Vincent43

What's practical difference between this and using an empty password?

I think you greatly overestimate kwallet security. It's barely maintained tool with outdated encryption algorithms. It's better to treat it as management tool not security tool. For protecting user account...

@Grief My point is that you can achieve the same thing with empty kwallet password without writing single line of code.

Well, we are talking only about kwallet here. Sddm password protection is fully compatible with autologin. I don't know if pam plugin for keepass even exist. For your usecase perhaps...

I assume when you want to use password only once for unlocking encrypted volume and logging into desktop session you want it to work unconditionally. The only difference with using...

You are right , however using gnome-keyring with sddm is a weird choice when gdm exist :smile: . I'm not opposing systemd keyring integration but keeping in mind that sddm...

Passing unquoted variable is something we want to avoid. Were the additional parameters about detached header? It's also possible to [store LUKS options in header](https://man.archlinux.org/man/cryptsetup-config.8)

Yeah so we had proposal for adding headers option [before](https://github.com/agherzan/yubikey-full-disk-encryption/pull/65). The `cryptsetup config --header=/header-luks.img ` also should work

Hi, that's unfortunate situation, backups in some form (challenge, whole passkey, alternate password) are always strongly recommended for such cases I hope you had one of them. Beside that I...

> $ mount|grep boot|cut -d' ' -f3|sort|head -n 1 > /boot On my system `/boot` isn't boot partition and it's encrypted so storing challenge there will be useless. Solution that...