I'm sending this in a new thread using `git format-patch` On Tue, Jun 25, 2019 at 12:48 AM Jason Kushmaul <jasonkushm...@gmail.com> wrote:
> Hello, > > I'm new to the list. I've been working on this myself for personal > reasons. I think this should be viewed as an accessibility issue, not as a > convenience. Those that have motor impairments have a very difficult time > booting their machines without a reboot, or rescue. > > Please see my patch attached which adds documentation, configuration, and > implementation. The patch is against master > (4e7b5bb3be69633ed860cb74b0ef2c84a839523d) but I can change that if you > like. > I tested this in a virtualbox. > > If a more formal request is needed, I prepared this before finding this > existing post: > > ************************************** > FEATURE > ************************************** > Add LUKS full disk encryption passphrase retry config and logic, providing > accessibility to people with motor impairments, Parkinson's, etc. > > ************************************** > JUSTIFICATION > ************************************** > As of master (4e7b5bb3be69633ed860cb74b0ef2c84a839523d), I've found no > other tickets mentioning this. > > When cryptodisk attempts to recover the key, it asks for the passphrase, > just once. You are required to reboot, or know how to recover grub > yourself manually. > > Many people enjoy the confidence of encrypting their full disk, including > /boot. However, for those who may be plagued with motor impairment, shaking > of hands, twitches in the fingers as they type, one would have severe > barriers to enjoying that same level of security due to bneing required to > type a passphrase once, and getting it right without having to reboot again. > > I know there is a concern for security. This configuration would default > to 1 attempt as it is today, and those who chose, may choose any amount > they like up to 256. Defaulting to 1 will maintain exactly the same > behavior for users upgrading. > > ************************************** > STEPS TO REPRODUCE > ************************************** > Steps: > * Setup > * Observation > > Setup: > * Encrypt the full disk using luks so that the /boot is contained in luks > disk. > * Use a passphrase 32 characters long with an equal distribution of > [0-9a-zA-Z] and specials. > * Boot and wait for passphrase prompt. > > Observation: > Enter the incorrect password and hit enter. You are not asked to retry, > or allowed to configure it before install of grub on the full disk crypto > setup. You must then type the full blown steps to ask again, or simply > CTL-ALT-DEL and wait 45 more seconds... > > With the patches, one can configure with a "-t" and a number of retry > attempts. They will see the same prompt, see a notification about key > recovery in progress, and if incorrect, another message stating such, but > then be prompted again on failure. > > ************************************** > SUMMARY > ************************************** > Those with motor impairments have a barrier preventing them from enjoying > LUKS full disk encryption with strong passphrases. Causing them a need to > reboot until correct. > > This is easy to reproduce, but a little more difficult to realize how > people with impaired motor function would struggle. > > The changes in this patch offer a configurable way to increase the number > of attempts from 1, to any number <= 256, but maintains the default > behavior as all users expect, which is just 1 attempt. > > > >
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
