Received: by 10.192.165.156 with SMTP id m28csp39300imm; Sun, 15 Apr 2018 16:25:20 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/PdjWRY57zedDvbXUf3gQ2ub23S7LYVsGkQ/vXRxHRP4CGdYJdotu0dlZI2e+SaTlA49qA X-Received: by 10.99.5.21 with SMTP id 21mr10967618pgf.218.1523834720090; Sun, 15 Apr 2018 16:25:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523834720; cv=none; d=google.com; s=arc-20160816; b=KWCLJYOPr6Ei9jFTKr4vRz2A3EJZLvxgjSBM/R0Dwi8NJqTtKGIdeBvmLPAAP9Lq5T DJw2JFTp68M38GZZvLhV59/3tFrZh7mVWq6z+D+k/VVP2nUokokr5FDGFbxTbokS9Frr rkJGTEytFHB2SrCPHxEkEBc5Xppv6IypJ2dxNdFdbCws4KtdhScpn81fkTzYpqQREiF0 MSUXQ6cKzUaKslfr0JBvEDFSzV7QjbCpsdtzCafYKthT7tewudOsMGn9eO63VQdTksEJ EM3ZtHzF4/9I8RQMcP1trj4oHxb6oS7LJ60TWTua4JVeGcBUfjWBR3ixLys7HR0vyDbx 3dUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=sziDr0ht/nthrQUiazOghvwrMm69i2D0yvcWS+DMQrE=; b=ZDF2suorszXpqQS3kqOu2tEA3RAKfFJiV5dWnRhdTk2LEEDIf5Q/Bav8kxG+SHet82 rXT8TGt1tT0uJhj7U848+Ev74TVC5PrQ0OmMPkQZK36US34ugPOdsVoaG9wZKtaoieVu 5MqY01/0oBETJHe76xSOb+VFounngvjqinsCZhBjZCNu7CVO5nuW/yYubzkH+DDfRfj+ ITBPEkYPInmNIvJNUQDCg5weESRsVdLgt1ERbUKzsMrTc04mDewbTKXpLzI0WuSt4J33 AldRjtq2f8G0y1JDlRzNTzhGUJyRKYu0lFS1T1VvXhkI0lwVY0+rRHyZb/87z4lw1hoE f/vA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w20-v6si3954126plp.7.2018.04.15.16.24.28; Sun, 15 Apr 2018 16:25:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752652AbeDOXVK (ORCPT + 99 others); Sun, 15 Apr 2018 19:21:10 -0400 Received: from mout.web.de ([217.72.192.78]:40629 "EHLO mout.web.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751919AbeDOXVJ (ORCPT ); Sun, 15 Apr 2018 19:21:09 -0400 Received: from hjlipp.my-fqdn.de ([91.89.22.96]) by smtp.web.de (mrweb102 [213.165.67.124]) with ESMTPSA (Nemesis) id 0LcgZv-1ehcbl3rrL-00k7JI; Mon, 16 Apr 2018 01:21:07 +0200 Date: Mon, 16 Apr 2018 01:21:02 +0200 From: Hansjoerg Lipp To: Gabriel C Cc: LKML Subject: Re: [RFC] Passing luks passphrase from grub to systemd Message-ID: <20180415232101.qhqjhdlwq4zkwvbf@hjlipp.my-fqdn.de> References: <20180415190631.5nilksv3fr2clxbj@hjlipp.my-fqdn.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170421 (1.8.2) X-Provags-ID: V03:K1:jHGratHwPsLkcoGVzGJbHYPYCV81VsxVSvN/Y0gz6q27h4TKE9V XvXuvjGBlLsb8k1SDjr1V6r08vTTbAQCyGABzchhc7qy7MXSOpJTA1VW6t2ZQ9Qw71V+nsz m6auzDdyYc06G6LO0kt9A0nGqMtMvEAHdJ7ZCEA4YEsAZSQUBT9GfoWPqGMuXFYKQ9vqKAc WvcS5EQIZnQfEe6X1KJQA== X-UI-Out-Filterresults: notjunk:1;V01:K0:QmKMmFWMovk=:xWgj2seQlAuVH+MxNKcwFj df6G3LUyngMWGpZF5BEk6rbetX2QFlNRsx8X2Af0k7FoWYhZbeYgFIUWLC/l2SIoFNyDquKXr 34CxOIiSKmN5QJFOgiJv8y85qhozpSgMtxsPfvYyb3b0oSgZYZ+xiX501xJ9tRJewu3YYjBy6 Olg3FXP3TknNd7fTJ5wmKIxY9zFMx5JXg0mRKcXpvnDw8B19f0fLB8/xtBmWUdS/LFsKLBCvi pyRaSuua/z1vwcQa+V1KmLFGlVhARUdz7INAx9cQ1B/HK7t2tStuohT5U7hl7h+iUfY7Q9vVm Ndi1bcsKvBs10BgvlGpek2IFu6bFnLrd8RGAmvmdaUHilAJOwR5xZUQ4HswRtu43Fp8EdTQlG k2hkGte9geya/ZwlGMYVBGPNqTfEBk3xlZDBYLIZy+fRrfdyi49zFaiNnd8JNk0dzb5erNu/J zhTRIT08hU2kOOJyaYK4LSO6hf9gPVRBRqJ+JSjzmMBZFOCgxKmvcRodMvncj0kmqcv1TQPvT VKaOgC/5z+p24HJrRG/Ps79EHkMLgUWPoTjuNcKpDoKIRbnaH5KgArLHKq9gFUjgtU6oSmvI5 O9TTWU2Nu9pUPBYjcI7rbAg8faj6EOrWmWR+3VPH+s5+Mgy72EjSoD8M7a4v1AjgS6WvBIgAb lVc5qbDoEQzQAh4wKJn1P/KB+CecoFN1jziYUkIz16vGIjLR5r4iGTW8LDyM1QIux2gAKhRDv nkR0/pr2bD47aTpEEnfqAbHQDGVU1/gRqq7lWnEoyFgOe7xnQ2i680ZFmVPos+Dq9/Qj32i/u 7uNn4Yrjw0vJL4JZifGvgg4JY2sUw== Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello Gabriel, On Mon, Apr 16, 2018 at 12:35:33AM +0200, Gabriel C wrote: > 2018-04-15 21:06 GMT+02:00 Hansjoerg Lipp : > > as I'm stuck with a (non-EFI x86_64) system with encrypted root > > partition, I have to enter the passphrase twice (grub needs it for > > getting the kernel etc., systemd needs it for mounting the root > > partition). This can be quite inconvenient, especially if the passphrase > > is long and contains special characters, and grub assumes a different > > keyboard layout. > > I therefore developed a proof of concept code allowing grub to pass the > > passphrase to the kernel and systemd to get the passphrase from the > > kernel. See the description and patch for the Linux part and the link to > > all changes below. > > Somethng like this is not needed. > All that is possible already from userspace. > > Systemd can do that on his own ( see systemd-cryptsetup-generator ) > ( other init ofc too ) assuming your initrd , cryptsetup and grub is > setup correctly. can this be done even if the /boot directory is located inside the encrypted root partition? I'll have another look at this tomorrow as I'm currently too tired. This would be really great news for me. (And I'd have to wonder how I didn't get this right on my own... I already learned a lot about the boot process doing this, and obviously I still do not understand enough.) Thank you for your quick response, Hansjoerg