[pkg-cryptsetup-devel] Bug#657059: cryptsetup: Post install of console-setup can interfere with decryption on boot due to keymap change
Holger Schauer
Holger.Schauer at gmx.de
Mon Jan 23 20:08:36 UTC 2012
Package: cryptsetup
Version: 2:1.1.3-4squeeze2
Severity: normal
Tags: l10n
There is a nasty interaction between cryptsetup, console-setup and update-
initramfs.
If you're installing console-setup much later than the initial setup of an
entire disc
encryption, the next call to update-initramfs will result in an early load of a
keymap,
which can interfere with your passphrase for decrypting one's disc.
I initially installed my system without console-setup but went for an
encryption of
my entire disc. The passphrase I used contained german special characters. What
I didn't knew at the time was that actually the keyboard layout during
passphrase
input was american (C) where I thought it would be german (de_DE). Some weeks
ago I installed console-setup to fix the mismatch between my X11 key
configuration
and the console keyboard. On the next reboot, cryptsetup wouldn't take my
passphrase
anymore.
After booting with an older kernel, whose initramfs still had the old contents
(i.e. no
keymap), I could verify that the initramfs now contains a keymap (for layout
de_DE).
The problem turned up, because installing console-setup resulted in the
generation
of /etc/console-setup/cached.kmap.gz, which hadn't been there previously.
Setting the option 'KEYMAP=n' in /etc/initramfs-tools/initramfs.conf DID not
help.
The script in /usr/share/initramfs-tools/conf-hook.d/cryptsetup seems to take
preference, overriding the user option. In my opinion, this overriding
behaviour
isn't correct: on installation, cryptsetup should check for keymaps and issue a
warning, but otherwise leave the user set option alone.
-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-2.6.32-5-amd64 root=/dev/mapper/sugarcube-root ro quiet
-- /etc/crypttab
# sda2_crypt /dev/sda2 none luks
sda2_crypt UUID=bb3f0227-2b26-4a84-bf15-242bdc9e4e58 none luks
-- /etc/fstab
# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
/dev/mapper/sugarcube-root / ext3 errors=remount-ro 0 1
# /dev/sda1 /boot ext3 defaults 0 2
UUID=c66f06a7-3af9-4603-8865-691449866fa8 /boot ext3 defaults 0 2
/dev/mapper/sugarcube-home /home ext3 defaults 0 2
/dev/mapper/sugarcube-opt /opt ext3 defaults 0 2
/dev/mapper/sugarcube-tmp /tmp ext3 defaults 0 2
/dev/mapper/sugarcube-usr /usr ext3 defaults 0 2
/dev/mapper/sugarcube-local /usr/local ext3 defaults 0 2
/dev/mapper/sugarcube-var none swap sw 0 0
/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto 0 0
-- lsmod
Module Size Used by
ip6table_filter 2384 0
ip6_tables 15107 1 ip6table_filter
ebtable_nat 1588 0
ebtables 13933 1 ebtable_nat
ipt_MASQUERADE 1554 0
iptable_nat 4299 0
nf_nat 13388 2 ipt_MASQUERADE,iptable_nat
nf_conntrack_ipv4 9833 3 iptable_nat,nf_nat
nf_defrag_ipv4 1139 1 nf_conntrack_ipv4
xt_state 1303 0
nf_conntrack 46535 5 ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4,xt_state
ipt_REJECT 1953 0
xt_tcpudp 2319 0
iptable_filter 2258 0
ip_tables 13915 2 iptable_nat,iptable_filter
x_tables 12845 8 ip6_tables,ebtables,ipt_MASQUERADE,iptable_nat,xt_state,ipt_REJECT,xt_tcpudp,ip_tables
parport_pc 18855 0
ppdev 5030 0
lp 7462 0
parport 27954 3 parport_pc,ppdev,lp
sco 7225 2
bridge 39646 0
stp 1440 1 bridge
bnep 9427 2
rfcomm 29629 0
l2cap 24752 6 bnep,rfcomm
crc16 1319 1 l2cap
bluetooth 41827 6 sco,bnep,rfcomm,l2cap
rfkill 13044 2 bluetooth
vboxnetadp 4193 0
vboxnetflt 12525 0
vboxdrv 1723671 2 vboxnetadp,vboxnetflt
kvm_intel 38162 0
binfmt_misc 6431 1
kvm 214280 1 kvm_intel
fuse 50924 5
loop 11799 0
usbhid 33292 0
hid 63257 1 usbhid
snd_hda_codec_realtek 235698 1
snd_hda_intel 20035 12
snd_hda_codec 54244 2 snd_hda_codec_realtek,snd_hda_intel
snd_hwdep 5380 1 snd_hda_codec
snd_pcm_oss 32607 0
snd_mixer_oss 12606 1 snd_pcm_oss
snd_pcm 60487 7 snd_hda_intel,snd_hda_codec,snd_pcm_oss
snd_seq_midi 4400 0
snd_rawmidi 15515 1 snd_seq_midi
snd_seq_midi_event 4628 1 snd_seq_midi
i915 256094 2
snd_seq 42881 2 snd_seq_midi,snd_seq_midi_event
snd_timer 15598 6 snd_pcm,snd_seq
drm_kms_helper 20369 1 i915
snd_seq_device 4493 3 snd_seq_midi,snd_rawmidi,snd_seq
drm 142279 3 i915,drm_kms_helper
snd 46526 27 snd_hda_codec_realtek,snd_hda_intel,snd_hda_codec,snd_hwdep,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_rawmidi,snd_seq,snd_timer,snd_seq_device
r8169 36840 0
i2c_i801 7830 0
i2c_algo_bit 4209 1 i915
soundcore 4598 1 snd
video 17445 1 i915
uhci_hcd 18521 0
ehci_hcd 32097 0
usbcore 123122 4 usbhid,uhci_hcd,ehci_hcd
output 1692 1 video
i2c_core 15819 5 i915,drm_kms_helper,drm,i2c_i801,i2c_algo_bit
snd_page_alloc 6249 2 snd_hda_intel,snd_pcm
mii 3210 1 r8169
pata_marvell 2629 0
nls_base 6377 1 usbcore
sg 24069 0
sr_mod 12602 0
asus_atk0110 7686 0
evdev 7352 11
pcspkr 1699 0
button 4650 1 i915
cdrom 29415 1 sr_mod
processor 29935 0
ext3 106710 7
jbd 37317 1 ext3
mbcache 5050 1 ext3
sha256_generic 8692 2
aes_x86_64 7340 2
aes_generic 25714 1 aes_x86_64
cbc 2539 1
dm_crypt 10664 1
dm_mod 53946 24 dm_crypt
sd_mod 29937 3
crc_t10dif 1276 1 sd_mod
ata_generic 3239 0
ata_piix 21124 2
libata 133776 3 pata_marvell,ata_generic,ata_piix
scsi_mod 126725 4 sg,sr_mod,sd_mod,libata
thermal 11674 0
thermal_sys 11942 3 video,processor,thermal
-- System Information:
Debian Release: 6.0.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages cryptsetup depends on:
ii dmsetup 2:1.02.48-5 The Linux Kernel Device Mapper use
ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib
ii libdevmapper1.02.1 2:1.02.48-5 The Linux Kernel Device Mapper use
ii libpopt0 1.16-1 lib for parsing cmdline parameters
ii libuuid1 2.17.2-9 Universally Unique ID library
cryptsetup recommends no packages.
Versions of packages cryptsetup suggests:
ii busybox 1:1.17.1-8 Tiny utilities for small and embed
ii dosfstools 3.0.9-1 utilities for making and checking
ii initramfs-tools [linux-initra 0.98.8 tools for generating an initramfs
ii udev 164-3 /dev/ and hotplug management daemo
-- no debconf information
More information about the pkg-cryptsetup-devel
mailing list