Hello. We are implementing a feature related to PKCS#11 that, when some conditions are met (mostly that PKCS11 PIN has not been stored in configuration and input to our systemd unit), requires systemd-cryptsetup service password prompt to be hidden from TTY and executed only listening to password provided by the socket defined in https://systemd.io/PASSWORD_AGENTS/
However, I have found no mechanism to hide the password prompt from systemd-cryptsetup. I understand we should provide something similar to "--no-tty" in "systemd-ask-password", but I doubt how this can be addressed on boot time without modifying systemd-cryptsetup code. I have also seen no option in crypttab to perform this, as the "password-echo" option controls just how the password is shown in the terminal. Does anyone in the list have some tips to try to achieve this at boot time without systemd-cryptsetup modification? Thanks -- Sergio Arroutbi Braojos Senior Software Engineer at Red Hat - Special Projects (SECENGSP) Red Hat <http://redhat.com>
