Public bug reported:
When crypttab specifies a key-file for the container of the root file-
system but there is no keyscript= option no cryptsetup support is
installed in the initrd.img.
Currently the cryptroot initramfs hook script knows its a problem and
will report:
cryptsetup: WARNING: target LUKS_OS uses a key file, skipped
This is BAD behaviour that renders the root file-system container
inaccessible at boot time.
Regardless of a key-script being available cryptsetup support should be
installed into the initrd.img to enable the user to take manual steps to
unlock the container. The hook script has no knowledge about pass
phrases that might be set in other LUKS slots that are available to the
user.
The attached patch modifies the behaviour to include cryptsetup in the
initrd.img and modify the warning to the user.
cryptsetup: WARNING: target LUKS_OS uses a key file, but no keyscript is
set. Please ensure there is also a typed pass-phrase set.
** Affects: cryptsetup (Ubuntu)
Importance: Undecided
Assignee: TJ (tj)
Status: In Progress
** Patch added: "Proposed fix"
https://bugs.launchpad.net/bugs/1494851/+attachment/4461428/+files/cryptroot-no-keyscript.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1494851
Title:
initramfs cryptroot hook script doesn't install cryptsetup if keyfile
but no keyscript
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1494851/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
