Screen locking issue (with /etc/crypttab keyscript)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnome-screensaver (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
What steps will reproduce the problem?
1. Setup keyscript with anything that echos keypresses (like keyscript below)
2. Point to keyscript in /etc/crypttab (SEE /ETC/CRYPTTAB BELOW)
3. Update-initramfs -u and restart (/boot partition mounted from a USB drive)
What is the expected output? What do you see instead?
The first script execution may work smoothly with slight keyboard response hickups. However, on subsequent executions from a soft reboot or cold restart (e.g. if you restart via CTRL+ALT+DEL during the script), keyboard response is no longer granted. The keyscript provided is only to test keyboard response reliability here for ease. My actual keyscript is different. Off course, I would like a solid keyboard response.
What version of the product are you using? On what operating system?
OS - UBUNTU 12.04
{ Description: Ubuntu 12.04.2 LTS
Release: 12.04 }
CRYPTSETUP - 1.4.1
Please provide any additional information below.
Purpose: keyboard response is needed to input passphrase which unlocks a luks encrypted volume on a USB keydrive (removable in order to prevent "maid attack" to prevent someone from simply substituting a toyed boot partition to capture passphrase on next reentry)). Unlocking the luks encrypted volume then allows pass of a keyfile to HDD luks volume holding OS in a lvm logical volume (would like both passphrase and physically removable keyfile with boot partition required to unlock system encryption). I have gotten everything to work so far except for the reliability in the keyboard response. Your help, advice, or any toeing would be greatly appreciated as I have been struggling with the reliability resolution for about a week.
CONFIGURATIONS:
Computer:
Toshiba Satellite Laptop L775-S7248
`uname -a`:
Linux ZaFu 3.5.0-23-generic #35~precise1-Ubuntu SMP Fri Jan 25 17:15:33 UTC 2013 i686 i686 i386 GNU/Linux
/etc/initramfs-
aes-i586
dm-crypt
dm-mod
sha256
sd_mod
scsi_mod
usb-storage
ehci_pci
usb_core
usb_common
xhci_hcd
uhci_hcd
ehci_hcd
ohci_hcd
usbhid
hid_generic
/etc/crypttab:
pvcrypt /dev/sda2 key.iso luks,keyscript=
KEYSCRIPT:
#!/bin/sh
# sleep used to give time to shift to "console" (?) screen to view stderr
#+ since keyboard will be taken over by script
sleep 5
password=
echo "TYPE:" >&2
while true; do
stty -icanon -echo
char=`dd bs=1 count=1 2>/dev/null`
stty icanon echo
case $char in
'') break ;;
*)echo -n '*' >&2 ;;
esac
done
echo $password
***I've contacted cryptsetup already and they said any issue here is not on their side***
"""
Handling od /etc/crypttab is not part of upstream cryptsetup (it is processed either by initcripts or systemd generator helper - depends on distro).
(And this init sequence should ensure that keyborard is ready before reading input. If you see it here I think the same problem must be in base distro scripts.)
So please report this to distro bugzilla (launchpad for Ubuntu), I cannot do anything here - the code running keyscript is not part of upstream codebase.
"""
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: gnome-screensaver 3.4.1-0ubuntu1
ProcVersionSign
Uname: Linux 3.5.0-23-generic i686
ApportVersion: 2.0.1-0ubuntu17.1
Architecture: i386
Date: Wed Mar 20 21:14:01 2013
GnomeSessionIdl
GnomeSessionInh
GsettingsGnomeS
org.gnome.
org.gnome.
InstallationMedia: Ubuntu 12.04.2 LTS "Precise Pangolin" - Release i386 (20130213)
MarkForUpload: True
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gnome-screensaver
Symptom: security
Title: Screen locking issue
UpgradeStatus: No upgrade log present (probably fresh install)
WindowManager: No value set for `/desktop/