← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #99499

[Bug 1451032] Re: keyscript option in crypttab not implemented

  Thread PreviousDate PreviousThread Next 
This really needs to be solved. Unlocking secure systems that use some
external key device that requires a specific helper script to access is
a significant use case.

According to the Debian bug report discussion it seems that upstream
systemd aren't prepared to finish their replacement implementation of
cryptsetup init scripts without some kind of major new generic
functionality.

Ccan we workaround that by disabling systemd-cryptsetup and use the
existing cryptsetup functionality?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1451032

Title:
  keyscript option in crypttab not implemented

Status in systemd package in Ubuntu:
  Triaged
Status in systemd package in Debian:
  Confirmed

Bug description:
  The setup for unlocking an encrypted volume during boot using (only) a
  keyfile (on a detachable USB drive) usually calls for a keyscript to
  be specified as one of the encrypted volume's options. But with
  systemd, such encrypted volumes can only be unlocked during boot by
  typing in a passphrase.

  Steps to reproduce:
  1. Have a LUKS encrypted volume.
  2. Have said volume specified in /etc/crypttab, with keyscript= option pointing to your script for outputting the unlocking key.
  3. Boot.

  What I expect to happen:
  To have the volume unlocked by the script at boot time without manual intervention.

  What happens instead:
  Plymouth shows a prompt to enter a valid passphrase for the volume.

  Workarounds:
  Apparently the options for unlocking encrypted drives, including keyscript, can also be specified at the kernel command-line, without crypttab, and according to yaantc at Hacker News [1] this can be used to work around the issue. I haven't personally tried this.

  * [1] https://news.ycombinator.com/item?id=8477913

  ProblemType: Bug
  DistroRelease: Ubuntu 15.04
  Package: systemd 219-7ubuntu4
  ProcVersionSignature: Ubuntu 3.19.0-15.15-generic 3.19.3
  Uname: Linux 3.19.0-15-generic x86_64
  ApportVersion: 2.17.2-0ubuntu1
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Sat May  2 15:39:07 2015
  InstallationDate: Installed on 2014-10-18 (196 days ago)
  InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Alpha amd64 (20140923)
  MachineType: ASUSTeK COMPUTER INC. UX32A
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.19.0-15-generic.efi.signed root=UUID=2185885c-b860-49a8-973f-fa3b52d3eecf ro quiet splash vt.handoff=7
  SourcePackage: systemd
  UpgradeStatus: Upgraded to vivid on 2015-04-23 (8 days ago)
  dmi.bios.date: 01/29/2013
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: UX32A.214
  dmi.board.asset.tag: ATN12345678901234567
  dmi.board.name: UX32A
  dmi.board.vendor: ASUSTeK COMPUTER INC.
  dmi.board.version: 1.0
  dmi.chassis.asset.tag: No Asset Tag
  dmi.chassis.type: 10
  dmi.chassis.vendor: ASUSTeK COMPUTER INC.
  dmi.chassis.version: 1.0
  dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrUX32A.214:bd01/29/2013:svnASUSTeKCOMPUTERINC.:pnUX32A:pvr1.0:rvnASUSTeKCOMPUTERINC.:rnUX32A:rvr1.0:cvnASUSTeKCOMPUTERINC.:ct10:cvr1.0:
  dmi.product.name: UX32A
  dmi.product.version: 1.0
  dmi.sys.vendor: ASUSTeK COMPUTER INC.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1451032/+subscriptions

References

  Thread PreviousDate PreviousThread Next