[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1108201: fwupdmgr security reports unencrypted swap with plain dm-crypt'ed swap

Package: fwupd
Version: 2.0.12-1
Severity: minor
Tags: none
X-Debbugs-Cc: hueychen27@outlook.com, Debian Security Team <team@security.debian.org>

Dear Maintainer,

I have a swap partition that uses plain dm-crypt encryption with a random password as cannot be supported.
`/etc/crypttab`:
```
# <name>      <device>             <password>    <options>
cryptswap     PARTLABEL=cryptswap  /dev/urandom  swap,plain,cipher=aes-xts-plain64,size=512,sector-size=4096
```
However, running `fwupdmgr security` shows `✘ Linux swap:                    Unencrypted` even though it is encrypted, though it is not encrypted with LUKS2.
That should report that swap is encrypted when it is encrypted with plain dm-crypt.

Sincerely,
Huey Chen

-- System Information:
Debian Release: 13.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.15-rt-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages fwupd depends on:
ii  libarchive13t64             3.7.4-3
ii  libblkid1                   2.41-5
ii  libc6                       2.41-9
ii  libcbor0.10                 0.10.2-2
ii  libcurl3t64-gnutls          8.15.0~rc1-1exp1
ii  libdrm-amdgpu1              2.4.124-2
ii  libdrm2                     2.4.124-2
ii  libflashrom1                1.4.0-3
ii  libfwupd3                   2.0.12-1
ii  libglib2.0-0t64             2.84.3-1
ii  libgnutls30t64              3.8.9-2
ii  libjcat1                    0.2.3-1
ii  libjson-glib-1.0-0          1.10.6+ds-2
ii  liblzma5                    5.8.1-1
ii  libmbim-glib4               1.33.1-1
ii  libmbim-proxy               1.33.1-1
ii  libmm-glib0                 1.25.1-1
ii  libpolkit-gobject-1-0       126-2
ii  libprotobuf-c1              1.5.1-1
ii  libqmi-glib5                1.37.1-1
ii  libqmi-proxy                1.37.1-1
ii  libsqlite3-0                3.46.1-6
ii  libsystemd0                 257.6-1
ii  libtss2-esys-3.0.2-0t64     4.1.3-1.2
ii  libusb-1.0-0                2:1.0.29-1
ii  libxmlb2                    0.3.22-1
ii  shared-mime-info            2.4-5+b2
ii  systemd [systemd-sysusers]  257.6-1
ii  zlib1g                      1:1.3.dfsg+really1.3.1-1+b1

Versions of packages fwupd recommends:
ii  bolt                               0.9.8-1
ii  dbus [default-dbus-system-bus]     1.16.2-2
ii  dbus-broker [dbus-system-bus]      37-1
ii  fwupd-amd64-signed [fwupd-signed]  1:1.7+1
ii  jq                                 1.8.0-1
ii  python3                            3.13.4-1
ii  udisks2                            2.10.90-1

Versions of packages fwupd suggests:
pn  gir1.2-fwupd-2.0  <none>

-- Configuration Files:
/etc/fwupd/fwupd.conf
[fwupd]
# use `man 5 fwupd.conf` for documentation

/etc/fwupd/remotes.d/lvfs-testing.conf changed:
[fwupd Remote]
Enabled=true
Title=Linux Vendor Firmware Service (testing)
MetadataURI=https://cdn.fwupd.org/downloads/firmware-testing.xml.zst
PrivacyURI=https://lvfs.readthedocs.io/en/latest/privacy.html
ReportURI=
FirmwareBaseURI=https://fwupd.org/downloads
OrderBefore=lvfs
AutomaticReports=false
ApprovalRequired=false

/etc/fwupd/remotes.d/lvfs.conf changed:
[fwupd Remote]
Enabled=false
Title=Linux Vendor Firmware Service
MetadataURI=https://cdn.fwupd.org/downloads/firmware.xml.zst
ReportURI=
PrivacyURI=https://lvfs.readthedocs.io/en/latest/privacy.html
FirmwareBaseURI=https://fwupd.org/downloads
AutomaticReports=false
AutomaticSecurityReports=false
ApprovalRequired=false


-- no debconf information
Reply to: