{"id":505,"date":"2024-04-02T22:46:16","date_gmt":"2024-04-02T20:46:16","guid":{"rendered":"https:\/\/xpam.pl\/blog\/?p=505"},"modified":"2024-04-02T22:46:16","modified_gmt":"2024-04-02T20:46:16","slug":"zfs-on-debian-load-key-keyboard-issues","status":"publish","type":"post","link":"https:\/\/xpam.pl\/blog\/?p=505","title":{"rendered":"ZFS on Debian: load-key keyboard issues"},"content":{"rendered":"<p>I have a systemd service which decrypts my ZFS dataset on boot. It essentially runs<\/p>\n<pre><code class=\"language-bash\">\/usr\/sbin\/zfs load-key -a<\/code><\/pre>\n<p>but randomly on some boots, my password is \"incorrect\" and by experimenting I figured out that if I type everything slowly it works almost every time, but if I type it fast it regularly fails.<\/p>\n<p>I suspect the issue must be somewhere in the realm of keyboard rate not being optimal during the boot sequence. The prompt for the boot drive which is encrypted ext4 has no such issues but it comes at a different stage in the boot sequence (before dataset) and the console looks different.<\/p>\n<p>I need to experiment with utils such as <em>kbdrate<\/em> to try and fix the problem but the bug is quite bizarre so I needed a practical workaround first.<\/p>\n<p>Because zfs load-key has invisible input, you have no idea what you are typing and which keys have registered, so I wrapped the whole thing in a bash script to display * for each character.<\/p>\n<p>This way I can actually see when a key press is missed and can repeat it.<\/p>\n<pre><code class=\"language-bash\">#!\/bin\/bash \n\nMAX_ATTEMPTS=3 \nattempt=0 \n\nwhile [ &quot;$attempt&quot; -lt &quot;$MAX_ATTEMPTS&quot; ]; do \n\u00a0\u00a0\u00a0printf &quot;ZFS load-key password (attempt $((attempt + 1)) of $MAX_ATTEMPTS): &quot; \n\u00a0\u00a0\u00a0PASSWORD=&quot;&quot; \n\n\u00a0\u00a0\u00a0while true; do \n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0char=$(dd bs=1 count=1 2&gt;\/dev\/null) \n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0if [ -z &quot;$char&quot; ] || [ &quot;$char&quot; = &quot;$(printf &#039;\\n&#039;)&quot; ]; then \n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0break \n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0fi \n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0printf &quot;*&quot; \n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0PASSWORD=&quot;${PASSWORD}${char}&quot; \n\u00a0\u00a0\u00a0done \n\n\u00a0\u00a0\u00a0echo &quot;$PASSWORD&quot; | \/usr\/sbin\/zfs load-key -a \n\n\u00a0\u00a0\u00a0if [ $? -eq 0 ]; then \n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0echo &quot;Password accepted. Exiting.&quot; \n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0exit 0 \n\u00a0\u00a0\u00a0else \n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0echo &quot;Incorrect password. Please try again.&quot; \n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0attempt=$((attempt + 1)) \n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0sleep 3 \n\u00a0\u00a0\u00a0fi \ndone \n\necho &quot;Maximum attempts reached. Exiting.&quot;\n\n<\/code>\r\nI also tried to wrap the prompt with plymouth with no success.\r\nIf I find the will to debug this cursed bug and find the proper solution expect a new blog post in the future.\r\n\r\n\r\n\r\n<\/pre>\n<div class=\"wp-post-signature\">\r\n<br \/>\r\n<br \/>\r\n<img src='https:\/\/xpam.pl\/aaaaff.png' title='Moonie' \/> Cen<br \/>\r\n<a href='https:\/\/github.com\/cen1'>GitHub<\/a><br \/>\r\n<a href='https:\/\/eurobattle.net'>Eurobattle.net<\/a><br \/>\r\n<a href='https:\/\/lagabuse.com'>Lagabuse.com<\/a><br \/>\r\n<a href='https:\/\/bnetdocs.org'>Bnetdocs<\/a><br \/>\r\n<\/div>\r\n","protected":false},"excerpt":{"rendered":"<p>I have a systemd service which decrypts my ZFS dataset on boot. It essentially runs \/usr\/sbin\/zfs load-key -a but randomly on some boots, my password is \"incorrect\" and by experimenting I figured out that if I type everything slowly it works almost every time, but if I type it fast it regularly fails. I suspect [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20,18],"tags":[],"class_list":["post-505","post","type-post","status-publish","format-standard","hentry","category-linux","category-script-magic"],"_links":{"self":[{"href":"https:\/\/xpam.pl\/blog\/index.php?rest_route=\/wp\/v2\/posts\/505","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xpam.pl\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xpam.pl\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xpam.pl\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/xpam.pl\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=505"}],"version-history":[{"count":3,"href":"https:\/\/xpam.pl\/blog\/index.php?rest_route=\/wp\/v2\/posts\/505\/revisions"}],"predecessor-version":[{"id":547,"href":"https:\/\/xpam.pl\/blog\/index.php?rest_route=\/wp\/v2\/posts\/505\/revisions\/547"}],"wp:attachment":[{"href":"https:\/\/xpam.pl\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=505"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xpam.pl\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=505"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xpam.pl\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=505"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}