Currently, anyone can unlock the phone. For added security, we should port slock (http://tools.suckless.org/slock/) and receive passwords from the onscreen keyboard.
Would be nice for sure to have a keyboard entry-style unlock / pin-code lockscreen. Originally I wanted to use slock, however would need to figure out a way to pop open svkbd and pass through input touchscreen input while slock is binding. So it's a bit tricky.
It would be nice to have a full keyboard or even arbitrary programs on top of the lock screen, but that can be a future goal, and given the age of this ticket I'm guessing it's a very tough one. In the meantime we could always build a numeric keypad right into the locking overlay, like Phosh does. Far from optimal, but certainly better than relying on the obscurity of the keybinds.
~kgp445 that was my idea for how to solve this issue and would accept a patch implementing it into sxmo.
As for numeric keypad, I want to allow users to passwords with letters and symbols in it so I would prefer if we had svkbd embedded into slock.
I would like to help but the relevant X mechanics are beyond me. I agree, a real keyboard would be better, but my concern is that it could still be some months out. I think an unoptimal solution is better than nothing, even if we tear it out later. A stop-gap measure, if you will.
I have a solution which is, essentially, svkbd-mobile-plain and a (coarse) slock in one ".c" . It is currently not tied into sxmo_lockscreen, so I'm not sure where to put it... (?) I still have to think what the best thing to do with it visually, so at the moment it is just a terminal window and a keyboard. If anyone has a use for it, see https://codeberg.org/iv/pinephone_sxmo_sxmo_lock. The makefile will install sxmo_lockscreen in usr/local. The functionality remains that of the old sxmo_lockscreen. Additionally you call it with --require-password or with the environment variable SXMO_LOCK_PASSWORD set to 1, in this case you will be greeted by a red keyboard when you try to unlock. Use at your own risk, still at bit rough around the edges. Technical info: the pointer/touch input is grabed by the on-screen keyboard and the "slock" grabs the keyboard input.
~iv, that codeberg link gives me a 404. The way you described it makes this sound very exciting!
Somehow the out url genertor included the '.' at the end, the link is: https://codeberg.org/iv/pinephone_sxmo_sxmo_lock
Hi ~iv, we want to use your code but please add a license to your project. craftyguy has packaged it for alpine.
~iv I managed to compile your code, it works well!
TODO:
- block out the desktop with a black screen so that only the keyboard is visible.
- use the default sxmo keyboard rather than the red keyboard that shows up
- document the --require-password flag in -h
Im thinking that we shouldn't use slock for this issue. osk-sdl from pmOS seems like a better solution and looking at their git log, theyve solved edge cases I couldnt have thought of and would be difficult to solve with svkbd+slock. For example, when a physical keyboard is connected....
https://gitlab.com/postmarketOS/osk-sdl
What do y'all think of stripping out the prompt+keyboard from osk-sdl for our screenlock? I trust pmOS's code to be more secure than some svkbd+slock hack and I think we should prioritize security over code reuse and configurability in this case.
Looks usable and will probably speed things up --
Personally I'd start somewhere around line 319 in main.cpp
In fact the slock+svkbd hack should work fine with a second keyboard. Even if you enter every other character of your password on the screen keyboard or do something crazy like that. Nevertheless, security should be prioritized, especially since with tinydm this will also be the way you log in after boot (I guess). There are also other potential security holes, like #86 .
Does this mean the X11 version of SXMO will still get a passworded lockscreen?
I have started a lock screen in wayland for linux mobile. I will post when I have a MVP :D
I have a mostly working prototype here: https://git.sr.ht/~anjan/peanutbutter
Im still trying to figure out how to best place the Sxmo hooks for this but it mostly works.