[bug #56924] The cryptomount command should allow more than one password

bug-grub

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #56924] The cryptomount command should allow more than one password

From:	Matthias Kruzenski
Subject:	[bug #56924] The cryptomount command should allow more than one password entry attempt
Date:	Fri, 20 Sep 2019 13:35:08 -0400 (EDT)
User-agent:	Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/65.0.3325.181 Chrome/65.0.3325.181 Safari/537.36

URL:
  <https://savannah.gnu.org/bugs/?56924>

                 Summary: The cryptomount command should allow more than one
password entry attempt
                 Project: GNU GRUB
            Submitted by: m4dm4x1337
            Submitted on: Fri 20 Sep 2019 05:35:05 PM UTC
                Category: Booting
                Severity: Major
                Priority: 5 - Normal
              Item Group: Software Error
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 
                 Release: 2.02
         Reproducibility: Intermittent
         Planned Release: None

    _______________________________________________________

Details:

The cryptomount command should allow more than one password entry attempt
otherwise there is a possibility that a user will end up in the GRUB rescue
shell due to hardware-specific errors.

Background:
-----------

I have a fully encrypted USB stick, the boot directory resists in the root
filesystem, and the LUKS password prompt appears immediately after pressing
the power button.

The USB stick has a hybrid MBR and everything needed to boot in BIOS and UEFI
mode.

So far, I have been able to boot every computer, even the oldest!

Recently I tried to boot an Alienware 17 laptop and found something strange.
For some reason, the GRUB rescue shell appears immediately after pressing the
power button. It seems like that the BIOS sends *somehow* a ENTER keystroke to
the cryptomount command, or maybe it is a bug in the GRUB source code.

Whatever the reason is, it causes me to end up in the GRUB rescue shell
because I do not have a second password entry attempt.

I know that I can start cryptomount again via the GRUB rescue shell, but for
an average user this is far too complicated.

While researching the topic, I came across a patch:
https://gitlab.com/jkushmaul/grub2

That's the perfect solution for this problem. Please merge the patch with the
GRUB source code, because there exists hardware that make multiple password
input attempts mandatory.




    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?56924>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[bug #56924] The cryptomount command should allow more than one password entry attempt, Matthias Kruzenski <=

Prev by Date: [bug #56922] Resource Leak in TCP packet handling in grub, trivial patch
Next by Date: Grub hangs if SecureBoot verification fails
Previous by thread: [bug #56922] Resource Leak in TCP packet handling in grub, trivial patch
Next by thread: Grub hangs if SecureBoot verification fails
Index(es):
- Date
- Thread