v0.5.10: disable plymouth during early boot for text LUKS prompt
v0.5.9 GRUB-installs cleanly. Disk boots, dracut reaches
cryptsetup.target, systemd-ask-password-plymouth.path armed. But
plymouth never switches from boot-splash mode to password-prompt mode
— sendkey'd passphrases bounce, dracut waits forever on
dev-disk-by-uuid.
Workaround: pass `plymouth.enable=0 rd.plymouth=0` to kernel cmdline.
Eliminates plymouth-ask-password-plugin as a layer; LUKS prompt
appears as plain text on tty1 ("Please enter passphrase for disk... :").
Bonus: aligns with hardening posture. Plymouth is graphical eye-candy
running in pid 1's namespace during early boot. Fewer moving parts =
smaller attack surface. veilor-os defaults to text boot; users wanting
splash can re-enable post-install.
This commit is contained in:
veilor-org
parent
2511df6327
commit
38d702e14a
1 changed files with 1 additions and 1 deletions
|
|
@ -348,7 +348,7 @@ user --name=admin --groups=wheel --gecos="veilor admin" --password=__ADMIN_PW__
|
||||||
|
|
||||||
# Full hardening cmdline (installed system, not live):
|
# Full hardening cmdline (installed system, not live):
|
||||||
# --location=none: anaconda auto-places bootloader (UEFI grub2-efi or BIOS).
|
# --location=none: anaconda auto-places bootloader (UEFI grub2-efi or BIOS).
|
||||||
bootloader --append="lockdown=integrity slab_nomerge init_on_alloc=1 init_on_free=1 randomize_kstack_offset=on vsyscall=none"
|
bootloader --append="lockdown=integrity slab_nomerge init_on_alloc=1 init_on_free=1 randomize_kstack_offset=on vsyscall=none plymouth.enable=0 rd.plymouth=0"
|
||||||
|
|
||||||
# Disk: zero, LUKS2 (argon2id), btrfs subvolumes (no LVM intermediary).
|
# Disk: zero, LUKS2 (argon2id), btrfs subvolumes (no LVM intermediary).
|
||||||
# Native btrfs-on-LUKS matches Fedora KDE Spin defaults; LVM+btrfs combo
|
# Native btrfs-on-LUKS matches Fedora KDE Spin defaults; LVM+btrfs combo
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue