Can't input password with keyscript=decrypt_keyctl in initramfs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cryptsetup (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Setup
---
Description: Ubuntu 14.04.1 LTS
Release: 14.04
cryptsetup:
Installed: 2:1.6.1-1ubuntu1
Candidate: 2:1.6.1-1ubuntu1
Version table:
*** 2:1.6.1-1ubuntu1 0
500 http://
100 /var/lib/
My root device is luks-encrypted LVM volume. I have several other devices encrypted with the same password, so I wanted to use keyscript=
Reason for failure
---
I debugged the problem myself and the reason is:
- plymouthd is running and grabbing all the input
- dekrypt_keyctl script uses askpass for password, so it doesn't get any input
Solution
---
The solution is to make the script plymouth-aware. I attach a patch which solved the issue for me.
Comment
---
The problem is deeper though - any keyscript needs to be plymouth-aware. I think what we can be done is the manpage updated - if plymouth is used (default) and the scrupt requires any input, it needs to be done via plymouth.
Workaround
---
I tried chmod -x /sbin/plymouthd as a workaround, but didn't fix the problem:
-plymouth scripts in init-top and init-bottom failed (that's probably fine, except they should not emit any error messages)
-I was able to decrypt the root device in initramfs
-for some reason (I didn't dig more) devices which did not have the keyscript set failed to be decrypted (prompt was displayed, but when I entered the password it was echoed to the console, devices were not decrypted and the init process stuck)
I does fix the problem if all the devices share the same key and all have the script set though.
tags: | added: trusty |
The attachment "decrypt_ keyctl. patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]