Graphical password prompt for disk decryption on ArchLinux
In my last post, I described how I enabled encryption on my Linux root partition. However, during boot up, it asked the password using a plain text prompt. I was not satisfied with the design and found that there's a better way: Plymouth.
Plymouth is a package that provides a themeable graphical boot process / splash screen all the way up to the login manager. This includes a graphical password prompt as well. Here are the steps I took to set this up:
1. First, I installed plymouth-git from the AUR. ArchWiki suggests plymouth-git instead of plymouth because it is actually less likely to cause problems for most users than the stable package.
2. Next, I updated the
HOOKS section in my
/etc/mkinitcpio.conf to include
3. And regenerated the initramfs:
4. Next, I added the following kernel parameters:
ArchWiki also suggests adding
but my experience was better without it. With this option, the cursor
in TTY terminals becomes hidden, not just for the boot sequence but even
With the above changes, after reboot, a nice password prompt is shown with a spinner image. But, this hid the beautiful OEM ROG logo that comes first at boot up. So, here are further tweaks I did to make it look as I wanted.
5. First, I tried using the built-in BGRT theme. This is a variation of the spinner theme that keeps the OEM logo if available (BGRT stands for Boot Graphics Resource Table).
This did not show the spinner, but it still hid the OEM logo when asking for decryption password. Although it did show the logo again after password was entered. So, I guessed it just needed a little customization.
6. So, I made a copy of the bgrt theme to make my customizations.
7. These are the changes I had to make in
bgrt-custom.plymouth to make it show the prompt like I wanted:
Basically, I tweaked
TitleVerticalAlignment to my liking. To set this custom theme, I ran:
This looked perfect. But, I noticed that this increased by boot up time
considerably. Plymouth was taking a long time before displaying the
password prompt. On further digging, I found a parameter called
/etc/plymouth/plymouthd.conf with default value of 8 seconds.
According to this merge request, this was needed to keep support for certain AMD GPUs. I don't have and AMD GPU, and anyway I think Plymouth is using the EFI framebuffer for this splash screen, not the GPU. So, I reduced it to 2 seconds to make things faster.