Bug #15733

Unlocking TCRYPT volume sometimes shows a confusing error message

Added by segfault 2018-07-16 11:44:06 . Updated 2018-11-06 14:45:38 .

Status:
Resolved
Priority:
Elevated
Assignee:
Category:
Target version:
Start date:
2018-07-16
Due date:
% Done:

100%

Feature Branch:
feature/14481-TCRYPT-support-beta
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Deliverable for:
299

Description

When unlocking a volume via udisks, there is a 10 second timeout for determining the resulting cleartext object (see udisks/src/udiskslinuxencrypted.c:536). This timeout is good enough for LUKS volumes, but unlocking TCRYPT can take a lot longer, so we should increase this timeout for TCRYPT volumes.

Also, I doubt that an error message dialog shown to the user even 10 seconds after the user interaction is useful for them. The volume is still being unlocked, but the “unlocked-crypto-dev” file is not updated and the D-Bus call does not return the cleartext object. As a result, udisks doesn’t store which user unlocked the device and is therefore allowed to mount the volume, which causes Bug #15757.

This affects upstream as well as Tails, so we should upstream the fix.

Merge request: https://github.com/storaged-project/udisks/pull/558


Subtasks


Related issues

Related to Tails - Bug #15757: Some VeraCrypt volumes require admin password to unlock Resolved 2018-07-31
Related to Tails - Bug #15967: udisks doesn't recognize volumes with multiple encryption as unlocked Resolved 2018-09-20

History

#1 Updated by segfault 2018-07-16 16:00:30

#2 Updated by segfault 2018-08-05 19:11:14

  • Description updated

I created a merge request to increase the timeout in udisks.

#3 Updated by segfault 2018-08-07 20:25:58

https://github.com/storaged-project/udisks/pull/558 was merged.

I should still create a new udisks package for Tails, so we can have this in Tails 3.9.

#4 Updated by segfault 2018-08-25 11:31:41

segfault wrote:
> https://github.com/storaged-project/udisks/pull/558 was merged.
>
> I should still create a new udisks package for Tails, so we can have this in Tails 3.9.

Crap, I forgot to do this in the context of Feature #15521, so this bug is not fixed in the RC and we are getting new bug reports about this :(

https://mailman.boum.org/pipermail/tails-testers/2018-August/001109.html

I’m currently creating a new udisks package which fixes this.

#5 Updated by segfault 2018-08-25 15:00:52

  • Assignee changed from segfault to intrigeri
  • Priority changed from Normal to Elevated
  • QA Check set to Ready for QA

segfault wrote:
> I’m currently creating a new udisks package which fixes this.

I pushed udisks2 2.1.8-1.0tails3

#6 Updated by intrigeri 2018-09-01 10:21:40

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 50
  • Deliverable for set to 299

(Now that we have a fix, we can as well report about it.)

#7 Updated by intrigeri 2018-09-04 06:20:07

  • Feature Branch set to feature/14481-TCRYPT-support-beta

#8 Updated by intrigeri 2018-09-04 06:32:05

  • % Done changed from 50 to 100
  • QA Check changed from Ready for QA to Pass

Built & uploaded, will merge once I’m done with Feature #15849.

#9 Updated by intrigeri 2018-09-04 08:06:19

  • Status changed from In Progress to Fix committed
  • Assignee deleted (intrigeri)

#10 Updated by intrigeri 2018-09-05 16:14:39

  • Status changed from Fix committed to Resolved

#11 Updated by segfault 2018-09-20 21:57:44

  • Status changed from Resolved to Confirmed
  • Target version changed from Tails_3.9 to Tails_3.10.1
  • % Done changed from 100 to 0
  • QA Check deleted (Pass)

We got at least two bug reports for 3.9 which show that the timeout was still exceeded. Note that these could also have been caused by Bug #15967, which will always cause a timeout, because the cleartext device can’t be found.

#12 Updated by segfault 2018-10-03 17:16:05

  • Assignee set to segfault

#13 Updated by segfault 2018-10-23 22:34:58

  • Target version changed from Tails_3.10.1 to Tails_3.11

#14 Updated by intrigeri 2018-10-31 15:42:30

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 50

segfault wrote:
> We got at least two bug reports for 3.9 which show that the timeout was still exceeded. Note that these could also have been caused by Bug #15967, which will always cause a timeout, because the cleartext device can’t be found.

Any new bug report since Bug #15967 got fixed in 3.10.1? If not, let’s call this done.

#15 Updated by segfault 2018-11-06 12:18:13

  • Status changed from In Progress to Resolved
  • Assignee deleted (segfault)
  • Target version deleted (Tails_3.11)

No new bugs since 3.10.1.

#16 Updated by segfault 2018-11-06 12:18:22

  • % Done changed from 50 to 100

#17 Updated by segfault 2018-11-06 14:45:39

  • Description updated

#18 Updated by segfault 2018-11-06 14:45:49

  • related to Bug #15757: Some VeraCrypt volumes require admin password to unlock added

#19 Updated by segfault 2018-11-06 14:47:45

  • related to Bug #15967: udisks doesn't recognize volumes with multiple encryption as unlocked added