initramfs cryptroot with keyscript and binary passphrase
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cryptsetup (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
cryptsetup --key-file=-
is not the same as
cryptsetup --key-file=
I use initramfs cryptroot script to set up an encrypted device early, and i have a keyscript that decrypts a keyfile and writes the decrypted key to stdout. (binary key 512 bytes long)
# /etc/crypttab was this before running update-initramfs -u #
swap /dev/disk/
But despite the decrypt-key keyscript workes fine inside the initramfs environment, and the decrypted key it produces is correct, cryptroot script failes with "unknown fs type" error.
I used keyscript manually to decrypt the key to a file, then call cryptsetup with --key-file=
I've discovered that by replacing a part of the initramfs script "cryptroot"
$cryptkeyscript "$cryptkey" | $cryptcreate --key-file=- ;
to
$cryptkeyscript "$cryptkey" | $cryptcreate --key-file=
fixed the problem. (/scripts/
I could reproduce the problem in initramfs environment with a /conf/conf.
target=
Where /etc/key is a 512 byte binary keyfile (already decrypted).
(try /bin/dd if /bin/cat is missing in your initramfs environment or ln -s /bin/busybox /bin/cat)
My Quick-Fix was:
cp /usr/share/
Edit and replace --key-file=- with --key-file=
update-initramfs -u
Description: Ubuntu 14.04.1 LTS
Release: 14.04
Package: cryptsetup
Version: 2:1.6.1-1ubuntu1
Architecture: amd64
Status changed to 'Confirmed' because the bug affects multiple users.