Use your Bluetooth Keyboard during LUKS Decryption on Arch Linux

2-minute read
Alexander Huck
linux mkinitcpio bluetooth luks archlinux

Use your Bluetooth Keyboard during LUKS Decryption on Arch Linux

When I am working from home, my laptop is closed: it’s running in clamshell mode. Rebooting or starting the machine means I have to re-enter the LUKS passphrase, which also means I have to get behind my monitor, open up the laptop, and enter the passphrase. What if I could enter the passphrase using my Bluetooth keyboard and skip the tedious steps of having to climb behind my monitor and entering the passphrase in a non-ergonomic manner?

My colleague Rüdiger from work @inovex also had that problem and documented how to do it. So most of the stuff written down here is based on the knowledge of Rüdiger and the author of mkinitcpio-bluetooth. Kudos! 💕

Prerequisites

  • Pair your Bluetooth keyboard
bluetoothctl power on
bluetoothctl default agent
bluetoothctl pairable on
bluetoothctl scan on
bluetoothctl pair <id>
bluetoothctl trust <id>

yay -S mkinitcpio-bluetooth
  • Set AutoEnable to true in /etc/bluetooth/main.conf.

mkinitcpio

hooks

Add Bluetooth to your HOOKS array in /etc/mkinitcpio.conf before encrypt and after keyboard.

Example:

HOOKS=(base udev autodetect keyboard keymap modconf bluetooth block encrypt filesystems fsck)

files

Add any file, binary, module that your keyboard or Bluetooth adapter might need.

You can get those using sudo journalctl -b | rg -i firmware or: sudo dmesg | grep -i bluetooth

Bluetooth: hci0: Found device firmware: intel/ibt-20-1-3.sfi
...
Bluetooth: hci0: Failed to load Intel DDC file intel/ibt-20-1-3.ddc

Bluetooth firmware files are in: /usr/lib/firmware/[intel]

modules

For the modules, you can find them like this:

$ lsmod | grep bluetooth
bluetooth            1110016  36 btrtl,btmtk,btintel,btbcm,bnep,btusb,rfcomm <<<<
rfkill                 40960  8 iwlmvm,bluetooth,thinkpad_acpi,cfg80211
ecdh_generic           16384  2 bluetooth
crc16                  12288  2 bluetooth,ext4

I’m not adding all of them, I just added btintel (as my Bluetooth chip is from intel).

The mkinitcpio.conf should look like this, ymmv:

MODULES=(usbhid btintel uhid btrtl amdgpu)
BINARIES=()
FILES=(/usr/lib/firmware/intel/ibt-20-1-3.sfi.zst /usr/lib/firmware/intel/ibt-20-1-3.ddc.zst)
HOOKS=(base udev autodetect keyboard keymap modconf bluetooth block encrypt filesystems fsck)

Updates

If the firmware files get updates and change, you need to manually update the mkinitcpio.conf file and rebuild your initramfs using: mkinitcpio -P

Troubleshooting

If the above does not work for you, you can add break to the kernel parameters which allows to start a shell in the initrd env where you can check which files are missing and debug your way to Bluetooth keyboard LUKS decryption.