# Luks on LVM Laptop password prompt? [SOLVED]

## Budoka

I wasn't exactly sure how to phrase the question so sorry if it is vague.

I have Luks on LVM on my AMD64 laptop.

It is a dual boot box with Win7 and Gentoo.

As it is configured now, when turning on the box, it prompts for a password. I configured that in the BIOS.

Then it continues to boot into GRUB2. I can select either my Win7 install or Gentoo install.

If I select Gentoo, it will start to boot and in mid boot prompt me for my Luks password. Then continue to boot to my GUI and login screen.

I don't like the fact that it prompts for the Luks password during the boot because this alerts a thief/unauthorized user that there is an encrypted volume on the box.

Is there a way to have it boot to my gui login screen and then after logging in prompt me for the luks password?

Thanks.Last edited by Budoka on Tue Mar 26, 2013 3:26 am; edited 1 time in total

----------

## Hu

That depends on how much of the system is inside the LUKS container.  If you placed everything except /boot in LUKS, then no, because if you do not give the password early, then the system cannot access the graphical environment to start it.  If you placed only your home directory in the LUKS container, you might be able to change it.  However, LUKS has a very distinctive header, so deferring the prompt will not, on its own, provide much secrecy.

----------

## Budoka

 *Hu wrote:*   

> That depends on how much of the system is inside the LUKS container.  If you placed everything except /boot in LUKS, then no, because if you do not give the password early, then the system cannot access the graphical environment to start it.  If you placed only your home directory in the LUKS container, you might be able to change it.  However, LUKS has a very distinctive header, so deferring the prompt will not, on its own, provide much secrecy.

 

Thank you for the reply. That is indeed what I did so I guess I am S-out of luck.

----------

## cach0rr0

 *Budoka wrote:*   

> 
> 
> Thank you for the reply. That is indeed what I did so I guess I am S-out of luck.

 

could always just fashion an initramfs that drops you to a busybox shell

wherein the only thing actually running is from busybox, rather than your root volume, and in order to continue on with the boot process you have to fire off a script

random idea, not quite as nice as somehow magically getting to a login manager whose files are stored entirely on the encrypted device youre trying not to decrypt, but it works!  :Smile: 

----------

## Budoka

 *cach0rr0 wrote:*   

>  *Budoka wrote:*   
> 
> Thank you for the reply. That is indeed what I did so I guess I am S-out of luck. 
> 
> could always just fashion an initramfs that drops you to a busybox shell
> ...

 

Thanks. I'll probably just leave it as is for the moment but will keep that option in mind when my kernel skills are better.

----------

