Password Prompt for yubikey not showing in Plymouth

Status changed to 'Confirmed' because the bug affects multiple users.

Resurfaced in Cosmic (U18.10)

Interesting tidbits from Cosmic (U18.10), running with `splash` removed from boot arguments (i.e. disable Plymouth splash).

Boot LUKS prompt display:

   sed: /conf/conf.d/cryptroot: No such file or directory

     ... (unrelated LVMeta'd warning)

   /scripts/local-top/cryptroot: line 218: fold: not found
   Please unlock disk sda3_crypt:

Okay, still not clear why yubikey-luks isn't working, but at least there's an error or two now. :-)

I then tried both enabling chatty mode (`quiet` removed) and breaking before mount phase in initramfs bringup (`break=premount` added) to do some further digging.

The only reference within the as-built initramfs to `/conf/conf.d/cryptroot` anywhere in `/scripts/` is `/scripts/local-top/yubikey-luks`, and that file is noticeably absent from `/conf/conf.d/`. I saw that in bug 317442 (yes, old bug) that there may be situations where this file might not be created.

Line 218 of `/scripts/local-top/cryptroot` is the ending of an if-fi block, not clear yet what `fold` references.

Net-net, still digging.

Conclusion thus far: What I am seeing might be a new breakage of yubikey-luks in U18.10/Cosmic.

I dug up an older Ubuntu system (U16.04.3 LTS) that is known-working with Yubikey LUKS + Plymouth, and `/conf/conf.d/cryptroot` is present in initramfs. Contents is one line, a target specification for the root FS. The line referencing it in `/scripts/local-top/yubikey-luks` looks substantially similar to the one in U18.10 / Cosmic.

Digging through various versions of cryptsetup imported from upstream (Debian), I see that between ubuntu/bionic and ubuntu/cosmic, generation of `/conf/conf.d/cryptroot` seems to have been retired. Specifically, as part of refactoring at:

debian/changelog
   cryptsetup (2:2.0.3-2) unstable; urgency=medium

     [ Guilhem Moulin ]
     * debian/initramfs/*-hook: complete refactoring. Common functions are now in
       /lib/cryptsetup/functions (source-able from shell scripts).
       (Closes: #784881.)
       https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784881

… subsequent to which, debian/initramfs/cryptroot-hook add_device() (the function which was responsible for constructing `/conf/conf.d/cryptroot`) disappears.

Also of note: I fully removed yubikey-luks (`apt-get --purge remove yubikey-luks`), and only the first of the two cryptroot errors I mentioned above has disappeared. -- Looks like the "line 218" one is unrelated to yubikey-luks.

Possibly Guilhem (~7-guilhem / @7-guilhem here on Launchpad) could confirm `/conf/conf.d/cryptroot` is officially/intentionally retired?

Took some additional digging, but already confirmed, and definitely yubikey-luks side of the fence... it was using a non-public interface.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904162#15

Looks like there was some refactoring, and ostensibly this is fixed in a later iteration of yubikey-luks that is in U19.04/Disco but not U18.10/Cosmic at present

https://bugs.launchpad.net/ubuntu/+source/yubikey-luks/0.5.1+29.g5df2b95-1

U18.10/Cosmic, U18.04/Bionic, et al are on

https://bugs.launchpad.net/ubuntu/+source/yubikey-luks/0.3.3+3.ge11e4c1-1

TL;DR: Need yubikey-luks 0.5.1 in U18.10/Cosmic please. :-)

This is the relevant change that gets pulled-in: https://github.com/cornelinux/yubikey-luks/issues/37