Re: RFC: entering luks password on grub level for devices without keyboards

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Saturday, March 14, 2020 5:05:11 AM MST Marius Schwarz wrote:
> Hi all,
> 
> bevor we start, it is a VERY VERY SPECIAL situation i will talk about
> now. It could get fixed by a UNUSUAL approach.
> 
> The device we talk about as an example is the SURFACE PRO Tablet Series
> from Microsoft WITH a LUKS encrypted installation on the drive.
> 
> Situation:
> 
> If you encrypt  the fedora ( or any ) installation with luks, as
> security of a mobile device indicates, you end up without the
> possibility to enter the password, when you do not have an in/external
> keyboard at hand.
> 
> As tablets do not come with a keypad ( called TypoCover by MS ) by
> default, it's not possible to enter the password when Plymouth asks for it.
> 
> There is simply no keyboard available, AND additionally since surface
> pro 4+,  touch does not work with upstream kernel, so adding an OSK
> isn't helping.
> 
> Solution until now: TypeCover or external Keyboard OR no encryption for
> the device.
> 
> 
> ## My Suggestion ##
> 
> MS blends in a very basic keyboard when grub is displayed. I guess it's
> for low level repairs when windows fails. The clou is, it gets displayed
> and handled by the Surface Bios itself as it seems.
> 
> With the help of this OSK on grublevel, it is possible to use an
> (nonexisting yet)  envvar or a kernel parameter to pass the password
> down to the luks unlock part. (not to forget, to choose a kernel there ;) )
> 
> ## BENEFITS ##
> 
> This would secure the mobile device and  makes it usable as a real
> tablet computers should be used.
> 
> It's also a way for other future mobile devices with touchscreens-only,
> how they  could solve the issue i.e. linux smartphones.
> 
> it gets really interesting as a standard way of how things should work,
> when you keep in mind that any mobile bios  has already solved touch
> support for the device in question, because they have the urge need to
> enter the phones bios and do things like "wipe cache" "boot from .."
> "test graphics" etc. etc. which is then obviously touchbased.  Opening
> the already present touchhandling to an OSK on startup as MS did, could
> be the way to go for all future touch devices.
> 
> 
> Your comments on this, please.
> 
> Best regards,
> Marius Schwarz

If you're drawing a direct comparison to the Fedora boot process from the 
Windows process, the point at which Windows is presenting an OSK is about at 
the point after which initrd is loaded in the Fedora boot process. It's not 
happening at the bootloader itself.

Further, there is no threading support in GRUB to begin with, nor a GUI 
toolkit which could be used for an OSK.

-- 
John M. Harris, Jr.
Splentity

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux