Dear GRUB2 Maintainers,
Thank you very much to Jiří "bindiff" Wolker for the excellent suggestion.
Based on his feedback, I have implemented support for a new boolean environment variable called echo_password,
which allows users to control whether characters are echoed (as *) when entering passwords in GRUB2.
I have tested this functionality locally. When the echo_password variable is set (e.g., to 1, true, or yes),
each typed character is displayed as an asterisk (*) on screen. If it is not set or explicitly set to 0, false,
no characters are echoed—preserving the existing secure behavior.
The submitted patch titled:
"lib-crypto-Add-echo_password-boolean-environment-var.patch"
introduces the ability to optionally enable visual feedback during password input in GRUB2.
This is version 2 of the patch adding support for the 'echo_password'
environment variable, allowing users to control whether passwords are echoed as '*' during input.
Key Changes:
-Added use of grub_env_get_bool() to read the echo_password environment variable.
-Ensured backward compatibility with existing password handling logic.
-Default behavior remains non-echoed input for security.
-Used grub_env_get_bool() consistently.
This change improves user experience by providing visual confirmation during password
input while preserving configurability and security.
Could you kindly review the proposed changes at your earliest convenience?
Any feedback or suggestions for improvement would be greatly appreciated.
Thank you very much for your time and consideration.
Best regards,
Andy Lau
[https://github.com/AndyLau-SOC]
--------------------------------------------------------------------------
From: Andy Lau <liuyan...@kylinos.cn>
Date: Thu, 29 May 2025 15:46:48 +0800
Subject: [PATCH] lib/crypto: Add echo_password boolean environment variable
for password echo
Implements character echo (e.g., '*') for user password input in GRUB.
Currently, there is no visual feedback during password entry, making it difficult for users
to confirm their input. therefore, using the echo_password boolean environment variable
allows users to decide for themselves whether to display their "password".
This change significantly improves the user experience.
Signed-off-by: Andy Lau <liuyan...@kylinos.cn>
---
grub-core/lib/crypto.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
index 396f76410..f28051778 100644
--- a/grub-core/lib/crypto.c
+++ b/grub-core/lib/crypto.c
@@ -455,6 +455,9 @@ grub_password_get (char buf[], unsigned buf_size)
{
unsigned cur_len = 0;
int key;
+ bool echo_password = false;
+
+ echo_password = grub_env_get_bool ("echo_password", false);
while (1)
{
@@ -471,7 +474,10 @@ grub_password_get (char buf[], unsigned buf_size)
if (key == '\b')
{
if (cur_len)
- cur_len--;
+ {
+ cur_len--;
+ grub_printf ("\b \b");
+ }
continue;
}
@@ -479,7 +485,12 @@ grub_password_get (char buf[], unsigned buf_size)
continue;
if (cur_len + 2 < buf_size)
- buf[cur_len++] = key;
+ {
+ buf[cur_len++] = key;
+ if (echo_password) {
+ grub_printf ("*");
+ }
+ }
}
grub_memset (buf + cur_len, 0, buf_size - cur_len);
--
2.34.1
----
lib-crypto-Add-echo_password-boolean-environment-var.patch
Description: Binary data
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
