On 07.01.24 18:07, David Wright wrote:
On Sat 06 Jan 2024 at 20:04:57 (+0100), Richard Rosner wrote:I just tried out systemd-boot. What I noticed, it doesn't ask for my decryption password to decrypt both my LUKS2 encrypted root and swap partition. This kinda defeats the purpose of encrypted drives. How do I have systemd-boot forget and never again remember my credentials?I'm assuming that when you boot, you do get /one/ prompt for your passphrase, and not zero. If it doesn't ask /again/ after that, then I'd guess that it's storing something somewhere. Nope, there's absolutely none. It just boots straight into the system, just as I said. Hence, I literally named this topic "systemd-boot not asking password". If it wouldn't ask again, that would just be the as expected behavior you'll also get from Grub. It makes no sense to ask for every encrypted partition when the passphrase is the same.
I kinda doubt that, like a lot. Maybe update-initramfs does pull in information from the Grub config, but otherwise there's no indication to that. It does pass parameters you put into the /etc/default/grub to the Kernel though.In the little I've read about this, I've come across a scheme where Grub writes an initrd file in memory and appends it to your main initrd(s) so that the kernel can read it later. Good for you, not my use case.For the installation, I just installed systemd-boot. Afterward I had to uncomment the timeout option in /boot/efi/loader/loader.conf so I would get the selection screen, but I didn't make any other modifications. So what exactly is missing? Adding to that, resume from hibernate doesn't seem to work. Resume is included in the options line in the /boot/efi/loader/entries files, it's also enabled in initramfs-tools, yet after powering on after hibernating, I'm not greeted with where I left off.I don't use hibernation. I close down desktops because I can remotely boot them, and I leave laptops running as they consume trivial power. That's just how not to do things. Software should be well documented, otherwise it should be replaced by something that is. Systemd replaced SysV Init as a service starter because it was much easier to handle and not just a pile of historical garbage nobody understands anymore. The same should be kept for other systemd services.PS: by any chance does anybody know if systemd-boot supports Argon2 KDF for LUKS2? I only know that Grub2 doesn't (yet), but it's difficult to find the specific documentation on systemd-boot.You probably need to follow appropriate lists if you want to stay up to date. |