Working with systemd-cryptsetup?
umbernhard opened this issue · 1 comments
Hello! This is a really neat project and I have a feature request.
Following some of the conversation in issues #74 and #82 I seem to have the plymouth systemd module running correctly. However, I'm not seeing any output. I think it might be because my current setup is a little unique: I'm using the systemd-cryptsetup module to load my encryption key out of the TPM. I see elsewhere (e.g. in this talk) that the code is usually shown while the decryption password is being entered.
I'm wondering if there is a way to get the cryptsetup module to wait until after the Plymouth screen, and if there could be a pause at boot where the TOTP is shown before the disk is decrypted using cryptsetup, with a "Press any key to continue" sort of setup.
I realize that not entering a password is potentially less secure, but I'm in the process of building secure devices for folks with lower tech literacy, and the though of distributing thousands of decryption passwords to them that they have to type in at boot is not a desirable option.
After further tinkering, I found out i just wasn't installing properly. So now I'm seeing the OTP codes just fine. It'd still be nice to have a wait option though. I'll tinker with it some more, I think modifying this line with a getchar (or whatever the correct library function is in this setting) ought to work? Some logic about refreshing the code might be necessary though...