Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Luks on LVM Laptop password prompt? [SOLVED]
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Budoka
l33t
l33t


Joined: 03 Jun 2012
Posts: 777
Location: Tokyo, Japan
PostPosted: Mon Mar 18, 2013 3:00 am    Post subject: Luks on LVM Laptop password prompt? [SOLVED] Reply with quote
I wasn't exactly sure how to phrase the question so sorry if it is vague.

I have Luks on LVM on my AMD64 laptop.

It is a dual boot box with Win7 and Gentoo.

As it is configured now, when turning on the box, it prompts for a password. I configured that in the BIOS.

Then it continues to boot into GRUB2. I can select either my Win7 install or Gentoo install.

If I select Gentoo, it will start to boot and in mid boot prompt me for my Luks password. Then continue to boot to my GUI and login screen.

I don't like the fact that it prompts for the Luks password during the boot because this alerts a thief/unauthorized user that there is an encrypted volume on the box.

Is there a way to have it boot to my gui login screen and then after logging in prompt me for the luks password?

Thanks.

Last edited by Budoka on Tue Mar 26, 2013 3:26 am; edited 1 time in total
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21606
PostPosted: Mon Mar 18, 2013 3:35 am    Post subject: Reply with quote
That depends on how much of the system is inside the LUKS container. If you placed everything except /boot in LUKS, then no, because if you do not give the password early, then the system cannot access the graphical environment to start it. If you placed only your home directory in the LUKS container, you might be able to change it. However, LUKS has a very distinctive header, so deferring the prompt will not, on its own, provide much secrecy.
Back to top
View user's profile Send private message
Budoka
l33t
l33t


Joined: 03 Jun 2012
Posts: 777
Location: Tokyo, Japan
PostPosted: Mon Mar 18, 2013 6:00 am    Post subject: Reply with quote
Hu wrote:
That depends on how much of the system is inside the LUKS container. If you placed everything except /boot in LUKS, then no, because if you do not give the password early, then the system cannot access the graphical environment to start it. If you placed only your home directory in the LUKS container, you might be able to change it. However, LUKS has a very distinctive header, so deferring the prompt will not, on its own, provide much secrecy.


Thank you for the reply. That is indeed what I did so I guess I am S-out of luck.
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas
PostPosted: Thu Mar 21, 2013 7:24 am    Post subject: Reply with quote
Budoka wrote:


Thank you for the reply. That is indeed what I did so I guess I am S-out of luck.


could always just fashion an initramfs that drops you to a busybox shell
wherein the only thing actually running is from busybox, rather than your root volume, and in order to continue on with the boot process you have to fire off a script

random idea, not quite as nice as somehow magically getting to a login manager whose files are stored entirely on the encrypted device youre trying not to decrypt, but it works! :)
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
Budoka
l33t
l33t


Joined: 03 Jun 2012
Posts: 777
Location: Tokyo, Japan
PostPosted: Mon Mar 25, 2013 4:52 am    Post subject: Reply with quote
cach0rr0 wrote:
Budoka wrote:


Thank you for the reply. That is indeed what I did so I guess I am S-out of luck.


could always just fashion an initramfs that drops you to a busybox shell
wherein the only thing actually running is from busybox, rather than your root volume, and in order to continue on with the boot process you have to fire off a script

random idea, not quite as nice as somehow magically getting to a login manager whose files are stored entirely on the encrypted device youre trying not to decrypt, but it works! :)


Thanks. I'll probably just leave it as is for the moment but will keep that option in mind when my kernel skills are better.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy