init/luks: extend ctx cancellation to FIDO2-PIN and TPM2-PIN prompts#356
Merged
Merged
Conversation
Threads ctx context.Context into recoverFido2Password, recoverSystemdFido2Password, and recoverSystemdTPM2Password. The PIN prompts in those functions previously called askPasswordWithFallback with context.Background() and could not be cancelled when a sibling unlock succeeded. With ctx propagated, every console password prompt — keyboard-passphrase, FIDO2-PIN, TPM2-PIN — now dismisses cleanly. recoverTokenPassword (already ctx-aware after anatol#354) updates its two systemd-token call sites to pass ctx through. Pure additive — no behavioural change beyond extending the cancellation reach. Also drops three stale comments left in anatol#355 that referenced this upcoming work in internal-planning vocabulary; reworded to factually describe the current state.
anatol
pushed a commit
that referenced
this pull request
May 6, 2026
Two changes that together close out the console UX for booster's
concurrent unlock pipeline:
1. Prompt-aware statusMessage redraw. statusMessage now consults the
active prompt before printing to console. If a passphrase prompt
is on screen and its volume hasn't been unlocked yet, the current
line is erased, the message prints, and the prompt is reprinted
below — cursor stays at the bottom, asterisk count preserved.
The new promptVolumeUnlocked helper lets statusMessage skip the
redraw when the prompt's volume is already unlocked, avoiding
reprinting a stale prompt that ctx-cancel hasn't yet torn down.
readPasswordOn now sets consolePrompt.{active,text,done} during
each prompt — fields declared in #355 that become load-bearing
only now that statusMessage consumes them.
2. Token-unlock confirmation. recoverTokenPassword fires
statusMessageTimed("X unlocked via Y", 3s) on success. After
#355 and #356 cleanly dismiss prompts when a sibling token wins
the race, the user previously saw nothing telling them what
happened — boot just continued. This adds the missing
confirmation. tokenFriendlyName provides the short label per
token type; statusMessageTimed clears the message after 3s so
it doesn't linger.
5 tasks
pilotstew
added a commit
to pilotstew/booster
that referenced
this pull request
May 14, 2026
Adds a new NOTES subsection covering the concurrent-unlock model that landed across PRs anatol#350, anatol#353, anatol#355, anatol#356, anatol#357, anatol#358, and anatol#362: PIN-token serialization in ascending LUKS2 token-ID order, cancel-on-win semantics for keyboard/FIDO2-PIN/TPM2-PIN prompts on both the console and the Plymouth splash (with the MR !393 caveat for older Plymouth builds), and the per-token 3-attempt PIN cap with empty-PIN skip. Trims two paragraphs from the existing 'Password entry' subsection (auto-dismiss and PIN attempts) now that the new section covers them in fuller context. 'Password entry' keeps the Ctrl+W / Ctrl+U / Tab edit-key reference.
anatol
pushed a commit
that referenced
this pull request
May 14, 2026
Adds a new NOTES subsection covering the concurrent-unlock model that landed across PRs #350, #353, #355, #356, #357, #358, and #362: PIN-token serialization in ascending LUKS2 token-ID order, cancel-on-win semantics for keyboard/FIDO2-PIN/TPM2-PIN prompts on both the console and the Plymouth splash (with the MR !393 caveat for older Plymouth builds), and the per-token 3-attempt PIN cap with empty-PIN skip. Trims two paragraphs from the existing 'Password entry' subsection (auto-dismiss and PIN attempts) now that the new section covers them in fuller context. 'Password entry' keeps the Ctrl+W / Ctrl+U / Tab edit-key reference.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this PR does
Threads
ctx context.ContextintorecoverFido2Password,recoverSystemdFido2Password, andrecoverSystemdTPM2Password. The PIN prompts in those functions previously calledaskPasswordWithFallback(context.Background(), ...)and could not be cancelled when a sibling unlock succeeded. With ctx propagated, every console password prompt — keyboard-passphrase, FIDO2-PIN, TPM2-PIN — now dismisses cleanly when a non-interactive token (TPM2 PCR-only, touchless FIDO2, or clevis) wins the unlock race.Closes the gap acknowledged in #355: the keyboard-passphrase prompt cancellation that landed there now extends to PIN prompts as well.
Scope
Pure additive — no behavioural change beyond extending the cancellation reach:
recoverFido2Password/recoverSystemdFido2Password/recoverSystemdTPM2Passwordtakectx context.Contextas their first parameter.recoverTokenPassword(already ctx-aware after init/luks: convert done channel to context.Context #354) passes ctx through to its two systemd-token call sites.context.Background()placeholders init/console: replace cooked-mode reader with raw-mode CSI scanner #355 added at the FIDO2-PIN and TPM2-PIN call sites are replaced with the threadedctx.Cleanup
Drops three stale comments left in #355 that referenced this upcoming work in internal-planning vocabulary. Reworded to factually describe the current state — most of them were already going to be edited by this PR (the
context.Background()placeholders they accompanied are now gone), and one inconsole_input.gois fixed in passing.