From 38d702e14a71ee803afb84bb56bfcb4671dc1d5c Mon Sep 17 00:00:00 2001 From: veilor-org Date: Sun, 3 May 2026 06:32:32 +0100 Subject: [PATCH] v0.5.10: disable plymouth during early boot for text LUKS prompt MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit v0.5.9 GRUB-installs cleanly. Disk boots, dracut reaches cryptsetup.target, systemd-ask-password-plymouth.path armed. But plymouth never switches from boot-splash mode to password-prompt mode — sendkey'd passphrases bounce, dracut waits forever on dev-disk-by-uuid. Workaround: pass `plymouth.enable=0 rd.plymouth=0` to kernel cmdline. Eliminates plymouth-ask-password-plugin as a layer; LUKS prompt appears as plain text on tty1 ("Please enter passphrase for disk... :"). Bonus: aligns with hardening posture. Plymouth is graphical eye-candy running in pid 1's namespace during early boot. Fewer moving parts = smaller attack surface. veilor-os defaults to text boot; users wanting splash can re-enable post-install. --- overlay/usr/local/bin/veilor-installer | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlay/usr/local/bin/veilor-installer b/overlay/usr/local/bin/veilor-installer index 777fc99..87299b6 100644 --- a/overlay/usr/local/bin/veilor-installer +++ b/overlay/usr/local/bin/veilor-installer @@ -348,7 +348,7 @@ user --name=admin --groups=wheel --gecos="veilor admin" --password=__ADMIN_PW__ # Full hardening cmdline (installed system, not live): # --location=none: anaconda auto-places bootloader (UEFI grub2-efi or BIOS). -bootloader --append="lockdown=integrity slab_nomerge init_on_alloc=1 init_on_free=1 randomize_kstack_offset=on vsyscall=none" +bootloader --append="lockdown=integrity slab_nomerge init_on_alloc=1 init_on_free=1 randomize_kstack_offset=on vsyscall=none plymouth.enable=0 rd.plymouth=0" # Disk: zero, LUKS2 (argon2id), btrfs subvolumes (no LVM intermediary). # Native btrfs-on-LUKS matches Fedora KDE Spin defaults; LVM+btrfs combo