Hello. I have tried with headless=yes. The issue with this is that systemd-cryptsetup ends, so I can not provide the password for decryption through socket provided in /run/systemd/ask-password/sck.numbers
I miss an option where systemd-cryptsetup is executed headless, but continues running, without exiting.On Tue, Jun 4, 2024 at 6:24 PM Luca Boccassi <luca.boccassi@xxxxxxxxx> wrote:
Add headless=yes to the crypttab entry for the device you want to
avoid interactive passwords prompt for
On Tue, 4 Jun 2024 at 17:22, Sergio Arroutbi <sarroutb@xxxxxxxxxx> wrote:
>
> Hello Lennart. Thanks for your quick response.
>
> This option will disable all password prompt ... hiding also our calls to systemd-ask-password ... is it possible to discard systemd-cryptsetup one specifically?
>
> On Tue, Jun 4, 2024 at 2:52 PM Lennart Poettering <lennart@xxxxxxxxxxxxxx> wrote:
>>
>> On Di, 04.06.24 13:08, Sergio Arroutbi (sarroutb@xxxxxxxxxx) wrote:
>>
>> > Hello.
>> >
>> > We are implementing a feature related to PKCS#11 that, when some conditions
>> > are met (mostly that PKCS11 PIN has not been stored in configuration and
>> > input to our systemd unit), requires systemd-cryptsetup service password
>> > prompt to be hidden from TTY and executed only listening to password
>> > provided by the socket defined in
>> > https://systemd.io/PASSWORD_AGENTS/
>>
>> The boot-time password prompt on the TTY is just an agent too. Mask it
>> via "systemctl mask systemd-ask-password-console.service".
>>
>> Lennart
>>
>> --
>> Lennart Poettering, Berlin
>>
>
>
> --
> Sergio Arroutbi Braojos
> Senior Software Engineer at Red Hat - Special Projects (SECENGSP)
> Red Hat
--
