With usplash it is pretty easy to implement. However the problem is that it will work with usplash and usplash only. If you disable usplash its behaviour will still be the same. The problem is that without usplash the cryptsetup binary is fetching the password from console directly - leaving no chance to buffer it in an environment variable. However since most people will use usplash, it will at least fix it for them. Another unsolved issue is that not all entries from /etc/crypttab are handled by the initramfs but later in the bootprocess by /etc/init.d/cryptdisks-early & co. So one would probably need to move all entries from crypttab to initramfs.
The small fix described above: you have to modify /usr/share/initramfs-tools/scripts/local-top/cryptroot.
Here is a diff for hardy:
--- cryptroot.org 2008-05-28 21:52:56.000000000 +0200
+++ cryptroot 2008-05-28 23:09:02.000000000 +0200
@@ -191,8 +191,12 @@
$cryptkeyscript $cryptkey < /dev/console 2> /dev/console | \
$cryptcreate --key-file=- > /dev/console 2>&1
elif [ -p /dev/.initramfs/usplash_outfifo ] && [ -x /sbin/usplash_write ]; then
- usplash_write "INPUTQUIET Enter password to unlock the disk ($crypttarget): "
- PASS="$(cat /dev/.initramfs/usplash_outfifo)"
+ if [ -z "$successful_pass" ]; then
+ usplash_write "INPUTQUIET Enter password to unlock the disk ($crypttarget): "
+ PASS="$(cat /dev/.initramfs/usplash_outfifo)"
+ else
+ PASS=$successful_pass
+ fi
echo -n "$PASS" | $cryptcreate > /dev/null 2>&1
else
$cryptcreate < /dev/console > /dev/console 2>&1
@@ -200,12 +204,18 @@
if [ $? -ne 0 ]; then
echo "cryptsetup: cryptsetup failed, bad password or options?"
- sleep 3
+ if [ -n "$successful_pass" ]; then
+ unset successful_pass
+ count=$(( $count - 1 ))
+ else
+ sleep 3
+ fi
continue
elif [ ! -e "$NEWROOT" ]; then
echo "cryptsetup: unknown error setting up device mapping"
return 1
elif [ -p /dev/.initramfs/usplash_outfifo ] && [ -x /sbin/usplash_write ]; then
+ export successful_pass=$PASS
# clean the text, to give feedback that it worked
usplash_write "TEXT-URGENT "
fi
With usplash it is pretty easy to implement. However the problem is that it will work with usplash and usplash only. If you disable usplash its behaviour will still be the same. The problem is that without usplash the cryptsetup binary is fetching the password from console directly - leaving no chance to buffer it in an environment variable. However since most people will use usplash, it will at least fix it for them. Another unsolved issue is that not all entries from /etc/crypttab are handled by the initramfs but later in the bootprocess by /etc/init. d/cryptdisks- early & co. So one would probably need to move all entries from crypttab to initramfs.
The small fix described above: you have to modify /usr/share/ initramfs- tools/scripts/ local-top/ cryptroot.
Here is a diff for hardy:
--- cryptroot.org 2008-05-28 21:52:56.000000000 +0200 /usplash_ outfifo ] && [ -x /sbin/usplash_write ]; then /usplash_ outfifo) " /usplash_ outfifo) " l_pass
+++ cryptroot 2008-05-28 23:09:02.000000000 +0200
@@ -191,8 +191,12 @@
$cryptkeyscript $cryptkey < /dev/console 2> /dev/console | \
$cryptcreate --key-file=- > /dev/console 2>&1
elif [ -p /dev/.initramfs
- usplash_write "INPUTQUIET Enter password to unlock the disk ($crypttarget): "
- PASS="$(cat /dev/.initramfs
+ if [ -z "$successful_pass" ]; then
+ usplash_write "INPUTQUIET Enter password to unlock the disk ($crypttarget): "
+ PASS="$(cat /dev/.initramfs
+ else
+ PASS=$successfu
+ fi
echo -n "$PASS" | $cryptcreate > /dev/null 2>&1
else
$cryptcreate < /dev/console > /dev/console 2>&1
@@ -200,12 +204,18 @@
if [ $? -ne 0 ]; then /usplash_ outfifo ] && [ -x /sbin/usplash_write ]; then pass=$PASS
echo "cryptsetup: cryptsetup failed, bad password or options?"
- sleep 3
+ if [ -n "$successful_pass" ]; then
+ unset successful_pass
+ count=$(( $count - 1 ))
+ else
+ sleep 3
+ fi
continue
elif [ ! -e "$NEWROOT" ]; then
echo "cryptsetup: unknown error setting up device mapping"
return 1
elif [ -p /dev/.initramfs
+ export successful_
# clean the text, to give feedback that it worked
usplash_write "TEXT-URGENT "
fi