Hi all,

I want to get from user a passward during boot time. This is something similar to what cryptsetup does, pausing boot process and demanding a password. Does this have something to do with initramfs?

Thanks

full disk encryption is what you are looking for. you might also look at your BIOS as it might have a boot loader p/w you can set as well.

grub can also ask for a passwd

1 members found this post helpful.

good to know chrism01

Thank you! And how do I get a password during boot time like cryptsetup does? I just want to learn how it does...

Cheers!

dont know cryptsetup, if you like that then use that. otherwise you have 3 options listed here. two are very simple to set and with a little googling im sure the 3rd option would not be that hard to figure out either.

Nowhere I said I want to USE cryptsetup. I said "I want to get from user a password during boot time". Nowhere I said either I want to encrypt a hard disk. And surely I have already googled for my problem, and also searched here in LQ. All the answers I got here are useless, since they do not answer my actual question, and the last suggestion comes with the insinuation I did something wrong here... I apologize for this text; I have no intention of being rude. The point is that the question is open and maybe some expert would like to share with us his knowledge. Thanks.

If you mean what I think, then, as above, if you go into the BIOS, you should be able to set a passwd there.
It usually a matter of hitting the right key during BIOS start. If you watch the msgs closely, it should tell you which key.
If not, its often either the DEL key or an F key eg F2, F8. Try a few or google your HW/motherboard.

as stated above several times now. i do not know cryptsetup. if you want to use that, then bloody well do so and stop [Mod Edit] complaining about it.

for BIOS pass word, well duh get into the BIOS on the computer and set the bloody pass word. sorry, but that is 101 computer basic.

if you did google full disk encryption there are plenty of detailed step by step instructions out there on HOWTO properly setup and configure a system for full disk encryption. im not going to write yet an other one when there are so many very good ones out there with a simple GOOGLE.COM search:

https://www.google.com/search?q=howt...hrome&ie=UTF-8

there follow the bloody link.

if the answers are useless, then you have failed to perform any research on what you are asking. they are all very clear and simple.

@lleb

Please refrain from using profanity when posting. You should consider re-reading LQ Rules to refresh your understanding.

Your post was Moderator edited to remove offensive language.

Thank you, Onebuck! The text, rude, does not answer anything. I, as much as lleb, still do not know how cryptsetup could interrupt the boot process, asks for a password, and use it to unlock a partition. If somebody can clarify, some light would be great!

Hi,
lleb, content was possible solution, just not composed following LQR guidelines.

Look at 'man crypsetup'.

Fedora, openSUSE and Ubuntu installers offer GUI for setting up installations on encrypted partitions which will eventually ask for password at the time of booting. Arch and Slackware - you can setup using CLI.

Here is a sample. This is how I usually setup encrypted storage. A similar sequence can be used to install Linux on encrypted partitions as well.

There are many aspects of the code above that needs understanding. This is not a fix-all solution. Make sure you read the manual pages before attempting this.

Caution: Also remember, encrypting a hard drive will completely destroy the data on that hard drive.

Hope this helps.

conconga, my understanding of your question is that you'd like to know how to get control early during the boot process to prompt a user for a password. You used LUKS as an example, but you've stated that you aren't asking how to implement LUKS encryption and don't wish to do so. You just want to know how LUKS does it so you can possibly do the same. Do I have that right?

Can you tell me what problem you are trying to solve? Why do you want to prompt the user for a password during the boot process?

The reason I ask is because most methods of password-protecting a system from being booted can be defeated fairly easily. For example:

1) A boot password set in BIOS can be defeated by clearing the BIOS CMOS. Many motherboards have a jumper that can be shorted to do this, and on some, removing the battery will do the same thing. You can then boot the system and login as usual.

2) A password set in a boot loader, like GRUB or lilo, can be defeated by booting Linux in single user mode. Both GRUB and lilo give you a means to do this. You'll be booted to a non-password protected root command prompt. You can then mount the hard drives and access all the data.

3) Boot the system from a Live CD, which normally gives you a non-password protected root command prompt. You can then mount the hard drives if the Live CD didn't already do it for you, and access all the data.

4) Boot an Linux installation CD. Most of them let you boot to a non-password protected root command prompt. Then proceed as in example 2 or 3.


If you are trying to prevent an unsophisticated user from booting the system, then a BIOS password or a boot loader password may be OK for you. Prompting a user during boot like LUKS does can be defeated by examples 2, 3, and 4 above. The LUKS password prompt can be avoided at boot time too in the same way, but no one will be able to access the encrypted filesystem until it is mounted and unlocked. LUKS will still get control to prompt for the password.

If you are interested in preventing unauthorized access to data on the system, then you really should consider full disk encryption for all partitions, including your swap partitions. At the minimum, you should encrypt the filesystem that contains /home and any other sensitive directories. If you do that, then LUKS will give you the password prompt during boot that you want, and you won't have to roll your own.

As for what you'd do if you still want to roll your own, I can't help you there, but I'm sure there are some who can if you keep searching and asking.

I apologize if I've still managed to misunderstand your objective.

That's the point. I see, by what appears on the monitor, that init has taken control. That is, the kernel is up. But it stops the process and requests a password at a time, I guess, X is not up yet. How? And how does it use the keyboard then?

Moreover, it works for all kernels I have. It does not matter if I change or recompile. It will still hang the boot.

None. I am just curious, trying to learn something interesting and new. This is the best thing about open-source life-style!

Thanks for your explanation about desktop-station-security. I have some cryptography here, but I see there are concepts to improve.

Regards!