print and update the timestamp on the TOTP while waiting for disk unlock code

Author: osresearch

initrd/bin/unseal-key

@@ -22,15 +22,59 @@ tpm nv_readvalue \
 	-of "$sealed_file" \
 || die "Unable to read key from TPM NVRAM"
 
-for tries in 1 2 3; do
-	tpm_password=
-	while [ -z "$tpm_password" ]; do
-		unseal-totp || die "TOTP code generation failed"
 
-		read -s -p "Disk unlock password: " tpm_password
-		echo
+get_password()
+{
+	last_half=X
+
+	while true; do
+
+		# update the TOTP code every thirty seconds
+		date=`date "+%Y-%m-%d %H:%M:%S"`
+		seconds=`date "+%s"`
+		half=`expr \( $seconds % 60 \) / 30`
+		if [ "$half" != "$last_half" ]; then
+			last_half=$half;
+			TOTP=`unseal-totp` \
+			|| die "TOTP code generation failed"
+		fi
+
+		echo -n "$date $TOTP: "
+
+		# read the first character, non-blocking
+		read \
+			-t 1 \
+			-n 1 \
+			-s \
+			-p "Enter unlock password: " \
+			tpm_password_1 \
+		&& break
+
+		# nothing typed, redraw the line
+		echo -ne '\r'
 	done
 
+	# they have started typing, read the rest, blocking
+	if [ -z "$tpm_password_1" ]; then
+		# they hit enter; we should exit gracefully
+		tpm_password=""
+	else
+		# they hit something else, read the rest of the line
+		read \
+			-s \
+			-p '' \
+			tpm_password_2
+		tpm_password="$tpm_password_1$tpm_password_2"
+	fi
+
+	# clean up with a newline
+	echo
+
+}
+
+for tries in 1 2 3; do
+	get_password
+
 	if tpm unsealfile \
 		-if "$sealed_file" \
 		-of "$key_file" \

initrd/bin/unseal-totp

@@ -20,8 +20,7 @@ tpm unsealfile  \
 
 rm -f "$TOTP_SEALED"
 
-#echo -n "`date`: "
-if ! totp < "$TOTP_SECRET"; then
+if ! totp -q < "$TOTP_SECRET"; then
 	rm -f "$TOTP_SECRET"
 	die 'Unable to compute TOTP hash?'
 fi