Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I want to get from user a passward during boot time. This is something similar to what cryptsetup does, pausing boot process and demanding a password. Does this have something to do with initramfs?
dont know cryptsetup, if you like that then use that. otherwise you have 3 options listed here. two are very simple to set and with a little googling im sure the 3rd option would not be that hard to figure out either.
Nowhere I said I want to USE cryptsetup. I said "I want to get from user a password during boot time". Nowhere I said either I want to encrypt a hard disk. And surely I have already googled for my problem, and also searched here in LQ. All the answers I got here are useless, since they do not answer my actual question, and the last suggestion comes with the insinuation I did something wrong here... I apologize for this text; I have no intention of being rude. The point is that the question is open and maybe some expert would like to share with us his knowledge. Thanks.
If you mean what I think, then, as above, if you go into the BIOS, you should be able to set a passwd there.
It usually a matter of hitting the right key during BIOS start. If you watch the msgs closely, it should tell you which key.
If not, its often either the DEL key or an F key eg F2, F8. Try a few or google your HW/motherboard.
Nowhere I said I want to USE cryptsetup. I said "I want to get from user a password during boot time". Nowhere I said either I want to encrypt a hard disk. And surely I have already googled for my problem, and also searched here in LQ. All the answers I got here are useless, since they do not answer my actual question, and the last suggestion comes with the insinuation I did something wrong here... I apologize for this text; I have no intention of being rude. The point is that the question is open and maybe some expert would like to share with us his knowledge. Thanks.
as stated above several times now. i do not know cryptsetup. if you want to use that, then bloody well do so and stop [Mod Edit] complaining about it.
for BIOS pass word, well duh get into the BIOS on the computer and set the bloody pass word. sorry, but that is 101 computer basic.
if you did google full disk encryption there are plenty of detailed step by step instructions out there on HOWTO properly setup and configure a system for full disk encryption. im not going to write yet an other one when there are so many very good ones out there with a simple GOOGLE.COM search:
Thank you, Onebuck! The text, rude, does not answer anything. I, as much as lleb, still do not know how cryptsetup could interrupt the boot process, asks for a password, and use it to unlock a partition. If somebody can clarify, some light would be great!
Thank you, Onebuck! The text, rude, does not answer anything. I, as much as lleb, still do not know how cryptsetup could interrupt the boot process, asks for a password, and use it to unlock a partition. If somebody can clarify, some light would be great!
lleb, content was possible solution, just not composed following LQR guidelines.
Distribution: Fedora (typically latest release or development release)
Posts: 372
Rep:
Fedora, openSUSE and Ubuntu installers offer GUI for setting up installations on encrypted partitions which will eventually ask for password at the time of booting. Arch and Slackware - you can setup using CLI.
Here is a sample. This is how I usually setup encrypted storage. A similar sequence can be used to install Linux on encrypted partitions as well.
Code:
$ su -
[root password]
PHP Code:
$ cryptsetup -c enc -s num -h hash luksFormat /dev/sd*
$ mount /dev/mapper/label mount_location $ chown -R user:user mount_location
There are many aspects of the code above that needs understanding. This is not a fix-all solution. Make sure you read the manual pages before attempting this.
Caution: Also remember, encrypting a hard drive will completely destroy the data on that hard drive.
conconga, my understanding of your question is that you'd like to know how to get control early during the boot process to prompt a user for a password. You used LUKS as an example, but you've stated that you aren't asking how to implement LUKS encryption and don't wish to do so. You just want to know how LUKS does it so you can possibly do the same. Do I have that right?
Can you tell me what problem you are trying to solve? Why do you want to prompt the user for a password during the boot process?
The reason I ask is because most methods of password-protecting a system from being booted can be defeated fairly easily. For example:
1) A boot password set in BIOS can be defeated by clearing the BIOS CMOS. Many motherboards have a jumper that can be shorted to do this, and on some, removing the battery will do the same thing. You can then boot the system and login as usual.
2) A password set in a boot loader, like GRUB or lilo, can be defeated by booting Linux in single user mode. Both GRUB and lilo give you a means to do this. You'll be booted to a non-password protected root command prompt. You can then mount the hard drives and access all the data.
3) Boot the system from a Live CD, which normally gives you a non-password protected root command prompt. You can then mount the hard drives if the Live CD didn't already do it for you, and access all the data.
4) Boot an Linux installation CD. Most of them let you boot to a non-password protected root command prompt. Then proceed as in example 2 or 3.
If you are trying to prevent an unsophisticated user from booting the system, then a BIOS password or a boot loader password may be OK for you. Prompting a user during boot like LUKS does can be defeated by examples 2, 3, and 4 above. The LUKS password prompt can be avoidedat boot time too in the same way, but no one will be able to access the encrypted filesystem until it is mounted and unlocked. LUKS will still get control to prompt for the password.
If you are interested in preventing unauthorized access to data on the system, then you really should consider full disk encryption for all partitions, including your swap partitions. At the minimum, you should encrypt the filesystem that contains /home and any other sensitive directories. If you do that, then LUKS will give you the password prompt during boot that you want, and you won't have to roll your own.
As for what you'd do if you still want to roll your own, I can't help you there, but I'm sure there are some who can if you keep searching and asking.
I apologize if I've still managed to misunderstand your objective.
conconga, my understanding of your question is that you'd like to know how to get control early during the boot process to prompt a user for a password. You used LUKS as an example, but you've stated that you aren't asking how to implement LUKS encryption and don't wish to do so. You just want to know how LUKS does it so you can possibly do the same. Do I have that right?
That's the point. I see, by what appears on the monitor, that init has taken control. That is, the kernel is up. But it stops the process and requests a password at a time, I guess, X is not up yet. How? And how does it use the keyboard then?
Moreover, it works for all kernels I have. It does not matter if I change or recompile. It will still hang the boot.
Quote:
Originally Posted by Z038
Can you tell me what problem you are trying to solve? Why do you want to prompt the user for a password during the boot process?
None. I am just curious, trying to learn something interesting and new. This is the best thing about open-source life-style!
Thanks for your explanation about desktop-station-security. I have some cryptography here, but I see there are concepts to improve.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.