I have a systemd service which decrypts my ZFS dataset on boot. It essentially runs
/usr/sbin/zfs load-key -abut randomly on some boots, my password is “incorrect” and by experimenting I figured out that if I type everything slowly it works almost every time, but if I type it fast it regularly fails.
I suspect the issue must be somewhere in the realm of keyboard rate not being optimal during the boot sequence. The prompt for the boot drive which is encrypted ext4 has no such issues but it comes at a different stage in the boot sequence (before dataset) and the console looks different.
I need to experiment with utils such as kbdrate to try and fix the problem but the bug is quite bizarre so I needed a practical workaround first.
Because zfs load-key has invisible input, you have no idea what you are typing and which keys have registered, so I wrapped the whole thing in a bash script to display * for each character.
This way I can actually see when a key press is missed and can repeat it.
#!/bin/bash
MAX_ATTEMPTS=3
attempt=0
while [ "$attempt" -lt "$MAX_ATTEMPTS" ]; do
printf "ZFS load-key password (attempt $((attempt + 1)) of $MAX_ATTEMPTS): "
PASSWORD=""
while true; do
char=$(dd bs=1 count=1 2>/dev/null)
if [ -z "$char" ] || [ "$char" = "$(printf '\n')" ]; then
break
fi
printf "*"
PASSWORD="${PASSWORD}${char}"
done
echo "$PASSWORD" | /usr/sbin/zfs load-key -a
if [ $? -eq 0 ]; then
echo "Password accepted. Exiting."
exit 0
else
echo "Incorrect password. Please try again."
attempt=$((attempt + 1))
sleep 3
fi
done
echo "Maximum attempts reached. Exiting."
I also tried to wrap the prompt with plymouth with no success.
If I find the will to debug this cursed bug and find the proper solution expect a new blog post in the future.
Cen