[systemd-devel] How to retry entering PIN for cryptsetup in initrd?
Carl Lei
me at xecycle.info
Mon Jul 14 09:09:14 UTC 2025
On Mon, 14 Jul 2025 10:42:06 +0200
Lennart Poettering <lennart at poettering.net> wrote:
> On Mo, 14.07.25 13:39, Carl Lei (me at xecycle.info) wrote:
>
> > Hello,
> >
> > I configure my LUKS to use TPM+PIN, and frequently, when I made a
> > typo in the PIN, it falls back to passphrase directly. My
> > passphrase is a random one I don't remember (saved in password
> > managers), so when this happens I usually choose to Ctrl-Alt-Del;
> > grabbing the phone is slower than waiting it to reboot. Can I
> > configure it give me some chances to retry?
>
> Ask your distro to maybe backport
> 48cb1ad9c3fde47dc40b4345fa2efb2012596768 and related commits.
Oh, nice to see it already fixed :) I'd wait for the next release.
So, what is the fallback logic after this commit? Does it rely on TPM
lockout to fallback to passphrase, or is there a fixed counter that
will trigger before lockout?
More information about the systemd-devel
mailing list