[systemd-devel] Hiding systemd-cryptsetup password prompt

Sergio Arroutbi sarroutb at redhat.com
Tue Jun 4 11:08:12 UTC 2024


Hello.

We are implementing a feature related to PKCS#11 that, when some conditions
are met (mostly that PKCS11 PIN has not been stored in configuration and
input to our systemd unit), requires systemd-cryptsetup service password
prompt to be hidden from TTY and executed only listening to password
provided by the socket defined in https://systemd.io/PASSWORD_AGENTS/

However, I have found no mechanism to hide the password prompt from
systemd-cryptsetup. I understand we should provide something similar to
"--no-tty" in "systemd-ask-password", but I doubt how this can be addressed
on boot time without modifying systemd-cryptsetup code.
I have also seen no option in crypttab to perform this, as the
"password-echo" option controls just how the password is shown in the
terminal.

Does anyone in the list have some tips to try to achieve this at boot time
without systemd-cryptsetup modification?

Thanks
-- 
Sergio Arroutbi Braojos
Senior Software Engineer at Red Hat - Special Projects (SECENGSP)
Red Hat <http://redhat.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20240604/5260081a/attachment.htm>


More information about the systemd-devel mailing list