Graphical password prompt for disk decryption on ArchLinux
In my last post, I described how I enabled encryption on my Linux root partition. However, during boot up, it asked the password using a plain text prompt. I was not satisfied with the design and found that there's a better way: Plymouth.
Plymouth is a package that provides a themeable graphical boot process / splash screen all the way up to the login manager. This includes a graphical password prompt as well. Here are the steps I took to set this up:
1. First, I installed plymouth-git from the AUR. ArchWiki suggests plymouth-git instead of plymouth because it is actually less likely to cause problems for most users than the stable package.
2. Next, I updated the
HOOKS section in my
/etc/mkinitcpio.conf to include
HOOKS=(base systemd sd-plymouth autodetect modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck)
3. And regenerated the initramfs:
# mkinitcpio -P
4. Next, I added the following kernel parameters:
ArchWiki also suggests adding
vt.global_cursor_default=0, but my experience was better without it. With this option, the cursor in TTY terminals becomes hidden, not just for the boot sequence but even later.
With the above changes, after reboot, a nice password prompt is shown with a spinner image. But, this hid the beautiful OEM ROG logo that comes first at boot up. So, here are further tweaks I did to make it look as I wanted.
5. First, I tried using the built-in BGRT theme. This is a variation of the spinner theme that keeps the OEM logo if available (BGRT stands for Boot Graphics Resource Table).
# plymouth-set-default-theme -R bgrt
This did not show the spinner, but it still hid the OEM logo when asking for decryption password. Although it did show the logo again after password was entered. So, I guessed it just needed a little customization.
6. So, I made a copy of the bgrt theme to make my customizations.
# cd /usr/share/plymouth/themes # cp -r bgrt bgrt-custom # cd bgrt-custom # mv bgrt.plymouth bgrt-custom.plymouth
7. These are the changes I had to make in
bgrt-custom.plymouth to make it show the prompt like I wanted:
diff --git a/../bgrt/bgrt.plymouth b/bgrt-custom.plymouth index e8e9713..ca7a293 100644 --- a/../bgrt/bgrt.plymouth +++ b/bgrt-custom.plymouth @@ -30,8 +30,8 @@ Name[he]=BGRT Name[fa]=BGRT Name[fi]=BGRT Name[ie]=BGRT -Name=BGRT -Description=Jimmac's spinner theme using the ACPI BGRT graphics as background +Name=BGRT-Custom +Description=Customized Jimmac's spinner theme using the ACPI BGRT graphics as background ModuleName=two-step [two-step] @@ -39,9 +39,9 @@ Font=Cantarell 12 TitleFont=Cantarell Light 30 ImageDir=/usr/share/plymouth/themes//spinner DialogHorizontalAlignment=.5 -DialogVerticalAlignment=.382 +DialogVerticalAlignment=.75 TitleHorizontalAlignment=.5 -TitleVerticalAlignment=.382 +TitleVerticalAlignment=.75 HorizontalAlignment=.5 VerticalAlignment=.7 WatermarkHorizontalAlignment=.5 @@ -52,7 +52,7 @@ BackgroundStartColor=0x000000 BackgroundEndColor=0x000000 ProgressBarBackgroundColor=0x606060 ProgressBarForegroundColor=0xffffff -DialogClearsFirmwareBackground=true +DialogClearsFirmwareBackground=false MessageBelowAnimation=true [boot-up]
Basically, I tweaked
TitleVerticalAlignment to my liking. To set this custom theme, I ran:
plymouth-set-default-theme -R bgrt-custom
8. This looked perfect. But, I noticed that this increased by boot up time considerably. Plymouth was taking a long time before displaying the password prompt. On further digging, I found a parameter called
/etc/plymouth/plymouthd.conf with default value of 8 seconds.
According to this merge request, this was needed to keep support for certain AMD GPUs. I don't have and AMD GPU, and anyway I think Plymouth is using the EFI framebuffer for this splash screen, not the GPU. So, I reduced it to 2 seconds to make things faster.
srijan's blog Newsletter
Join the newsletter to receive the latest updates in your inbox.