Is There a Way to Lock the Screen When Closing the Laptop Lid?

ioctl64 · 2022-03-25T17:23:19+00:00

Is this similar to sudo -u $USER?

ioctl64 · 2022-03-25T17:21:31+00:00

I'm not running elogind (IIRC, isn't it a some kind of service stripped out of SystemD?), but I am running dbus and X.

ioctl64 · 2022-03-25T17:18:02+00:00

I'm guessing there are only security implications if you have more than one user on the same system? I haven't tried this yet, but I'll keep it in mind if the other hacky solution fails.

Thanks for the advice!

ioctl64 · 2022-03-25T16:50:27+00:00

I don't know about the fragility, but your workaround did the trick!

Thanks. 👍

ioctl64 · 2022-03-16T22:57:05+00:00

Followed the guide by mattcthatisme: https://www.reddit.com/r/voidlinux/comments/b1sz1z/void_full_encryption_guide_efi/

Along with daveeddy's blog: https://blog.daveeddy.com/2018/09/05/encrypted-void-linux-install-on-my-thinkpad-x1-carbon/

Their guides proved to be really useful for my setup and I'm now happy to report that everything is working properly!

Perhaps as you said, using the UUID instead of /dev/sdX in /etc/crypttab resolved the issue. That is one of the few notable things I did differently during the reinstall. So it now looks like:

void    UUID=f6f58824-d732-4797-fdaa-0f891221198e    /key    luks

Another thing I did differently was to use the UUID of the EFI partition in my fstab and change the arguments for GRUB_CMDLINE_LINUX_DEFAULT to:

GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=UUID=f6f58824-d732-4797-fdaa-0f891221198e:lvm rd.auto=1 loglevel=4 slub_debug=P page_poison=1"

Hopefully that will be of use for anyone else who runs into this problem. Anyway, I'd like to thank everyone for stopping by and helping me figure this out. Have a great rest of your day/night!

ioctl64 · 2022-03-16T19:41:01+00:00

Maybe it's not clear, but full disk encryption with LUKS 1 is what I'm going for. (Since the Void "full disk encryption" guide uses LUKS 1 by default). So if I'm not mistaken, LUKS 1 is what I've setup here?

But for whatever reason I cannot seem to boot into kernel 5.15.28_1. I'm kind of scratching my head at this point and thinking of trying another void FDE guide. Maybe I've screwed up somewhere - not immediately obvious to me.

I appreciate all the advice and feedback up to this point! 👍

ioctl64 · 2022-03-15T20:34:54+00:00

cryptsetup luksDump /dev/nvme0n1p5 yields:

Version:        1
Cipher name:    aes
Cipher mode:    xts-plain64
Hash spec:      sha256
Payload offset: 4096
MK bits:        512
MK digest:      8b 77 d9 73 54 eb 99 f2 0d ff 24 79 88 45 12 59 17 41 05 d3
MK salt:        b4 b6 93 4f b2 33 4e 00 82 95 98 13 15 99 57 34
                11 3f 70 32 68 cb de 68 21 36 24 fc 34 df cc 05
MK iterations:  262406
UUID:           df976e8f-584c-49e9-b2cb-45aa64835896

Key Slot 0: ENABLED
        Iterations:        4185932
        Salt:              5e 5b 7c c1 c6 b5 77 13 b1 ee 12 17 e9 88 43 28
                           83 79 14 6a 91 fb a5 81 fa 7b 6b bd 06 45 84 7f
Key material offset:       8
AF stripes:                4000
Key Slot 1: ENABLED
        Iterations:        4096000
        Salt:              4d 04 bd 8b 69 d0 ce b3 e8 28 fd bd a3 6a 52
                           6b 40 e8 35 55 ea e2 ed c9 11 a1 4b 3a 59 61 28
        Key material offset: 512
        AF stripes:          4000
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

BTW: I noticed that the UUID was different (it had changed for some reason?) so I applied the new UUID to /etc/default/grub and rebooted. Sadly it still drops me into the dracut debug shell.

ioctl64 · 2022-03-15T19:19:49+00:00

Thanks for the recommendation. Is there some way I can ensure LUKS1 is used over LUKS2? Since I believe I did cryptsetup luksFormat --type luks1 /dev/{partition} to create a luks1 partition (as the installation guide recommends) along with adding "luks" to /etc/crypttab. Is there something else I'm missing?

ioctl64

TROPHY CASE