Passphrase timeout for disk decryption at boot added (potential battery lifesaver)
List: openbsd-cvs Subject: CVS: cvs.openbsd.org: src From: Klemens Nanni <kn () cvs ! openbsd ! org> Date: 2024-04-25 18:31:49 CVSROOT: /cvs Module name: src Changes by: kn@cvs.openbsd.org 2024/04/25 12:31:49 Modified files: sys/lib/libsa : softraid.c sys/arch/amd64/stand/boot: boot.8 sys/arch/amd64/stand/efiboot: Makefile.common cmd_i386.c conf.c efiboot.c efiboot.h Log message: Add boot.conf(8) 'mach idle [secs]' to halt at idle passphrase prompts Enable users to power down their machines if there was no input after N seconds during disk descryption. Motivation is to save battery and prevent pocket heaters when notebooks unhibernate (e.g. lid accidentially opened) and sit at "Passphrase: ". Only available on efi(4) systems as the timeout is saved as EFI variable; mostly because that's trivial to do, but also because we lack a better mechanism to configure that and persist such data without the root disk. Discussed with many, starting at h2k23 OK Tests gnezdo
It is worth noting that this feature is only available on EFI systems configured with disk encryption (as one would have these days).
