Sometimes I start my computer and forget to unlock it.
I’d like it to shut down automatically after 15 minutes if it hasn’t been unlocked.
Add a comment
|
1 Answer
Tested on MX Linux 25 (Debian 13)
Create a script in /etc/initramfs-tools/scripts/init-premount/lukstimeout.
init-premount scripts get included in the initramfs system and are executed before the drive is mounted/unlocked.
sudo nano /etc/initramfs-tools/scripts/init-premount/lukstimeout
The script displays how many seconds are left until shutdown (only shows if your initramfs is using Plymouth for the gui).
After TIMEOUT seconds it shutsdown.
From my understanding, when the system boots, initramfs is terminated and this script gets removed from ram with it, so we don't need to check for disk unlocking to check for a success condition to prevent shutdown.
#!/bin/sh
# list of tools required for lukstimeout to work
PREREQ=""
# initramfs will call this script with "prereqs" as an argument to determine run order
case $1 in
prereqs)
# and we should return the PREREQs
echo "$PREREQ"
exit 0
;;
esac
notify() {
# if plymouth is available (boot splash screen gui), use it to display the message
if command -v plymouth >/dev/null 2>&1; then
plymouth display-message --text="$1"
fi
}
# Run timeout in background. "(...)" means separate process, "&" means run in background
(
# 15 minutes
TIMEOUT=900
while [ $TIMEOUT -gt 0 ]; do
notify "If not unlocked, shutting down in $TIMEOUT seconds..."
sleep 1
TIMEOUT=$((TIMEOUT - 1))
done
poweroff -f
) &
Make the script executable and update your initramfs:
sudo chmod +x /etc/initramfs-tools/scripts/init-premount/lukstimeout
sudo update-initramfs -u
Docs (see "Boot Scripts" and init-premount)
If anything goes wrong with your boot process:
A) You can boot from a different kernel (during boot, select "advanced options" and choose a different kernel). Note your default kernel when starting.
B) Alternatively, (in theory) if you have no other kernels, you should be able to boot from linux live media and manually unlock your luks volume and chroot to effectively get into your system.
Then, identify your exact kernel version from:
dpkg --list | grep linux-image
eg. 6.12.74+deb13+1-amd64
Remove the timeout script, and build for your default kernel
sudo rm /etc/initramfs-tools/scripts/init-premount/lukstimeout
sudo update-initramfs -u -k 6.12.74+deb13+1-amd64
NOTE: Be careful not to run sudo update-initramfs -u as this will overwrite the initramfs for the kernel selected in A) rather than the your default kernel.
