0

I suspect this is a dumb question but is it possible to get Displaylink drivers running before the LUKS drive encryption password is required during the boot process.

When I boot I have to open my laptop to input the password on boot and reboot steps.

I recognize that the drive is encrypted and that this implies that the operating system is essentially not accessible for the most part. I am not sure if there is some method of splitting the boot partition that allows for a grub enabled pre-environment with sufficient DisplayLink drivers to operate before moving to boot the LUKS encrypted partition that contains the full operating system

If there is some method to support this please point me in the right direction.

Whilst I can remove LUKS from the equation, I would prefer not to at this time. It's an inconvenience but not something I would like to forego.

If the is some way to avoid LUKS on reboot that is initiated from the OS for the next reboot, that would also be suitable, because at least I only need to do this once time when first connecting to my desktop setup.

  • Beaster
Beaster
  • 3
  • it's worth noting that I have a USB 3 display link Dell D3100 setup, the laptop also has a USB-C and one HDMI port. I'd prefer not to use the HDMI port as the additional cables make docking more problematic. – Beaster Dec 06 '19 at 00:11
  • Why not just encrypt your home partition instead of the entire drive? – darksky Dec 06 '19 at 01:06
  • Mainly because I am not confident the OS could not be compromised leading to compromising the home partition. – Beaster Dec 06 '19 at 06:10
  • Hmm. Encryption doesn't protect you from a compromised system though. If a remote hacker gains access to your machine, they have access to everything as much as you do. Encryption is more so supposed to prevent someone from stealing your hard-drive physically or booting from a live USB and accessing your data that way. – darksky Dec 06 '19 at 07:33
  • BIOs is password secured, Evil Maid is blocked, UEFI boot is locked to the SSD drive itself , USB boot is blocked, Bluetooth is disabled, there really isn't much more you can to do block try and access the disk before it's booted. There are plenty of OS auto play USB tools around that will compromise the OS as long as it's properly booted and default USB insertion handlers are running. Encrypting the disk is about the only way to stop the system from being fully compromised. – Beaster Dec 06 '19 at 11:44
  • Encrypting the disk stops it from fully booting vs password locking the boot in bios which leaves you with an unprotected operating system that has booted. I opened the thread to see if there was some way to enable DisplayLink without fully booting the OS. – Beaster Dec 06 '19 at 12:00

1 Answers1

0

One solution or a work-around is not to use password asked on prompt on screen, but a key file on USB key/SD card/whatever, for example.

The boot will automatically find the key on USB to boot. Then, you remove the key once boot is finished (by umounting if need be).

You can either use a binary key hidden in post-MBR gap of a MBR key or a file in a fs on the key.

I don't know the details of your install so I can't guide you through this; and I don't know well the full -encryption setup in ubuntu either.

solsTiCe
  • 9,231
  • Yeah, this was the option I was considering, I was looking at something like Yubi-key since it has other benefits outside of this. This other thread seemed to be a good option https://askubuntu.com/questions/599825/yubikey-two-factor-authentication-full-disk-encryption-via-luks – Beaster Dec 08 '19 at 04:06