diff options
| -rw-r--r-- | nixos/modules/system/boot/luksroot.nix | 26 | ||||
| -rw-r--r-- | nixos/modules/system/boot/stage-1-init.sh | 3 |
2 files changed, 25 insertions, 4 deletions
diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index 8dad09c8920..15881b6d371 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -36,7 +36,7 @@ let ${optionalString (header != null) "--header=${header}"} \ ${optionalString (keyFile != null) "--key-file=${keyFile} ${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"}"} \ > /.luksopen_args - cryptsetup-askpass + get_password "Enter LUKS Passphrase" cryptsetup-askpass rm /.luksopen_args } @@ -78,9 +78,7 @@ let for try in $(seq 3); do ${optionalString yubikey.twoFactor '' - echo -n "Enter two-factor passphrase: " - read -s k_user - echo + k_user="$(get_password "Enter two-factor passphrase" cat)" ''} if [ ! -z "$k_user" ]; then @@ -463,6 +461,26 @@ in ''} ''; + boot.initrd.preDeviceCommands = '' + get_password() { + local ret + local reply + local tty_stat + + tty_stat="$(stty -g)" + stty -echo + for i in `seq 1 3`; do + echo -n "$1: " + read reply + echo "$reply" | "$2" + if [ "$?" = "0" ]; then + break + fi + done + stty "$tty_stat" + } + ''; + boot.initrd.preLVMCommands = concatStrings (mapAttrsToList openCommand preLVM); boot.initrd.postDeviceCommands = concatStrings (mapAttrsToList openCommand postLVM); diff --git a/nixos/modules/system/boot/stage-1-init.sh b/nixos/modules/system/boot/stage-1-init.sh index d4277ebd80c..6b1bf0b3e02 100644 --- a/nixos/modules/system/boot/stage-1-init.sh +++ b/nixos/modules/system/boot/stage-1-init.sh @@ -14,6 +14,9 @@ export LVM_SUPPRESS_FD_WARNINGS=true fail() { if [ -n "$panicOnFail" ]; then exit 1; fi + # If we have a splash screen started, quit it. + command -v plymouth >/dev/null 2>&1 && plymouth quit + # If starting stage 2 failed, allow the user to repair the problem # in an interactive shell. cat <<EOF |