[Bug 1253983] [NEW] cryptsetup does not ask to decrypt swap on boot

Edward Z. Yang ezyang at cs.stanford.edu
Fri Nov 22 11:27:09 UTC 2013 

Public bug reported:

Steps to reproduce:
---------------------------

Suppose your swap partition is going to be /dev/sda3. We are going to
encrypt it with a password, rather than autogenerate it (this is
desirable for hibernation). I think it may be important to avoid having
other LUKS partitions in your crypttab.

Set it up with:
  cryptsetup luksFormat /dev/sda3

Edit crypttab to have:
  swap /dev/sda3 none luks,tries=3

Edit fstab to have:
   /dev/mapper/swap none swap sw 0 0

Now reboot the system.

Expected behavior: Prompt to decrypt swap on boot, after which swap is loaded (swapon -s)
Actual behavior: Boot proceeds without prompt (well, actually the prompt does show up but you're never given a chance to type anything in), swap is not loaded

The trouble here seems to be cryptsetup password request is implemented
by hooking into Ubuntu's "Device is not ready, press S to skip or M to
mount" (not an expert, but this is a guess, since when I do exactly the
same parameters, but specify the fstab to be a proper file system,
things work fine), but Ubuntu will not block boot because swap has not
come online, so we never actually get a prompt.

This might actually be a bug elsewhere; while hibernate has never been
terribly high on the priority of Ubuntu developers (and encrypted
hibernate is an absolute disaster), it is essential to block on swap
coming online, because there may be a hibernate image stored there,
which is irrecoverable if boot proceeds as normal. But I didn't know
where to report *that*.

** Affects: cryptsetup (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1253983

Title:
  cryptsetup does not ask to decrypt swap on boot

Status in “cryptsetup” package in Ubuntu:
  New

Bug description:
  Steps to reproduce:
  ---------------------------

  Suppose your swap partition is going to be /dev/sda3. We are going to
  encrypt it with a password, rather than autogenerate it (this is
  desirable for hibernation). I think it may be important to avoid
  having other LUKS partitions in your crypttab.

  Set it up with:
    cryptsetup luksFormat /dev/sda3

  Edit crypttab to have:
    swap /dev/sda3 none luks,tries=3

  Edit fstab to have:
     /dev/mapper/swap none swap sw 0 0

  Now reboot the system.

  Expected behavior: Prompt to decrypt swap on boot, after which swap is loaded (swapon -s)
  Actual behavior: Boot proceeds without prompt (well, actually the prompt does show up but you're never given a chance to type anything in), swap is not loaded

  The trouble here seems to be cryptsetup password request is
  implemented by hooking into Ubuntu's "Device is not ready, press S to
  skip or M to mount" (not an expert, but this is a guess, since when I
  do exactly the same parameters, but specify the fstab to be a proper
  file system, things work fine), but Ubuntu will not block boot because
  swap has not come online, so we never actually get a prompt.

  This might actually be a bug elsewhere; while hibernate has never been
  terribly high on the priority of Ubuntu developers (and encrypted
  hibernate is an absolute disaster), it is essential to block on swap
  coming online, because there may be a hibernate image stored there,
  which is irrecoverable if boot proceeds as normal. But I didn't know
  where to report *that*.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1253983/+subscriptions

More information about the foundations-bugs mailing list