Ubuntu
calamares-settings-ubuntu package

Installing with full disk encryption when using a non-English keyboard layout results in difficulties unlocking the disk

Bug #2016912 reported by Aaron Rainbolt
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
calamares-settings-ubuntu (Ubuntu)
Fix Released
Critical
Lubuntu Developers
Ubuntu ubuntu-24.04-beta

Bug Description

Steps to reproduce:

1. Boot the Lubuntu Lunar Final ISO.
2. Launch Calamares and set the language to "Spanish (Mexico)".
3. Proceed through the installer until you get to the partitioning screen.
4. At the partitioning screen, enable encryption and type a passphrase that includes a double-quote symbol.
    - On a Spanish keyboard the double-quote symbol is on the same key as the @ symbol on an English keyboard. So if you have an English keyboard, type a passphrase like P@ssphrase1 or something.
5. Finish the installation process.
6. Reboot.
7. Attempt to enter the disk passphrase exactly as you had entered it into Calamares.

Expected result: The disk should unlock and Lubuntu should boot.

Actual result: An "access denied" error is shown and you are dropped to a "grub rescue>" prompt. You can unlock the disk if you reboot and type the passphrase, but using the English double-quote rather than the Spanish one. (For instance, if you have an English keyboard, you would have typed P@ssphrase1 into Calamares but would then have to type P"ssphrase1 to unlock the disk.)

Tags: iso-testing
Revision history for this message
Ubuntu QA Website (ubuntuqa) wrote :

This bug has been reported on the Ubuntu ISO testing tracker.

A list of all reports related to this bug can be found here:
https://iso.qa.ubuntu.com/qatracker/reports/bugs/2016912

tags: added: iso-testing
Revision history for this message
Simon Quigley (tsimonq2) wrote :

Yeaaaahp, the decision is that we're going to be switching back to unencrypted /boot for 24.04, since Plymouth supports different keyboard layouts (and actually just uses the default one).

Changed in calamares (Ubuntu):
status: New → Confirmed
importance: Undecided → Critical
assignee: nobody → Lubuntu Developers (lubuntu-dev)
milestone: none → ubuntu-24.01
Revision history for this message
sudodus (nio-wiklund) wrote :

Will unencrypted /boot make it easier to launch an evil maid atack?

In that case, we can tell people to use only standard ASCII characters in the passphrase, and make the system accept only such characters (in the passphrase).

Revision history for this message
Simon Quigley (tsimonq2) wrote (last edit ):

Hey sudodus, I realize I didn't explain myself very well!

This decision is after a *lot* of discussion and back/forth from Foundations and Security where we asked all these questions in detail. The specific person I spoke with has 20 years of experience with Linux Security (and the other is a GRUB maintainer).

The benefit of having *full* disk encryption is the idea of increased security. That's about it. The security impact is actually negligible, encrypted /boot takes 3x longer to boot, it doesn't have support for other keyboard layouts, and the icing on the cake is that we're actually relying on GRUB's built-in encryption algorithms, which aren't checked for vulnerabilities.

To quote the incredibly experienced member of the Security Team:
> IMHO it's hard to see value from encrypting the boot process: an attacker could replace either one just fine, right? That's where the signatures come in, but that really only helps if the measurements contribute to unsealing a key for the rest of the data, and I'm not sure that's really there for most platforms yet

If there's anything we failed to consider here, please say so. I just think, unfortunately we've had the wrong defaults for a while. Let me know if you have any questions.

Revision history for this message
sudodus (nio-wiklund) wrote :

I understand that you have spent time and effort to choose the right method; I'm happy with your decision.

Revision history for this message
Simon Quigley (tsimonq2) wrote :

And I'm quite happy to provide followups and more information if I'm ever unclear. :)

Thank you for raising the point!

Brian Murray (brian-murray)
Changed in calamares (Ubuntu):
milestone: ubuntu-24.01 → ubuntu-24.04-beta
Revision history for this message
ԜаӀtеr Ⅼарсһуnѕkі (wxl) wrote :

I assume "switching back to unencrypted /boot" means just tweaking our Calamares settings.

affects: calamares (Ubuntu) → calamares-settings-ubuntu (Ubuntu)
Revision history for this message
Aaron Rainbolt (arraybolt3) wrote :

This is already fixed for all Calamares-using flavors. Switching to unencrypted /boot and doing some trickery in the Calamares configuration did the trick if I remember correctly. I simply forgot to close this bug :P

Changed in calamares-settings-ubuntu (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.