System Encryption Password set before setting keyboard locale
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubiquity (Ubuntu) |
Fix Released
|
High
|
José Carlos Cárcamo Camacho | ||
Bionic |
Fix Released
|
Critical
|
Unassigned | ||
xubuntu-default-settings (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bionic |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Ubuntu 12.10
When installing my system, I selected to encrypt access to my system. This prompted me to enter a password. I entered a password with a # symbol in it, however due to using an english keyboard, this would not have been correctly recorded as a #, but as a ' instead - leading it to refuse my password when booting.
I tested this both connected to and not connected to the internet.
It seems that at the point of entering the password during the installer, the keyboard layout was set to en_US. Therefore, when booting and having the locale as en_GB - it didn't correctly work.
I tried this with the @ symbol, which when entered was accepted on boot by hitting shift+2 (american combination)
I also tried this by entering a password with a £ sign (shift 3 on UK keyboard - which would be a # on a US keyboard)
When entering password on boot, entering the password with the # key rather than the £ key worked.
In summary - when entering password for encrypting system, keyboard is set as a US keyboard layout, which differs from that when booting to enter the password if it is changed in a later step.
Proposed solution: Move the keyboard selection / Locale Setup before any input boxes. (espescially those where you can't see the contents of them!)
<http://
<https:/
It may save time to fix this at the same time as bug 871752.
Related branches
- Jean-Baptiste Lallement: Approve
- Łukasz Zemczak: Approve
-
Diff: 49 lines (+4/-4)4 files modifiedubiquity/plugins/ubi-console-setup.py (+1/-1)
ubiquity/plugins/ubi-timezone.py (+1/-1)
ubiquity/plugins/ubi-usersetup.py (+1/-1)
ubiquity/plugins/ubi-wireless.py (+1/-1)
Changed in ubiquity (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → High |
importance: | High → Medium |
tags: | added: needs-design |
Changed in ubiquity (Ubuntu): | |
status: | Confirmed → In Progress |
description: | updated |
no longer affects: | ubiquity (Ubuntu Trusty) |
tags: | added: password |
description: | updated |
description: | updated |
tags: | added: zesty |
affects: | ubiquity (Ubuntu) → xubuntu-default-settings |
Changed in ubiquity (Ubuntu): | |
status: | New → Confirmed |
no longer affects: | ubiquity (Ubuntu) |
affects: | xubuntu-default-settings → ubiquity |
affects: | ubiquity → ubiquity (Ubuntu) |
tags: | added: artful xenial |
Changed in ubiquity (Ubuntu): | |
importance: | Medium → High |
tags: | added: rls-bb-incoming |
tags: | removed: rls-bb-incoming |
tags: | added: id-59777adc5b653ed1d02a72c8 |
tags: | removed: needs-design |
Changed in ubiquity (Ubuntu Bionic): | |
status: | Triaged → Fix Committed |
Changed in xubuntu-default-settings (Ubuntu): | |
status: | Confirmed → Invalid |
Changed in xubuntu-default-settings (Ubuntu Bionic): | |
status: | Confirmed → Invalid |
Changed in ubiquity (Ubuntu): | |
assignee: | nobody → José Carlos Cárcamo Camacho (charlisious) |
Currently we try to ask partitioning questions as soon as possible such that we can do partitioning & installation in parallel with users fiddling with the webcam to take a perfect shot for their user profile and things like that.
Now with newly added cryptsetup, we need a pass-phrase to create a container to create the partitions and start installation. We ask user's keyboard layout after we already started installation and recorded passphrase in the LUKS slot.
Ideally we want to use correct layout for password, yet setup keyboard layout during installation
Option one:
- generate random encryption password
- start the install
- proceed to user setup
- ask for keyboard layout
- setup up the real passphrase slot
- optionally remove the random encryption passphrase
- possibly pre-seed other passphrases (e.g. company wide)
- in OEM mode allow to skip setting up the user passphrase and setup the random one as a keyfile in the initramfs, to allow users to set their own passphrase on first boot (there are some security implications with this)
Option two:
- if encryption was selected, move the keyboard layout step before setting up the passphrases
Option three:
- display the passphrase in clear text such that users are aware of this