Skip to content

Commit ee14e2b

Browse files
committed
partitioning: avoid blocking initrd TTY during TPM2 unlock handoff
Start systemd-cryptsetup non-blocking to fix delayed TPM2 PIN input Signed-off-by: Vunny Sodhi <vunny.sodhi@unikie.com>
1 parent 0154482 commit ee14e2b

File tree

1 file changed

+6
-15
lines changed

1 file changed

+6
-15
lines changed

modules/partitioning/deferred-disk-encryption.nix

Lines changed: 6 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -71,26 +71,17 @@ let
7171
echo "Device is unlocked. Skipping..."
7272
exit 0
7373
fi
74-
echo "Device is encrypted but NOT unlocked. Attempting recovery..."
74+
echo "Device is encrypted but NOT unlocked. Handing off unlock to systemd-cryptsetup..."
7575
7676
# Ensure marker exists
7777
mkdir -p /run
7878
touch /run/cryptsetup-pre-checked
7979
80-
# Try to start the service
81-
echo "Starting systemd-cryptsetup@crypted..."
82-
systemctl start systemd-cryptsetup@crypted || true
83-
84-
# Wait for it
85-
for _ in {1..10}; do
86-
if [ -e "/dev/mapper/crypted" ]; then
87-
echo "Device unlocked successfully."
88-
exit 0
89-
fi
90-
sleep 1
91-
done
92-
echo "Failed to unlock device automatically."
93-
exit 1
80+
# Start unlock asynchronously and return immediately.
81+
# This avoids keeping tty-force attached while TPM2 PIN is requested.
82+
echo "Starting systemd-cryptsetup@crypted (non-blocking)..."
83+
systemctl start --no-block systemd-cryptsetup@crypted || true
84+
exit 0
9485
fi
9586
9687
# Check for installer/completion markers on the ESP partition.

0 commit comments

Comments
 (0)