Comment 18 for bug 1979159
Revision history for this message
| Benjamin Drung (bdrung) wrote Re: Cannot unlock encrypted root after upgrading to 22.04 | #18 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Thanks Steve.
| Key | Ubuntu 10.04 | Ubuntu >= 16.04 |
| Cipher mode | cbc-essiv:sha256 | xts-plain64 |
| Hash spec | sha1 | sha256 |
For testing, we can create a LUKS device that uses cipher mode cbc-essiv:sha256 and/or hash spec sha1. Then we should be able to reproduce the issue.
Suggested solution: Let openssl ship a initramfs-tools hook that does following:
1. Get the list of encrypted disks:
dmsetup ls --target crypt
2. Map the disk name (e.g. system_crypt) to a dm-X name:
readlink -f readlink -f /dev/mapper/$name
3. Get slave device (i.e. the underlying disk):
ls -1 /sys/block/
4. For each underlying disk check the cipher mode / hash spec:
cryptsetup luksDump /dev/$disk | grep "^Hash spec: $legacy"
5. If the cipher mode / hash spec is legacy, include /usr/lib/