Contributed by Peter N. M. Hansteen on from the bag heater no more dept.
Now OpenBSD-current has a fix for that, thanks to this commit by Klemens Nanni (kn@
). The commit message reads,
List: openbsd-cvs Subject: CVS: cvs.openbsd.org: src From: Klemens Nanni <kn () cvs ! openbsd ! org> Date: 2024-04-25 18:31:49 CVSROOT: /cvs Module name: src Changes by: kn@cvs.openbsd.org 2024/04/25 12:31:49 Modified files: sys/lib/libsa : softraid.c sys/arch/amd64/stand/boot: boot.8 sys/arch/amd64/stand/efiboot: Makefile.common cmd_i386.c conf.c efiboot.c efiboot.h Log message: Add boot.conf(8) 'mach idle [secs]' to halt at idle passphrase prompts
Enable users to power down their machines if there was no input after N seconds during disk descryption. Motivation is to save battery and prevent pocket heaters when notebooks unhibernate (e.g. lid accidentially opened) and sit at "Passphrase: ". Only available on efi(4) systems as the timeout is saved as EFI variable; mostly because that's trivial to do, but also because we lack a better mechanism to configure that and persist such data without the root disk. Discussed with many, starting at h2k23 OK Tests gnezdo
It is worth noting that this feature is only available on EFI systems configured with disk encryption (as one would have these days).
Thanks to Bryan Steele (brynet@
) for the heads up via the fediverse.
(Comments are closed)
By Anonymous Coward (2003:d2:5737:c500:39d9:789a:a382:47ba) on
Hi,
I've had weird powerups on my early 2015 MBP running OpenBSD. I do shut it down nightly with this:
https://gotweb.delphinusdns.org/?action=summary&path=x-shutdown.git
(btw having this program in xenodm login startup is awesome!)
So anyhow, whenever I shut this laptop down I have to remove the powerchord since it will power up magically by itself and chime at any hour of the night. Unplugging the chord seems to prevent that.
This addition is great too! BTW, I had OpenBSD running on a windows host in QEMU (still do actually, however I had to rebuild it) and what I found out is the following. With an encrypted partition the boot process from bootloader to kernel is really really slow. A load would take on the account of 20 min sometimes. I came to the conclusion that there must have been some overlapping sectors on the NTFS and the crypto partition and that caused horrendous slowdowns. What I do now is I have put the drive for OpenBSD on a Bitlocker partition and it is encrypted by NTFS. There is no crypto inside OpenBSD right now. Bootup resumed to be fast. While I'm on this subject.. have you heard of the passphrase for bitlocker partitions changing case? as in PASSword changing to password? Because that happened to me, and I'm baffled but feel lucky that I figured out the lower case password.
Keep up the good work!
-pjp
Comments
By Anonymous Coward (2003:d2:5737:c500:6147:1324:a5:aacb) on
turns out the battery has 1 Ah out of 65 Ah left on it. It's as good as dead. I knew this day would happen eventually. it's 9 years old and was falling apart/bulging etc etc. I think I'm going to purchase a new (non-intel/amd) laptop this year, until then I'll use the craptops (acer 1's) that I have still. :-) or should it be :-(
-pjp
By Sebastian Rother (2001:9e8:fab:5300:7da1:64f5:b492:2eb) on
Either you Guys add a CHEAVAT-Section or you patch the disk-Decryptor:
You can NOT USE NON-US-Chars in a Password since the DECRYPTOR will not switch your Keyboardlayout so you simply can not enter a "รถ" even you can use it during the INSTALLATION (where you can set the Keyboard Layout!). This renders your Installation COMPLETLY USELESS and you have to reinstall and use US-ASCII-only Passwords (wich allows faster Bruteforcing, limited Keyspace).
If you do use a SERIAL CONSOLE you can NOT DECRYPT your Installation since switihing the CONSOLE to SERIAL happens AFTER you DECRYPTED the Installation (wich is a BUG). So Encryption is COMPLETLY USELESS for embedded Devices (wich still can do contain sensetive Data!)
2 things for wich NOBODY cares....
Comments
By Anonymous Coward (49.12.42.182) on
Why are you so angry? When I get angry like that I threaten to fork the project however...then sanity kicks in and I realise this is a lot of effing work, it would kill me literally.
Also I see a complete make-over of your mood. Almost like there is two of you. Duality at its finest Dr. Hyde?
By Peter N. M. Hansteen (pitrh) peter@bsdly.net on http://bsdly.blogspot.com/
It is possible that a warning in a man page or FAQ that the boot loader does not use or know about any console configuration (stored in files on a yet to me mounted file system) could be useful.
Then again I can see any such carefully phrased patch not making it in since it really would only state the already obvious.
That said, if you think this issue is important enough, I would encourage you to put in the work.
Comments
By Sebastian Rother (83.135.73.210) on
Theo, and Core-Devs, do reject my Reports since i found an OffByOne in PF and I was Not credited sice Ibreported IT in a Beta andcTheobsaid "PF was Not enabled by Default", yet the RE!LEASE enabled IT. Back in the Times Henning commited...
What I Report is serious. Do you Trust Guys doing Crypto wich do fail at the Installer-Level and Render your Devices useless so you can Not deploy them? Seriously?! This proofs a Lack of understanding in the Fundamental BASICS of doing such Things. Or to be openly: Incompetence... or why would you Limit the Keyspace actively?
What i claim ist true. Issues in srrrval Places. OpenBSD would benefit of they stop adding Bullshit and e
nforce the Devs to fix Bugs. iSCSI anyone? WLAN with iwn? Get ownes usong NTFS.. in Kernel! NFS is brocken.. also in the Kernel...
And I alone, caring for my Famaly currently, should fix all the Obivious SHIT? What does the Foundation do? Why did OpenBSD lost Devs Like Henning and others? Even they so not liked me, they where competent..
It's Like repoting to stsp! Either he ignores IT or he focuses on INTEL where the Bugs relay in the Stack...
Theo Personaly IGNORES Burgreports from me, No Matter about the Sec-Level..
Never forget WHO donated a SCSI-Raid-Adapter as some Mainserver needed urgently a Replacement... some Devs Put IT Up Back then from my pers. Adresse...
But the Human Memory IS Like Openbsd-FS-Implementations, BE IT NFS, USB... it's faulty.
Comments
By Anonymous Coward (83.135.73.210) on
sorry vor the Typos, First ever Post via a Mobilephone
By anon (anonymouse) on
> What does the Foundation do?
The foundation's activities are limited. They raise and distribute funds to support project infrastructure and hackathons, and occasionally hardware for developers (replacing dead laptops, etc, for developers who can't do that themselves).