New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/luksroot.nix: fallback to interactive password entry when no keyfile found #30416
Conversation
Nice, that was something I wanted for my Fileserver. The only issue I see is, that I can imagine use cases where I want to unlock a device at boot if a keyfile is available, but still continue booting when it is missing. I'm not sure if this is possible at the moment with luksroot but I have this issue with the filesystems.*.encrypted module atm so it would be nice if that'd (still) work. |
That's a good point -- I was mostly thinking of the case of unlocking / : if it is not available, the system just doesn't boot. |
maybe a enablePasswordFallback oder disablePasswordFallback Option? If a timeout is chosen there should be a option to configure it IMO, with the possibility of waiting forever. Actually that might be the most flexible way. |
Timeout feels somewhat wrong to me (what if you have a long password?). Something better may be to set a number of retries before booting continues. Usual three seems to be enough. What do you think? EDIT: I need to test that, but won't ^C kill the password prompt? |
@abbradar not sure I understand your point about retries. The main problem is that if the luks device is not so important, and that the key goes missing, the system can't boot unattended anymore. |
@symphorien Hm, indeed, ^C doesn't help the usecase when you want to continue unattended boot with the key missing but the partition not strictly required. Maybe then use timeout not for the prompt itself, but for the fallback? In lines of "Key for ${foo} is not found. Press any key in N seconds to enter password phrase instead". Then one can type the password at their own leisure. |
@symphorien I don't remember the code well now, but I think the system will just continue to boot. The drive will stay encrypted. |
This option, if set to true, enables fallbacking to an interactive passphrase prompt when the specified keyFile is not found. The default is false, which is compatible with previous behavior and doesn't prevent unattended boot.
I pushed a commit implementing an option |
I think it would be good to name the option, so it is clear what it does. But I don't have a good idea sadly. A few ideas, but they might be too verbose
I think I'd prefer the last one, if no one has a better idea. |
I had also thought of interactiveFallback |
Sorry for the delay. |
hum should I add something to make this mergeable ? |
I know there's the 18.03 milestone, but… is there anything missing for this PR to be merged? |
Motivation for this change
being able to boot if the keyfile is missing but I know the passphrase
Things done
build-use-sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)