Index: head/stand/lua/password.lua
===================================================================
--- head/stand/lua/password.lua	(revision 330097)
+++ head/stand/lua/password.lua	(revision 330098)
@@ -1,122 +1,136 @@
 --
 -- SPDX-License-Identifier: BSD-2-Clause-FreeBSD
 --
 -- Copyright (c) 2015 Pedro Souza <pedrosouza@freebsd.org>
 -- Copyright (C) 2018 Kyle Evans <kevans@FreeBSD.org>
 -- All rights reserved.
 --
 -- Redistribution and use in source and binary forms, with or without
 -- modification, are permitted provided that the following conditions
 -- are met:
 -- 1. Redistributions of source code must retain the above copyright
 --    notice, this list of conditions and the following disclaimer.
 -- 2. Redistributions in binary form must reproduce the above copyright
 --    notice, this list of conditions and the following disclaimer in the
 --    documentation and/or other materials provided with the distribution.
 --
 -- THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 -- ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 -- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 -- ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 -- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 -- DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 -- OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 -- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 -- LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 -- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 -- SUCH DAMAGE.
 --
 -- $FreeBSD$
 --
 
 local core = require("core")
 local screen = require("screen")
 
 local password = {}
+
+local INCORRECT_PASSWORD = "loader: incorrect password!"
 -- Asterisks as a password mask
 local show_password_mask = false
 local twiddle_chars = {"/", "-", "\\", "|"}
 
 -- Module exports
-function password.read()
+function password.read(prompt_length)
 	local str = ""
 	local n = 0
 	local twiddle_pos = 1
 
 	local function draw_twiddle()
 		loader.printc("  " .. twiddle_chars[twiddle_pos])
-		screen.movecursor(-3, 0)
+		screen.setcursor(prompt_length + 2, 25)
 		twiddle_pos = (twiddle_pos % #twiddle_chars) + 1
 	end
 
 	-- Space between the prompt and any on-screen feedback
 	loader.printc(" ")
 	while true do
 		local ch = io.getchar()
 		if ch == core.KEY_ENTER then
 			break
 		end
 		if ch == core.KEY_BACKSPACE or ch == core.KEY_DELETE then
 			if n > 0 then
 				n = n - 1
 				if show_password_mask then
 					loader.printc("\008 \008")
 				else
 					draw_twiddle()
 				end
 				str = str:sub(1, n)
 			end
 		else
 			if show_password_mask then
 				loader.printc("*")
 			else
 				draw_twiddle()
 			end
 			str = str .. string.char(ch)
 			n = n + 1
 		end
 	end
 	return str
 end
 
 function password.check()
 	screen.clear()
 	screen.defcursor()
 	-- pwd is optionally supplied if we want to check it
 	local function doPrompt(prompt, pwd)
+		local attempts = 1
+
+		local function clear_incorrect_text_prompt()
+			loader.printc("\n")
+			loader.printc(string.rep(" ", #INCORRECT_PASSWORD))
+		end
+
 		while true do
+			screen.defcursor()
 			loader.printc(prompt)
-			local read_pwd = password.read()
+			local read_pwd = password.read(#prompt)
 			if pwd == nil or pwd == read_pwd then
-				-- Throw an extra newline after password prompt
-				print("")
+				-- Clear the prompt + twiddle
+				loader.printc(string.rep(" ", #prompt + 5))
+				if attempts > 1 then
+					clear_incorrect_text_prompt()
+				end
 				return read_pwd
 			end
-			print("\n\nloader: incorrect password!\n")
+			loader.printc("\n" .. INCORRECT_PASSWORD)
+			attempts = attempts + 1
 			loader.delay(3*1000*1000)
 		end
 	end
 	local function compare(prompt, pwd)
 		if pwd == nil then
 			return
 		end
 		doPrompt(prompt, pwd)
 	end
 
 	local boot_pwd = loader.getenv("bootlock_password")
 	compare("Boot password: ", boot_pwd)
 
 	local geli_prompt = loader.getenv("geom_eli_passphrase_prompt")
 	if geli_prompt ~= nil and geli_prompt:lower() == "yes" then
 		local passphrase = doPrompt("GELI Passphrase: ")
 		loader.setenv("kern.geom.eli.passphrase", passphrase)
 	end
 
 	local pwd = loader.getenv("password")
 	if pwd ~= nil then
 		core.autoboot()
 	end
 	compare("Password: ", pwd)
 end
 
 return password
Index: head/stand/lua/screen.lua
===================================================================
--- head/stand/lua/screen.lua	(revision 330097)
+++ head/stand/lua/screen.lua	(revision 330098)
@@ -1,95 +1,77 @@
 --
 -- SPDX-License-Identifier: BSD-2-Clause-FreeBSD
 --
 -- Copyright (c) 2015 Pedro Souza <pedrosouza@freebsd.org>
 -- All rights reserved.
 --
 -- Redistribution and use in source and binary forms, with or without
 -- modification, are permitted provided that the following conditions
 -- are met:
 -- 1. Redistributions of source code must retain the above copyright
 --    notice, this list of conditions and the following disclaimer.
 -- 2. Redistributions in binary form must reproduce the above copyright
 --    notice, this list of conditions and the following disclaimer in the
 --    documentation and/or other materials provided with the distribution.
 --
 -- THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 -- ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 -- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 -- ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 -- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 -- DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 -- OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 -- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 -- LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 -- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 -- SUCH DAMAGE.
 --
 -- $FreeBSD$
 --
 
 local color = require("color")
 local core = require("core")
 
 local screen = {}
 
 -- Module exports
 function screen.clear()
 	if core.isSerialBoot() then
 		return
 	end
 	loader.printc(core.KEYSTR_CSI .. "H" .. core.KEYSTR_CSI .. "J")
 end
 
 function screen.setcursor(x, y)
 	if core.isSerialBoot() then
 		return
 	end
 
 	loader.printc(core.KEYSTR_CSI .. y .. ";" .. x .. "H")
 end
 
-function screen.movecursor(dx, dy)
-	if core.isSerialBoot() then
-		return
-	end
-
-	if dx < 0 then
-		loader.printc(core.KEYSTR_CSI .. -dx .. "D")
-	elseif dx > 0 then
-		loader.printc(core.KEYSTR_CSI .. dx .. "C")
-	end
-
-	if dy < 0 then
-		loader.printc(core.KEYSTR_CSI .. -dy .. "A")
-	elseif dy > 0 then
-		loader.printc(core.KEYSTR_CSI .. dy .. "B")
-	end
-end
-
 function screen.setforeground(color_value)
 	if color.disabled then
 		return color_value
 	end
 	loader.printc(color.escapef(color_value))
 end
 
 function screen.setbackground(color_value)
 	if color.disabled then
 		return color_value
 	end
 	loader.printc(color.escapeb(color_value))
 end
 
 function screen.defcolor()
 	loader.printc(color.default())
 end
 
 function screen.defcursor()
 	if core.isSerialBoot() then
 		return
 	end
 	loader.printc(core.KEYSTR_CSI .. "25;0H")
 end
 
 return screen