KDE Plasma 5.5 on Wayland will feature Screenlocker integration in KWin

Bhushan Shah recently posted on his blog page, an on going project work he has been working on to integrate the Lockscreen with KWin Wayland session. According to him, this is the most important bit of the Plasma on Wayland session. Currently in X11 lockscreen is managed by ksmserver (KDE’s session manager). Its also noted that in Wayland, lockscreen functionality should be moved in kwin_wayland, so that compositor is aware that screen is locked, what windows are owned by greeter, and what should get input events.

To provide screenlocker integration in kwin_wayland, KWin needs to link to kscreenlocker library. Which was being built as static library in plasma-workspace. To avoid dependency loop kscreenlocker was split into different repository to which ksmserver in plasma-workspace and kwin_wayland can depend upon. Next, kwin_wayland was adjusted to start KSldApp (stands for KScreenlocker Daemon Application). As a result, a beautiful lockscreen on wayland session was born!

kde plasma wayland Screenlocker

However, this was not really secure.. one can just Alt+Tab the screenlocker. oops!

Now it was time for adding security constraints to KWin, so security promised earlier is available. Security constraints are,

  • When screen is locked, allow only lockscreen/greeter windows to be shown
  • When screen is locked no other clients/windows should be able to get input events
  • Allow only on-screen input methods like maliit to be shown on lockscreen
  • Do not pass any events to KWin effects or any other clients

For this kwin_wayland needs to know which windows are provided by lockscreen or greeter. For this KSldApp passed the client connection created by it to kwin_wayland. This way kwin can identify the greeter windows to apply various security restrictions. kwin_wayland have InputRedirection class which handles getting input events from the input devices and passes it to various clients, effects or applications based upon their priority. InputRedirection was adjusted to pass keyboard events to just lockscreen and mouse events to lockscreen as well as input methods.

However, things that are not secured/tested are :

  • Touch events
  • Global shortcuts for screenlocker
  • Fallback/emergency screen not yet working

Also currently lockscreen on wayland is not unit tested. I plan to work on this in upcoming days.

The secured screen locker architecture will be available for Plasma 5.5 release cycle. This also fixes 11 year old bugs like keyboard/mouse grabs prevent screenlocker from starting. Overall its very nice improvement to Plasma Desktop.


comments powered by Disqus