[Bug 2051478] Re: Typing passphrase pretty quickly using Yubikey fails to unlock a LUKS partition

Nobuto Murata 2051478 at bugs.launchpad.net
Wed Jan 31 14:11:03 UTC 2024 

It's not reproducible with forcibly installed Debian's 24.004.60-1. So I
assume that the next merge from Debian will make the issue go away.

plymouth   | 0.9.4-1.1     | oldoldstable   | source
plymouth   | 0.9.5-3       | oldstable      | source
plymouth   | 22.02.122-3   | stable         | source
plymouth   | 24.004.60-1   | testing        | source
plymouth   | 24.004.60-1   | unstable       | source
plymouth   | 24.004.60-1   | unstable-debug | source


** Summary changed:

- unlock passphrase doesn't work in plymouth but works in recovery mode
+ Typing passphrase pretty quickly using Yubikey fails to unlock a LUKS partition

** Description changed:

- The system suddenly stopped accepting the existing passphrase on boot.
- However, the passphrase is definitely correct since the same one can be
- used in the recovery mode and it unlocks the volume appropriately.
+ It looks like there are some behavioral changes between 22.02.122 and
+ 23.360.11. I didn't have any issue until recently but after upgrading to
+ 23.360.11 on Ubuntu, the same unlocking method of LUKS partition stopped
+ working.
  
- More precisely, it looks like devices that inject characters pretty
- quickly (e.g. Yubikey to type pre-created random strings with length=32)
- are necessary to trigger the issue.
+ How to reproduce:
+ 1. format Yubikey with a static password
+ ```
+ $ ykman otp static --generate 2
+ ```
+ (it will emit 38 characters and the ENTER event within a moment when a button is long pressed)
+ 
+ 2. add the new key to LUKS
+ ```
+ $ sudo cryptsetup luksAddKey /dev/nvme0n1p3
+ ```
+ 
+ 3. reboot and use the Yubikey to input the passphrase
+ 
+ Actual:
+ it fails to unlock
+ 
+ When typing the same passphrase by-hand it works. Furthermore, when not
+ using Plymouth, both by-hand typing and Yubikey work.
  
  WORKAROUND:
  1. boot into the recovery mode
  2. unlock the volume in the console
  3. remove "splash" from /etc/default/grub and run `update-grub`
  3. reboot
  
  ProblemType: Bug
  DistroRelease: Ubuntu 24.04
  Package: cryptsetup 2:2.6.1-6ubuntu1
  ProcVersionSignature: Ubuntu 6.6.0-14.14-generic 6.6.3
  Uname: Linux 6.6.0-14-generic x86_64
  NonfreeKernelModules: zfs
  ApportVersion: 2.27.0-0ubuntu6
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Mon Jan 29 15:41:03 2024
  InstallationDate: Installed on 2024-01-08 (21 days ago)
  InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Daily amd64 (20240104)
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=xterm-256color
   XDG_RUNTIME_DIR=<set>
  SourcePackage: cryptsetup
  UpgradeStatus: No upgrade log present (probably fresh install)
  cmdline: BOOT_IMAGE=/vmlinuz-6.6.0-14-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro quiet splash
  crypttab: dm_crypt-0 UUID=cfd8c295-9988-4934-a91a-460a9d16d80f none luks

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/2051478

Title:
  Typing passphrase pretty quickly using Yubikey fails to unlock a LUKS
  partition

Status in Plymouth:
  Unknown
Status in cryptsetup package in Ubuntu:
  Invalid
Status in plymouth package in Ubuntu:
  New

Bug description:
  It looks like there are some behavioral changes between 22.02.122 and
  23.360.11. I didn't have any issue until recently but after upgrading
  to 23.360.11 on Ubuntu, the same unlocking method of LUKS partition
  stopped working.

  How to reproduce:
  1. format Yubikey with a static password
  ```
  $ ykman otp static --generate 2
  ```
  (it will emit 38 characters and the ENTER event within a moment when a button is long pressed)

  2. add the new key to LUKS
  ```
  $ sudo cryptsetup luksAddKey /dev/nvme0n1p3
  ```

  3. reboot and use the Yubikey to input the passphrase

  Actual:
  it fails to unlock

  When typing the same passphrase by-hand it works. Furthermore, when
  not using Plymouth, both by-hand typing and Yubikey work.

  WORKAROUND:
  1. boot into the recovery mode
  2. unlock the volume in the console
  3. remove "splash" from /etc/default/grub and run `update-grub`
  3. reboot

  ProblemType: Bug
  DistroRelease: Ubuntu 24.04
  Package: cryptsetup 2:2.6.1-6ubuntu1
  ProcVersionSignature: Ubuntu 6.6.0-14.14-generic 6.6.3
  Uname: Linux 6.6.0-14-generic x86_64
  NonfreeKernelModules: zfs
  ApportVersion: 2.27.0-0ubuntu6
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Mon Jan 29 15:41:03 2024
  InstallationDate: Installed on 2024-01-08 (21 days ago)
  InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Daily amd64 (20240104)
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=xterm-256color
   XDG_RUNTIME_DIR=<set>
  SourcePackage: cryptsetup
  UpgradeStatus: No upgrade log present (probably fresh install)
  cmdline: BOOT_IMAGE=/vmlinuz-6.6.0-14-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro quiet splash
  crypttab: dm_crypt-0 UUID=cfd8c295-9988-4934-a91a-460a9d16d80f none luks

To manage notifications about this bug go to:
https://bugs.launchpad.net/plymouth/+bug/2051478/+subscriptions

More information about the foundations-bugs mailing list