Hello. I have tried with headless=yes. The issue with this is that systemd-cryptsetup ends, so I can not provide the password for decryption through socket provided in /run/systemd/ask-password/sck.numbers
I miss an option where systemd-cryptsetup is executed headless, but continues running, without exiting. I have tried with keyfile=/dev/urandom and option=keyfile-size=600000, but it is too quick. I also tried try-empty-password, but this is tried only once. I am running out of ideas. On Tue, Jun 4, 2024 at 6:24 PM Luca Boccassi <luca.bocca...@gmail.com> wrote: > Add headless=yes to the crypttab entry for the device you want to > avoid interactive passwords prompt for > > On Tue, 4 Jun 2024 at 17:22, Sergio Arroutbi <sarro...@redhat.com> wrote: > > > > Hello Lennart. Thanks for your quick response. > > > > This option will disable all password prompt ... hiding also our calls > to systemd-ask-password ... is it possible to discard systemd-cryptsetup > one specifically? > > > > On Tue, Jun 4, 2024 at 2:52 PM Lennart Poettering < > lenn...@poettering.net> wrote: > >> > >> On Di, 04.06.24 13:08, Sergio Arroutbi (sarro...@redhat.com) wrote: > >> > >> > Hello. > >> > > >> > We are implementing a feature related to PKCS#11 that, when some > conditions > >> > are met (mostly that PKCS11 PIN has not been stored in configuration > and > >> > input to our systemd unit), requires systemd-cryptsetup service > password > >> > prompt to be hidden from TTY and executed only listening to password > >> > provided by the socket defined in > >> > https://systemd.io/PASSWORD_AGENTS/ > >> > >> The boot-time password prompt on the TTY is just an agent too. Mask it > >> via "systemctl mask systemd-ask-password-console.service". > >> > >> Lennart > >> > >> -- > >> Lennart Poettering, Berlin > >> > > > > > > -- > > Sergio Arroutbi Braojos > > Senior Software Engineer at Red Hat - Special Projects (SECENGSP) > > Red Hat > > -- Sergio Arroutbi Braojos Senior Software Engineer at Red Hat - Special Projects (SECENGSP) Red Hat <http://redhat.com>
