~mil/sxmo-tickets#44: 
sxmo-utils: port slock and use to lock screen

Currently, anyone can unlock the phone. For added security, we should port slock (http://tools.suckless.org/slock/) and receive passwords from the onscreen keyboard.

Status
REPORTED
Submitter
~anjan
Assigned to
No-one
Submitted
3 years ago
Updated
3 months ago
Labels
feature

~mil 3 years ago

Would be nice for sure to have a keyboard entry-style unlock / pin-code lockscreen. Originally I wanted to use slock, however would need to figure out a way to pop open svkbd and pass through input touchscreen input while slock is binding. So it's a bit tricky.

~kgp445 3 years ago

It would be nice to have a full keyboard or even arbitrary programs on top of the lock screen, but that can be a future goal, and given the age of this ticket I'm guessing it's a very tough one. In the meantime we could always build a numeric keypad right into the locking overlay, like Phosh does. Far from optimal, but certainly better than relying on the obscurity of the keybinds.

~anjan 3 years ago

~kgp445 that was my idea for how to solve this issue and would accept a patch implementing it into sxmo.

As for numeric keypad, I want to allow users to passwords with letters and symbols in it so I would prefer if we had svkbd embedded into slock.

~kgp445 3 years ago

I would like to help but the relevant X mechanics are beyond me. I agree, a real keyboard would be better, but my concern is that it could still be some months out. I think an unoptimal solution is better than nothing, even if we tear it out later. A stop-gap measure, if you will.

~iv 3 years ago*

I have a solution which is, essentially, svkbd-mobile-plain and a (coarse) slock in one ".c" . It is currently not tied into sxmo_lockscreen, so I'm not sure where to put it... (?) I still have to think what the best thing to do with it visually, so at the moment it is just a terminal window and a keyboard. If anyone has a use for it, see https://codeberg.org/iv/pinephone_sxmo_sxmo_lock. The makefile will install sxmo_lockscreen in usr/local. The functionality remains that of the old sxmo_lockscreen. Additionally you call it with --require-password or with the environment variable SXMO_LOCK_PASSWORD set to 1, in this case you will be greeted by a red keyboard when you try to unlock. Use at your own risk, still at bit rough around the edges. Technical info: the pointer/touch input is grabed by the on-screen keyboard and the "slock" grabs the keyboard input.

~iv referenced this from #240 3 years ago

~anjan 3 years ago

~iv, that codeberg link gives me a 404. The way you described it makes this sound very exciting!

~iv 3 years ago

Somehow the out url genertor included the '.' at the end, the link is: https://codeberg.org/iv/pinephone_sxmo_sxmo_lock

~anjan 2 years ago

Hi ~iv, we want to use your code but please add a license to your project. craftyguy has packaged it for alpine.

~anjan 2 years ago

~iv I managed to compile your code, it works well!

TODO:

  1. block out the desktop with a black screen so that only the keyboard is visible.
  2. use the default sxmo keyboard rather than the red keyboard that shows up
  3. document the --require-password flag in -h

~anjan referenced this from #163 2 years ago

~anjan 2 years ago*

Im thinking that we shouldn't use slock for this issue. osk-sdl from pmOS seems like a better solution and looking at their git log, theyve solved edge cases I couldnt have thought of and would be difficult to solve with svkbd+slock. For example, when a physical keyboard is connected....

https://gitlab.com/postmarketOS/osk-sdl

What do y'all think of stripping out the prompt+keyboard from osk-sdl for our screenlock? I trust pmOS's code to be more secure than some svkbd+slock hack and I think we should prioritize security over code reuse and configurability in this case.

~noneofyourbusiness 2 years ago

Looks usable and will probably speed things up --

Personally I'd start somewhere around line 319 in main.cpp

~iv 2 years ago

In fact the slock+svkbd hack should work fine with a second keyboard. Even if you enter every other character of your password on the screen keyboard or do something crazy like that. Nevertheless, security should be prioritized, especially since with tinydm this will also be the way you log in after boot (I guess). There are also other potential security holes, like #86 .

~kavuskazian 2 years ago

Does this mean the X11 version of SXMO will still get a passworded lockscreen?

~anjan 8 months ago*

I have started a lock screen in wayland for linux mobile. I will post when I have a MVP :D

~anjan 3 months ago

I have a mostly working prototype here: https://git.sr.ht/~anjan/peanutbutter

Im still trying to figure out how to best place the Sxmo hooks for this but it mostly works.

Register here or Log in to comment, or comment via email.