Adjusting keyboard repeat rate for luks password during boot?

Is there a way to modify keyboard repeat rate for full disk encryption password?

Turning on the computer in the morning right after waken up gets pretty difficult sometimes due to brain dead connection to heavy fingers. I think slowing down the repeat rate would help avoid some of wrong password being typed out.

Fiddling around in Qubes system tools or working with kbdrate command have not gained anything fruitful.

Any pointers or guidance would be great.

Interesting question. I am not aware of a way to do this. Is the problem that your finger sometimes lingers on a key too long, resulting in that character being repeated multiple times instead of just once?

Yes, that is precisely the it. Sometimes my fingers aren’t nimble enough to lift a key stroke on time, which results in one or two repeated characters being slipped off unnoticed.

This is not a huge deal for the most part but I know there are paranoid users with crazy long password who occasionally suffer the same issue as I do either in the morning before coffee or late at night after some alcohol or who knows what. Or is that just me…?

As long as it’s not compromising the security, I would love to get some help on this.

I haven’t tried any of it, but does the content at the bottom of this
Arch Wiki page help at all?

You should be able to have that command/service included in initramfs
and run on boot before the password prompt.

In System Tools>> Keyboard>> Behaviour>> Typing Settings>> Repeat Speed & Repeat delay
Does it work for you?

Sadly, editing Keyboard settings from System Tools only begins to work from user account login prompt, not from full disk encryption prompt.

I don’t know if there’s an addition step I need to take to have the service included in initramfs but just looking at the ArchWiki link, here is what I did:

sudo nano /usr/lib/systemd/system/kbdrate.service

[Unit]
Description=Keyboard repeat rate in tty.

[Service]
Type=oneshot
RemainAfterExit=yes
StandardInput=tty
StandardOutput=tty
ExecStart=/usr/bin/kbdrate -s -d 500 -r 2

[Install]
WantedBy=multi-user.target

I changed repeat value as 2 for the testing purpose.

sudo systemctl enable kbdrate

reboot

See that it didn’t work, systemctl disable kdbrate, edit, enable and reboot from basic.target, cryptsetup-pre.target, cryptsetup.target, getty.target, graphical.target, sysinit.target just to see what happens but none of them worked so far.

[Unit]
Description=Keyboard repeat rate in tty.

[Service]
Type=oneshot
RemainAfterExit=yes
StandardInput=tty
StandardOutput=tty
ExecStart=/usr/bin/kbdrate -s -d 500 -r 2

[Install]
WantedBy=multi-user.target

What happens if you change this line to WantedBy=cryptsetup-pre.target
That should get systemd to try to execute it before running cryptsetup.

You may also need to add a dracut module to pull in the relevant
executables, but try the above first.

Yes, I did change the last line to WantedBy=cryptsetup-pre.target but nothing happened.

Can you walk me through on how to add dracut module?

Having not done it myself, I can’t exactly walk you through it. But I
can point you in a few directions.

Have a look at the file
/usr/lib/dracut/modules.d/90crypt/module-setup.sh. This is the file
dracut runs to put cryptsetup binaries and config in the initramfs. Line
87 for example, includes the crypttab. You may be able to add kbdrate
file here. I believe cryptroot-ask.sh is responsible for actually
requesting the password. Adding the kbdrate command to the top of this
file should have it execute before requesting the password.

Finally, run dracut -f --regenerate-all to have your changes included.

Note that these will be overwritten by any updates, though considering
we are on Fedora 25, I can’t see this happening any time soon.

Oops, I didn’t see that…

Thank you, Jarrah! It worked!!

So the quick summery:

In dom0:
sudo nano /usr/lib/dracut/modules.d/90crypt/module-setup.sh

Above the line 60, inst_hook cmdline 30 “$moddir/parse-crypt.sh”
Insert:
inst /usr/bin/kbdrate

Save

In dom0:
sudo nano /usr/lib/dracut/modules.d/90crypt/crypt-lib.sh

Above the line 32, # ask_for_password
Insert:
kbdrate -s -r xx -d xxx

Save

Create an initramfs to the latest image:
sudo dracut -fv /boot/initramfs-x.xx.xxx-x.pvops.qubes.x86_64.img x.xx.xxx-x.pvops.qubes.x86_64

Reboot

Replace x with right number, of course, and the line numbers might not be 100% accurate but they are close enough to find the right line.

Please give me a feedback especially if there’s any improvement that I can make or if there’s better solution but for now this is a pretty good solution that I can live with!

Thank you again Jarrah for your help.

And now it’s time to log in under the influence!!