Bug#1125278: partman-auto-crypto may improperly use random encryption key
Package: partman-auto-crypto
Version: 39
Dear maintainer,
I triggered this bug while playing with manual partitioning then using
guided partitioning with encrypted LVM. It appears that
partman-auto-crypto gets some encryption settings from debconf. I guess
this is so that encryption settings can be preseeded, but they may also
have been set by prior user input before selecting guided partitioning.
For example if the user previously set up any partition for encryption
with random key, then guided partitioning will use this setting and
create a plain dm-crypt device with volatile random key instead of a
LUKS device with persistent passphrase, and the resulting installation
will not survive after reboot.
Steps to reproduce:
- Select manual partitioning
- Set up any partition for encryption with random key
- Select guided partitioning
- Select use entire disk and set up encrypted LVM
- Follow the next steps to finish partitioning.
Note that partman does not prompt to enter a passphrase. After the
partitioning is done, you can see that /target/etc/crypttab is set up
for dm-crypt with random key instead of LUKS, and blkid or cryptsetup
does not report a LUKS header in the encrypted partition. If you
complete the installation and reboot the new system, the initramfs will
not prompt for a passphrase either and will fail to find the expected
root and swap LVM volumes.
It may be unlikely that normal users trigger this bug (except maybe when
trying to set up manual partitioning with encryption then giving up and
eventually reverting to using guided partitioning) but IMO this bug
should be fixed anyway. Maybe by checking that specific debconf
encryption settings are suitable for guided partitioning and using safe
defaults otherwise ?
Reply to: