uc20 console-conf disabled by gadget still runs in recover mode
Bug #1895856 reported by
Ian Johnson
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd |
Fix Released
|
Critical
|
Ian Johnson |
Bug Description
when disabling console-conf by gadget defaults on uc20, console-conf correctly does not run in run mode or install mode, but when transitioning to recover mode, console-conf will start running again, allowing an attacker to configure their details and login to the device, effectively bypassing or defeating the full disk encryption on uc20
we should disable console-conf in the initramfs on recover mode by inspecting the gadget snap's defaults like we do with ConfigureRunSystem, but for recover mode and without using overlord, etc. but still using the filesystemOnlyApply system
Changed in snapd: | |
status: | Confirmed → Won't Fix |
status: | Won't Fix → In Progress |
Changed in snapd: | |
milestone: | none → 2.47 |
status: | In Progress → Fix Committed |
Changed in snapd: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
PR up @ https:/ /github. com/snapcore/ snapd/pull/ 9379