RFC: entering luks password on grub level for devices without keyboards

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

bevor we start, it is a VERY VERY SPECIAL situation i will talk about
now. It could get fixed by a UNUSUAL approach.

The device we talk about as an example is the SURFACE PRO Tablet Series
from Microsoft WITH a LUKS encrypted installation on the drive.

Situation:

If you encrypt  the fedora ( or any ) installation with luks, as
security of a mobile device indicates, you end up without the
possibility to enter the password, when you do not have an in/external
keyboard at hand.

As tablets do not come with a keypad ( called TypoCover by MS ) by
default, it's not possible to enter the password when Plymouth asks for it.

There is simply no keyboard available, AND additionally since surface
pro 4+,  touch does not work with upstream kernel, so adding an OSK
isn't helping.

Solution until now: TypeCover or external Keyboard OR no encryption for
the device.


## My Suggestion ##

MS blends in a very basic keyboard when grub is displayed. I guess it's
for low level repairs when windows fails. The clou is, it gets displayed
and handled by the Surface Bios itself as it seems.

With the help of this OSK on grublevel, it is possible to use an
(nonexisting yet)  envvar or a kernel parameter to pass the password
down to the luks unlock part. (not to forget, to choose a kernel there ;) )

## BENEFITS ##

This would secure the mobile device and  makes it usable as a real
tablet computers should be used.

It's also a way for other future mobile devices with touchscreens-only,
how they  could solve the issue i.e. linux smartphones.

it gets really interesting as a standard way of how things should work,
when you keep in mind that any mobile bios  has already solved touch
support for the device in question, because they have the urge need to
enter the phones bios and do things like "wipe cache" "boot from .."
"test graphics" etc. etc. which is then obviously touchbased.  Opening
the already present touchhandling to an OSK on startup as MS did, could
be the way to go for all future touch devices.


Your comments on this, please.

Best regards,
Marius Schwarz
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux