this post was submitted on 29 May 2024
37 points (100.0% liked)

Linux

48149 readers
756 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Is there some way I can unlock my btrfs encrypted disk using a graphical unlocking screen.

Basically I was setting up an On-screen keyboard so that I can use my PC in case I do not have a keyboard available. Only problem in setup is that I can't find anyway to use on-screen keyboard on that screen on which we enter password to decrypt disk.

Help please

top 11 comments
sorted by: hot top controversial new old
[–] [email protected] 10 points 5 months ago* (last edited 5 months ago) (1 children)

Not sure thats possible. But there are some workarounds like using a keyfile on a usb or a yubikey which can output a static password on longpress. Or some other hack-around.

Some relevant search results, the first one seems especially promising:

https://forum.garudalinux.org/t/unlock-luks-with-a-touch-screen-on-screen-keyboard/24208

https://www.reddit.com/r/Fedora/comments/a22ehu/fedora_29_luks_passwd_on_boot_with_touchscreen/

https://www.reddit.com/r/SurfaceLinux/comments/9g5ooa/onscreenkeyboard_for_lukslvm_encryption/

https://github.com/r-pufky/wireguard-initramfs

[–] [email protected] 5 points 5 months ago (1 children)

tldr: Use systemd-boot instead of grub to boot. And then unl0kr to give you an on-screen keyboard.

A little more technical:

Are you intending to use unl0kr for decryption? I used that on my Steam Deck. Whatever you use, it cannot use your normal graphical login. It has to be packed into the kernel's initrd because when you want to decrypt your drive nothing else is available. I used unl0kr.

You cannot use grub unless you have /boot on an unencrypted partition. Because grub has its own decryption process which is very minimal. It does not have access to the kernel (which leaves you without any hardware acceleration for the decryption, making it very slow.

Systemd-boot works by putting the kernel and initrd on the unencrypted EFI partition on /boot/efi.

So you can either use grub with an unencrypted /boot or systemd-boot with everything copied onto EFI. Whatever you use, try to get to a state where you're greeted with a slightly more pleasing passphrase entry, maybe on a plymouth bootscreen, instead of grub's own ugly entry screen.

When you have come so far you can try to get unl0kr to work.

I don't have the energy to type more but hopefully this can steer you in the right direction. Your actual login manager or desktop environment don't factor into this at all.

If you do want to only see the login prompt from your login manager you have to store the decryption key in TPM. No idea how that is set up but automatic decryption without typing in a passphrase sounds iffy to me.

[–] [email protected] 2 points 5 months ago

Thanks for your time ❤️

[–] [email protected] 3 points 5 months ago
[–] [email protected] 3 points 5 months ago (1 children)

What distro and DE are you using?

[–] [email protected] 4 points 5 months ago

Sway on Arch

[–] [email protected] 2 points 5 months ago (1 children)

What's the use case? Is there a reason that the disk is not unlocked at boot/login?

[–] [email protected] 5 points 5 months ago

They're using full disk encryption, which won't let any part of it be read (even its partition table to boot the OS) until a password is entered. A system using FDE will go straight from POST to a password prompt.

A lot of people like FDE as it makes the encryption completely invisible to the OS and would normally have zero compatibility issues be problem-free.