[Bug 1362881] Re: Can't input password with keyscript=decrypt_keyctl in initramfs

bastafidli ubuntu at bastafidli.com
Wed Oct 15 03:39:11 UTC 2014 

First of all I had to install package keyutils as described in following Debian bug
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735496
to make update-initramfs work 

Second of all, the patch doesn't seem to work for me. Plymouth asks me
to cache passphrase  for every one of my encrypted disks.

** Bug watch added: Debian Bug tracker #735496
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735496

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1362881

Title:
  Can't input password with keyscript=decrypt_keyctl in initramfs

Status in “cryptsetup” package in Ubuntu:
  New

Bug description:
  Setup
  ---
  Description:    Ubuntu 14.04.1 LTS
  Release:        14.04

  cryptsetup:
    Installed: 2:1.6.1-1ubuntu1
    Candidate: 2:1.6.1-1ubuntu1
    Version table:
   *** 2:1.6.1-1ubuntu1 0
          500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
          100 /var/lib/dpkg/status

  My root device is luks-encrypted LVM volume. I have several other
  devices encrypted with the same password, so I wanted to use
  keyscript=decrypt_keyctl option in crypttab not to enter the password
  several times. The problem is that while in initramfs, I cannot enter
  the password (the terminal doesn't react to anything after it prompts
  for password).

  Reason for failure
  ---
  I debugged the problem myself and the reason is:
  - plymouthd  is running and grabbing all the input
  - dekrypt_keyctl script uses askpass for password, so it doesn't get any input

  Solution
  ---
  The solution is to make the script plymouth-aware. I attach a patch which solved the issue for me.

  Comment
  ---
  The problem is deeper though - any keyscript needs to be plymouth-aware. I think what we can be done is the manpage updated - if plymouth is used (default) and the scrupt requires any input, it needs to be done via plymouth.

  Workaround
  ---
  I tried chmod -x /sbin/plymouthd as a workaround, but didn't fix the problem:
  -plymouth scripts in init-top and init-bottom failed (that's probably fine, except they should not emit any error messages)
  -I was able to decrypt the root device in initramfs
  -for some reason (I didn't dig more) devices which did not have the keyscript set failed to be decrypted (prompt was displayed, but when I entered the password it was echoed to the console, devices were not decrypted and the init process stuck)

  I does fix the problem if all the devices share the same key and all
  have the script set though.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1362881/+subscriptions

More information about the foundations-bugs mailing list