xUWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=7GuQFiTGI6wlpK1Y8NgMBVJG/ExG4wwND6vLrxm89zY=; b=N1sb8x4lrIZ9zt4fNbHyL0+JAEcAtGQVySgHorq1FSZUYcrGtxN7W/gI5SRKJM4fn6 nL5LhvXPsXeq2Lh4BbwimEx7Uvp6jxFOSAFzTmuwtQZ4LdVY5TO5EIjutxmSwZ11XtsC 5tMolwC+mtXKz374ysOgl6QgiYtkPgypckxKPCw2XUiMAEoMklbAbUlkUSX36qfU2QRT NAQbry1HYJILUy2W97UWLLH/En2s9GgFDFeIpMQqsTfnz2aj6Nt4kHUyEGanGwxtbMgC AVDcByelnDNeGMxS39iQUoPZ3USHVmzY5KoI99xSIc3e9O6g/lD9MBf0K90UEA03N/ka JB+A== X-Gm-Message-State: ALQs6tDOZb+btahkyX0izdk/GqEJwu2afUM5AJuwVubBRsZAxUPrREid EJ+PbKHhkSxChLSV1ayVOMxNd6QYsGd6NG2DKQ== X-Received: by 10.46.128.132 with SMTP id i4mr7511188ljg.51.1523831763484; Sun, 15 Apr 2018 15:36:03 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a19:510d:0:0:0:0:0 with HTTP; Sun, 15 Apr 2018 15:35:33 -0700 (PDT) In-Reply-To: <20180415190631.5nilksv3fr2clxbj@hjlipp.my-fqdn.de> References: <20180415190631.5nilksv3fr2clxbj@hjlipp.my-fqdn.de> From: Gabriel C Date: Mon, 16 Apr 2018 00:35:33 +0200 Message-ID: Subject: Re: [RFC] Passing luks passphrase from grub to systemd To: Hansjoerg Lipp Cc: LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 2018-04-15 21:06 GMT+02:00 Hansjoerg Lipp : > Hello, > Hello, > as I'm stuck with a (non-EFI x86_64) system with encrypted root > partition, I have to enter the passphrase twice (grub needs it for > getting the kernel etc., systemd needs it for mounting the root > partition). This can be quite inconvenient, especially if the passphrase > is long and contains special characters, and grub assumes a different > keyboard layout. > I therefore developed a proof of concept code allowing grub to pass the > passphrase to the kernel and systemd to get the passphrase from the > kernel. See the description and patch for the Linux part and the link to > all changes below. > > I'm presenting my code here because I'd like to know if something like > this might be useful also for other people (and further development > might be sensible). I'd also be thankful for comments how this might be > implemented in a better way. Somethng like this is not needed. All that is possible already from userspace. Systemd can do that on his own ( see systemd-cryptsetup-generator ) ( other init ofc too ) assuming your initrd , cryptsetup and grub is setup correctly. Regards, Gabriel C