Red Hat Bugzilla – Bug 433406
RFE: FC9 more descriptive boot prompt
Last modified: 2008-04-15 13:51:46 EDT
When you boot up the encrypted volume thing asks for "LUKS Password:" Now
this lacks a little in description.
How about some kind of an indicator of which volume we are talking about in case
in the future we are dealing with more than one. More important how about
something like "LUKS disk volume password:" So that less skilled people can
know what you are asking about.
Also how about adding 9 alpha 1 to the list of versions so that this can be
Also apparently when you type in the pass phrase, you only have one shot at it.
Now having go after go at it may be a security issue, but only one chance will
get users to start throwing their computers through a window. ;-)
Imho an initscripts bug, therefore I change the component. If you consider this
to be a bug in cryptsetup, please use cryptsetup-luks as the component.
initscripts is not involved with this prompt.
Hm, changing the prompt to be "LUKS disk volume password:" in cryptsetup sounds
wrong to me, because it may not be a disk volume, because cryptsetup can be used
to encrypt any file/block device (e.g. cds, usb sticks, floppies).
A change to
"LUSK password to open %s as %s:" with the device and the name for the mapping
provided would not hurt, imho. Nevertheless, it is possible to pipe the passwort
to cryptsetup and get it first from the user with an arbitrary prompt, which
would allow to provide even more information about the volume, e.g. it could be
explained that it is the root partition when the root partition is mounted.
How about just LUSK encrption key password: Instead of just LUSK Password.
At least that gives people who are not conversent with what LUKS is a clue as to
what they are dealing with and which password is being asked for.
I did just check and found a difference in the process. It has fixed the
comment #1. This is a BIG help. If you enter the password wrong now, it asks
again. At least if you guess wrong in what password we are talking about you
get a second chance without having to totally restart the boot process.
Created attachment 302488 [details]
Patch to add device to the prompt
Here's a patch that adds the device name. I'm not sure the mapper device is
particularly relevant, but I could be wrong.
The reason I'd rather do this in cryptsetup for now is that trying to do all
the prompting and piping from shell would be a real pain.
Added in 1.0.6-2.
*** Bug 437261 has been marked as a duplicate of this bug. ***