[Bug 1362881] Re: Can't input password with keyscript=decrypt_keyctl in initramfs

Ubuntu Foundations Team Bug Bot 1362881 at bugs.launchpad.net
Fri Aug 29 04:24:45 UTC 2014 

The attachment "decrypt_keyctl.patch" seems to be a patch.  If it isn't,
please remove the "patch" flag from the attachment, remove the "patch"
tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the
team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issues please contact him.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1362881

Title:
  Can't input password with keyscript=decrypt_keyctl in initramfs

Status in “cryptsetup” package in Ubuntu:
  New

Bug description:
  Setup
  ---
  Description:    Ubuntu 14.04.1 LTS
  Release:        14.04

  cryptsetup:
    Installed: 2:1.6.1-1ubuntu1
    Candidate: 2:1.6.1-1ubuntu1
    Version table:
   *** 2:1.6.1-1ubuntu1 0
          500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
          100 /var/lib/dpkg/status

  My root device is luks-encrypted LVM volume. I have several other
  devices encrypted with the same password, so I wanted to use
  keyscript=decrypt_keyctl option in crypttab not to enter the password
  several times. The problem is that while in initramfs, I cannot enter
  the password (the terminal doesn't react to anything after it prompts
  for password).

  Reason for failure
  ---
  I debugged the problem myself and the reason is:
  - plymouthd  is running and grabbing all the input
  - dekrypt_keyctl script uses askpass for password, so it doesn't get any input

  Solution
  ---
  The solution is to make the script plymouth-aware. I attach a patch which solved the issue for me.

  Comment
  ---
  The problem is deeper though - any keyscript needs to be plymouth-aware. I think what we can be done is the manpage updated - if plymouth is used (default) and the scrupt requires any input, it needs to be done via plymouth.

  Workaround
  ---
  I tried chmod -x /sbin/plymouthd as a workaround, but didn't fix the problem:
  -plymouth scripts in init-top and init-bottom failed (that's probably fine, except they should not emit any error messages)
  -I was able to decrypt the root device in initramfs
  -for some reason (I didn't dig more) devices which did not have the keyscript set failed to be decrypted (prompt was displayed, but when I entered the password it was echoed to the console, devices were not decrypted and the init process stuck)

  I does fix the problem if all the devices share the same key and all
  have the script set though.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1362881/+subscriptions

More information about the foundations-bugs mailing list