Closed nailfarmer closed 4 years ago
Another alternative would be to give the user an option at install time to power off the machine after some number of failed unlock attempts.
Any thoughts?
Shutdown would probably be more appropriate. You now of course run the risk of losing work because someone mashed your keyboard but also this would be the more secure route. I vote for a shutdown on max failed auth attempts.
I agree, this probably makes the most sense. I've implemented this and increased the max auth attempts from 3 to 5. If anyone complains loudly, I'll put in an install-time option to control this behaviour.
What about hibernation instead of shutdown?
What about hibernation instead of shutdown?
Probably not workable in this context, for a few reasons.
If there's ever a chance in the future to revisit the interaction of suspend and hibernation in systemd, and in particular hybrid suspend, this would be interesting to investigate further.
As it stands, when a user mis-enters a password three times, the system attempts to put the machine back into S3 sleep. This eventually times out with a device or resource busy error. We need to see if we can either track down the offending process that is keeping the device from suspending, or find a way to re-prepare the machine for sleep.