Autologin depending on the unlocking LUKS key slot
(Attention: this is a only a proof of concept without error checking and testing... Use with care and on your own risk!!!)Modify initramfs:
- /usr/share/initramfs-tools/scripts/local-top/cryptroot
- new:
if [ ! -e "$NEWROOT" ]; then if ! crypttarget="$crypttarget" cryptsource="$cryptsource" \ $cryptkeyscript "$cryptkey" | $cryptopen -v > /run/initramfs/cryptsetup.out ; then message "cryptsetup: cryptsetup failed, bad password or options?" continue fi fi busybox cat /run/initramfs/cryptsetup.out
- old:
if [ ! -e "$NEWROOT" ]; then if ! crypttarget="$crypttarget" cryptsource="$cryptsource" \ $cryptkeyscript "$cryptkey" | $cryptopen; then message "cryptsetup: cryptsetup failed, bad password or options?" continue fi fi
Script to generate LightDM-Config
/usr/share/lightdm/gen-50-autologin.sh
#!/bin/bash
set -e
if grep "Key slot 0 unlocked" /run/initramfs/cryptsetup.out; then
echo -e "[Seat:*]\nautologin-user=##USER0##" > /usr/share/lightdm/lightdm.conf.d/50-autologin.conf
elif grep "Key slot 1 unlocked" /run/initramfs/cryptsetup.out; then
echo -e "[Seat:*]\nautologin-user=##USER1##" > /usr/share/lightdm/lightdm.conf.d/50-autologin.conf
else
rm -f /usr/share/lightdm/lightdm.conf.d/50-autologin.conf
fi
Modify systemd-config to include this script
/lib/systemd/system/lightdm.service Replace ExecStart-entry by:ExecStart=/bin/sh -c '/usr/share/lightdm/gen-50-autologin.sh; /usr/sbin/lightdm'