-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
rhel-8.2.0
-
None
-
Moderate
-
rhel-sst-cs-plumbers
-
ssg_core_services
-
5
-
False
-
-
None
-
None
-
None
-
None
-
If docs needed, set a value
-
-
All
-
None
Description of problem:
When a luks device is brought up and the key is not available to open the device, systemd-cryptsetup requests a passphrase anyway, even if this makes no sense.
Fixing this requires to know how the luks device can be opened (through passphrase, key, clevis, etc.), the information may not be available with current cryptsetup API, so maybe an additional RFE may be necessary.
Version-Release number of selected component (if applicable):
systemd-239-31.el8_2.2.x86_64
How reproducible:
Always
Steps to Reproduce:
1. Set up a luks device that opens through a key
- truncate -s 1G /root/encrypted_fs
- echo "encrypted_fs_key" > /root/encrypted_fs.key
- cryptsetup luksFormat /root/encrypted_fs --key-file /root/encrypted_fs.key
2. Edit /etc/crypttab to add the device but with non existing key (so that it fails)
- echo "encrypted /root/encrypted_fs /root/no_such_key" >> /etc/crypttab
- systemctl daemon-reload
3. Try opening the device
- systemctl start systemd-cryptsetup@encrypted.service
Actual results:
Please enter passphrase for disk encrypted!
Expected results:
"Failure + key not found message" or "Failure + check the journal for error"
