Keyboard layout and decryption of the disk at boot time
Pierre-Alain TORET
pierre-alain.toret at protonmail.com
Thu Jul 25 08:32:53 PDT 2019
Hello,
this is targeted to users using a cryptographic LUKS volume under a filesystem (as instructed in the crypto installation webpage).
Being french I'm using an "azerty" keyboard so the default decryption layout is not really convenient, it makes it harder to type the password.
Anyway I've managed to find a solution which is maybe not perfect, but working. One just has to adapt the keyboard layout to fit his/her needs in the following instructions.
First copy /usr/share/syscons/keymaps/fr.iso.kbd into /usr/src/initrd/etc/fr.iso.kbd
Then apply the following patch to the source tree :
diff --git a/initrd/etc/Makefile b/initrd/etc/Makefile
index ff8fe676b8..be0f9b1863 100644
--- a/initrd/etc/Makefile
+++ b/initrd/etc/Makefile
@@ -1,5 +1,6 @@
ETC_SCRIPTS= rc rc.lvm2 rcmount_crypt rcmount_tcplay
ETC_FILES= ${.CURDIR}/motd \
+ ${.CURDIR}/fr.iso.kbd \
${.CURDIR}/../../etc/group \
${.CURDIR}/../../etc/master.passwd \
${.CURDIR}/../../etc/protocols \
diff --git a/initrd/etc/rcmount_crypt b/initrd/etc/rcmount_crypt
index 4454fc3410..132efb1df3 100644
--- a/initrd/etc/rcmount_crypt
+++ b/initrd/etc/rcmount_crypt
@@ -5,6 +5,9 @@ MOUNTFROM="/dev/${3#/dev/}"
VOLUME=$4
OPTIONS=$5
+echo "Setting keyboard layout"
+/sbin/kbdcontrol -l /etc/fr.iso.kbd
+
cryptsetup isLuks $MOUNTFROM || return 1
cryptsetup $OPTIONS luksOpen $MOUNTFROM $VOLUME || return 2
mount -o ro -t $FSTYPE /dev/mapper/$VOLUME $NEW_ROOT || return 3
diff --git a/initrd/rescue/Makefile b/initrd/rescue/Makefile
index 18deaee677..66cd26c7e5 100644
--- a/initrd/rescue/Makefile
+++ b/initrd/rescue/Makefile
@@ -187,6 +187,7 @@ CRUNCH_PROGS_usr.sbin= \
chown \
chroot \
fstyp \
+ kbdcontrol \
pw \
pwd_mkdb \
rtsold \
@@ -248,6 +249,7 @@ CRUNCH_LIBS+= -lutil
CRUNCH_LIBS+= -lz # savecore
CRUNCH_LIBS+= -lm # awk, ps, ping
CRUNCH_LIBS+= -lpthread
+CRUNCH_LIBS+= -ll
CRUNCH_LINKOPTS+= ${PRIVATELIB_LDFLAGS}
.include <bsd.crunchgen.mk>
Then rebuilding/reinstalling the initrd is mandatory
cd /usr/src
make initrd
If you get an error such as :
Required initrd image size: 18 MB
Initrd size: 18 MB
Exceeded the maximum size (15 MB)
This maximum size can be changed in /usr/src/initrd/mkinitrd.sh and look for INITRD_SIZE_MAX="15", then change to allow an initrd a bit larger.
At next reboot you should be able to type the password to decrypt the crypto volume with the specified layout.
I wanted to publish this for a long time as Aaron LI helped me with this on IRC last october, but for some reason I forgot.
Regards,
More information about the Users
mailing list