password request for cryptswap1 during boot when encrypted home directory selected

Bug #1449555 reported by Craig Magina on 2015-04-28
232
This bug affects 52 people
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
High
Unassigned

Bug Description

On a system freshly installed (haven't tried the upgrade route) where the user selects to encrypt their home directory, they will get a password prompt during boot and at other times on the command-line requesting a password for cryptswap1.

ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: cryptsetup 2:1.6.1-1ubuntu7
ProcVersionSignature: Ubuntu 3.19.0-15.15-generic 3.19.3
Uname: Linux 3.19.0-15-generic x86_64
NonfreeKernelModules: wl
ApportVersion: 2.17.2-0ubuntu1
Architecture: amd64
CurrentDesktop: Unity
Date: Tue Apr 28 09:02:12 2015
EcryptfsInUse: Yes
InstallationDate: Installed on 2015-04-28 (0 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
SourcePackage: cryptsetup
UpgradeStatus: No upgrade log present (probably fresh install)
crypttab: cryptswap1 UUID=c9d10691-df3f-49ae-a734-cdf2cbbaee8e /dev/urandom swap,offset=1024,cipher=aes-xts-plain64

Craig Magina (craig.magina) wrote :
Steve Langasek (vorlon) wrote :

Hi Craig,

Could you please attach the /etc/crypttab from the affected system?

Changed in cryptsetup (Ubuntu):
status: New → Incomplete
Craig Magina (craig.magina) wrote :
Changed in cryptsetup (Ubuntu):
status: Incomplete → Confirmed
Steve Langasek (vorlon) wrote :

Thanks. crypttab clearly shows that this has been set up correctly, with /dev/urandom as the key, so we should not be getting a passphrase prompt.

Please also show the output of:

  systemctl --all | grep cryptsetup

Craig Magina (craig.magina) wrote :

<email address hidden> loaded activating start start Cryptography Setup for cryptswap1
  system-systemd\x2dcryptsetup.slice loaded active active system-systemd\x2dcryptsetup.slice
  cryptsetup-pre.target loaded inactive dead Encrypted Volumes (Pre)
  cryptsetup.target loaded inactive dead Encrypted Volumes

Changed in cryptsetup (Ubuntu):
importance: Undecided → High
Craig Magina (craig.magina) wrote :

I see this message when working on the command-line, i.e. installing packages via apt.

Broadcast message from root@serke (Tue 2015-04-28 16:34:51 EDT):

Password entry required for 'Please enter passphrase for disk ubuntu--vg-swap_1 (cryptswap1) on none!' (PID 19250).
Please enter password with the systemd-tty-ask-password-agent tool!

Please enter passphrase for disk ubuntu--vg-swap_1 (cryptswap1) on none!

J Baker (bakerjk0222) wrote :

I performed a clean install of 15.04 and I am prompted for a cryptswap1 password as well.

I belive this issue may become more visible as more people upgrade.

Dmitry Polovka (messaged-t) wrote :

Same. Performed a clean install of 15.04 and I am prompted for a cryptswap1 password. Get it together guys

Steve Langasek (vorlon) wrote :

This is reproducible in a VM by configuring /etc/crypttab to include a /dev/urandom crypted swap line. This appears to be a bug in systemd rather than in cryptsetup.

affects: cryptsetup (Ubuntu) → systemd (Ubuntu)
Changed in systemd (Ubuntu):
status: Confirmed → Triaged
Kokos (konrad-kostecki) wrote :

I can confirm I have the same issue after the upgrade from Ubuntu GNOME 14.04.2 LTS to Ubuntu GNOME 15.04. Anyone knows a workaround for this? Do you need any logs or conf files to confirm/resolve it? I can provide if needed.

NuWin (thes4s67) wrote :

I can also confirm that this problem exists. Looking forward to the fix.

I have just installed Wily desktop with encrypted LVM and encrypted /home and I get this error to: System asking for passphrase for cryptswap1.

It also showed several times while installing packages in Synaptic.

Having a 20 character password for unlocking my LVM I got lazy and tried to hit the Enter key without typing my password and the system continued to load Ubuntu up to the login-screen.

To me it seems like a major problem that one can enter an empty password to bypass security.

The security is not all that compromised on an LVM system but it is on a system with encryptet /home only.

Sean Hayes (sean-hayes) wrote :

Anyone find a solution yet?

Piet Stevens (piet8stevens) wrote :

Just did a clean install of 15.10 with encrypted /home and can confirm I have the problem, too.

Piet Stevens (piet8stevens) wrote :

Note: I am not using LVM.

D (360-dennis) wrote :

I had this error on 16.04 LTS as well. I had it on 2 systems, so this does not seem to be fixed yet.

there are also some duplicates about this bug i think;
https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/953875
which in turn has a lot of duplicates it seems.

Samir M (samir-menon-cs) wrote :

+1 to the list of folks who say this bug is still active. It's quite annoying in 16.04 LTS, I get this message almost every time I use some "sudo <something>" command.

Leszek (l-p-pryszcz) wrote :

It's still present in 16.10

Jelle De Loecker (skerit) wrote :

I just bought a Dell XPS 13 and am having the same issue.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers