Get Plymouth to show password prompt for encrypted root

Hi there,

I am trying out NixOS in VirtualBox, and I am seriously considering moving to it as my main distro. As part of my testing, I am trying to get Plymouth to show the password prompt for my encrypted root partition.

I have been following Plymouth does not show password prompt with encrypted root · Issue #26722 · NixOS/nixpkgs · GitHub.

My current configuration has a /boot that is unencrypted, and / that is luks encrypted. At first I was surprised that NixOS was not even asking for a password to boot. For that I had to comment the line
boot.initrd.luks.devices."luks-xxx".keyfile = "/crypto_keyfile.bin" .

I configured NixOS 22.11 with

boot.initrd.systemd.enable = true;
boot.plymouth.enable = true;
boot.plymouth.theme = "breeze";
environment.systemPackages = with pkgs; [
  plymouth
  breeze-plymouth
];

I get a line Show Plymouth Boot Screen, and then the text prompt as below:

I get these lines in the logs about plymouth: plymouth.log

It seems that other people were able to get a graphical password prompt from plymouth, such as @naufik, @Majiir, and @nomeata.
What am I doing differently and how can I get the graphical password prompt?

I’ve unfortunately stopped using plymouth since while I get a graphical prompt, it has other issues. The most troublesome issue is that everytime the laptop display turns off automatically - it gets stuck on the plymouth screen with no password prompt being visible and no way to exit.

This was on 22.05 though, so I may try this again on 22.11. I’ll let you know how I go if I do

I also have plymouth and use it to enter my root FS password. All I needed for it to work was:

  boot.initrd.systemd.enable = true;
  boot.plymouth.enable = true;
  boot.kernelParams = ["quiet"]; # Pretty sure this one's optional.

I’m pretty sure I didn’t need any kind of kernel module or firmware for it to work, but maybe some hardware does?

Alright, so what I did was to create two new NixOS virtualbox installations, this time with the efi vbox option turned on.

• box 1: /boot/efi as fat32 and / as encrypted ext4
• box 2: /boo/efi as fat32, /boot unencrypted ext4, and / as encrypted ext4

In both cases, I get a nice graphical prompt with only adding the two lines to the default NixOS configuration:

  boot.initrd.systemd.enable = true;
  boot.plymouth.enable = true;

So it seems in case of EFI, it is not necessary to have a separate /boot partition, since we already have a separate /boot/efi separate partition.
It also seems that the plymouth graphical password prompt does not come up in BIOS mode. I am not too worried since most hardware has EFI nowadays.

However, sometimes, after the drive is successfully unlocked, the boot gets stuck in plymouth. The spinner does not spin anymore.

When in the graphical prompt for luks password, I am able to press ESC to get back to the textual mode. In that case, the boot sequence gets stuck as well, with these lines:

or slightly later:

And sometimes I am actually able to boot. I think that if I wait for enough time before entering the password, it works fine.

This might be hardware related, and probably is specific to running in a VM.

I will try this out on my laptop physical hardware later.

Update: it works fine on actual hardware.
I have

  boot.initrd.systemd.enable = true;
  boot.plymouth.enable = true;

To enable plymouth graphical password prompt, and I added boot.kernelParams = [ "quiet" ]; to have no text before that, only a black screen. I am happy with the experience. Thanks to those who replied here.

This solved the issue for me!

Does anyone experience a delay to show the password prompt? I’m getting like 5-7s of black screen before the prompt appears, disabling plymouth shows the password prompt instantly.