I ran the smartcard-key-luks script to try to get the librem key to unlock the disk instead of using a password… but that pinentry popup doesn’t seem to work right.
When the boot process gets to the point where the screen clears and the box with “Please unlock the card” appears (with a prompt for “PIN:” and “OK” and “Cancel” buttons), I see the following two behaviors:
It only intermittently reads keystrokes. When I type the PIN, there is only a 75% chance that the keystroke will be accepted and a “*” placed on the PIN prompt line.
It seems there is no way to press “OK”. In other words, if I type the PIN, then hit Enter, nothing happens. If I tab to the “OK” button and hit Enter, nothing happens. Eventually the pin entry times out, and it reprompts me for the PIN.
Anyone see this? Any idea how this could be resolved? I tried a bunch of things that had no effect already - but I’m just taking stabs in the dark. Some things I’ve tried:
Add splash/nosplash to kernel args: no effect
Added (and removed) ASKPASS, PLYMOUTH, PCSC from the list of kernel modules in /etc/cryptsetup-initramfs/conf-hook, then rebuilt initramfs: no effect
Note that I may not have tried all of the different combinations
of y/n for each of those modules.
This is on a Librem 13 (v2), “Release-30” of Pureboot, and a fresh install of Debian 13.
The smartcard-key-luks script I mentioned is here:
Debian 11 would be for fault isolation only e.g. if script works perfectly with Debian 11 then you would surmise that something has changed adversely between Debian 11 and Debian 13 and the script probably needs changes to work with Debian 13.
Hi @irvinewade , I was able to test a few versions of Debian and PureOs to compare on a Librem Mini (v2). Each time I installed a new OS I only installed ‘scdaemon’ if needed, and then ran the smartcard-key-luks script. I didn’t update any software unless specified (so all the package versions are what came with the installer ISO).
Debian 12.13.0: similar behavior to the above. The keyboard seems to work better at first (keystrokes from A-Z and 0-9 work fine), but when pressing ENTER, a “*” appears on the PIN line instead of “entering” the actual PIN. Tabbing to “OK” and hitting ENTER does nothing either. I did notice that if you wait awhile (or maybe if you hit ENTER too many times), it gets into a state where it doesn’t accept any more keystrokes and it stays on the “Please unlock the card” screen.
Debian 11.11.0 (kernel 5.10.0-32): similar behavior to the above (keys work but ENTER does not).
Pureos 10.3 (kernel 5.10.0-23): the pinentry popup works fine. I was able to enter the PIN, press ENTER, and the system decrypted my drive and booted just fine.
I updated all the software using apt, and it still behaved correctly. (Kernel is now 5.10.0-38)
Any advice for fixing this behavior on Debian would be most appreciated…
Depends on whether you have the skills to fix it yourself or you just want to report it to Purism.
Also, if you are motivated, testing on PureOS crimson may get better attention from Purism (if it doesn’t work). (I assume the PureOS that you were testing with is byzantium.)
And no, I don’t have the skills to fix it myself. I was going to compare the changes to /boot and /etc made by that script on the various OSes to try to identify what is not working properly on Debian. But beyond that, I don’t know what else to do.
Best I could find quickly is Upgrade to crimson? - #3 by FranklyFlawless - with link in post - but that appears to be quite old. If all you want to do is install that as a fresh install to see whether crimson (PureOS 11 based on Debian 12) exhibits flakiness with PIN entry or not, it may be OK. But really you should hunt further for something more current.
Actual incantation is lsb_release -c for the definitive check on the release codename.