Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-5866

systemd-cryptsetup asks for a passphrase even when the luks device can only be opened using a key file

XMLWordPrintable

    • Normal
    • sst_cs_plumbers
    • ssg_core_services
    • False
    • Hide

      None

      Show
      None
    • If docs needed, set a value

      Description of problem:

      When a luks device is brought up and the key is not available to open the device, systemd-cryptsetup requests a passphrase anyway, even if this makes no sense.
      Fixing this requires to know how the luks device can be opened (through passphrase, key, clevis, etc.), the information may not be available with current cryptsetup API, so maybe an additional RFE may be necessary.

      Version-Release number of selected component (if applicable):

      systemd-239-31.el8_2.2.x86_64

      How reproducible:

      Always

      Steps to Reproduce:
      1. Set up a luks device that opens through a key

      1. truncate -s 1G /root/encrypted_fs
      2. echo "encrypted_fs_key" > /root/encrypted_fs.key
      3. cryptsetup luksFormat /root/encrypted_fs --key-file /root/encrypted_fs.key

      2. Edit /etc/crypttab to add the device but with non existing key (so that it fails)

      1. echo "encrypted /root/encrypted_fs /root/no_such_key" >> /etc/crypttab
      2. systemctl daemon-reload

      3. Try opening the device

      1. systemctl start systemd-cryptsetup@encrypted.service

      Actual results:

      Please enter passphrase for disk encrypted!

      Expected results:

      "Failure + key not found message" or "Failure + check the journal for error"

            msekleta@redhat.com Michal Sekletar
            rhn-support-rmetrich Renaud Metrich
            Michal Sekletar Michal Sekletar
            Frantisek Sumsal Frantisek Sumsal
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated: