Bug #15733: Unlocking TCRYPT volume sometimes shows a confusing error message

Bug #15733

Unlocking TCRYPT volume sometimes shows a confusing error message

Added by segfault 2018-07-16 11:44:06 . Updated 2018-11-06 14:45:38 .

Status:

Resolved

Priority:

Elevated

Assignee:

Category:

Target version:

Start date:

2018-07-16

Due date:

% Done:

100%

Feature Branch:

feature/14481-TCRYPT-support-beta

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

299

Description

When unlocking a volume via udisks, there is a 10 second timeout for determining the resulting cleartext object (see udisks/src/udiskslinuxencrypted.c:536). This timeout is good enough for LUKS volumes, but unlocking TCRYPT can take a lot longer, so we should increase this timeout for TCRYPT volumes.

Also, I doubt that an error message dialog shown to the user even 10 seconds after the user interaction is useful for them. The volume is still being unlocked, but the “unlocked-crypto-dev” file is not updated and the D-Bus call does not return the cleartext object. As a result, udisks doesn’t store which user unlocked the device and is therefore allowed to mount the volume, which causes ~~Bug #15757~~.

This affects upstream as well as Tails, so we should upstream the fix.

Merge request: https://github.com/storaged-project/udisks/pull/558

Subtasks

Related issues

Related to Tails - ~~Bug #15757~~: Some VeraCrypt volumes require admin password to unlock	Resolved	2018-07-31
Related to Tails - ~~Bug #15967~~: udisks doesn't recognize volumes with multiple encryption as unlocked	Resolved	2018-09-20

History

#1 Updated by segfault 2018-07-16 16:00:30

Parent task set to ~~Feature #14480~~

#2 Updated by segfault 2018-08-05 19:11:14

Description updated

I created a merge request to increase the timeout in udisks.

#3 Updated by segfault 2018-08-07 20:25:58

https://github.com/storaged-project/udisks/pull/558 was merged.

I should still create a new udisks package for Tails, so we can have this in Tails 3.9.

#4 Updated by segfault 2018-08-25 11:31:41

segfault wrote:
> https://github.com/storaged-project/udisks/pull/558 was merged.
>
> I should still create a new udisks package for Tails, so we can have this in Tails 3.9.

Crap, I forgot to do this in the context of ~~Feature #15521~~, so this bug is not fixed in the RC and we are getting new bug reports about this :(

https://mailman.boum.org/pipermail/tails-testers/2018-August/001109.html

I’m currently creating a new udisks package which fixes this.

#5 Updated by segfault 2018-08-25 15:00:52

Assignee changed from segfault to intrigeri
Priority changed from Normal to Elevated
QA Check set to Ready for QA

segfault wrote:
> I’m currently creating a new udisks package which fixes this.

I pushed udisks2 2.1.8-1.0tails3

#6 Updated by intrigeri 2018-09-01 10:21:40

Status changed from Confirmed to In Progress
% Done changed from 0 to 50
Deliverable for set to 299

(Now that we have a fix, we can as well report about it.)

#7 Updated by intrigeri 2018-09-04 06:20:07

Feature Branch set to feature/14481-TCRYPT-support-beta

#8 Updated by intrigeri 2018-09-04 06:32:05

% Done changed from 50 to 100
QA Check changed from Ready for QA to Pass

Built & uploaded, will merge once I’m done with ~~Feature #15849~~.

#9 Updated by intrigeri 2018-09-04 08:06:19

Status changed from In Progress to Fix committed
Assignee deleted (~~intrigeri~~)

#10 Updated by intrigeri 2018-09-05 16:14:39

Status changed from Fix committed to Resolved

#11 Updated by segfault 2018-09-20 21:57:44

Status changed from Resolved to Confirmed
Target version changed from Tails_3.9 to Tails_3.10.1
% Done changed from 100 to 0
QA Check deleted (~~Pass~~)

We got at least two bug reports for 3.9 which show that the timeout was still exceeded. Note that these could also have been caused by ~~Bug #15967~~, which will always cause a timeout, because the cleartext device can’t be found.

#12 Updated by segfault 2018-10-03 17:16:05

Assignee set to segfault

#13 Updated by segfault 2018-10-23 22:34:58

Target version changed from Tails_3.10.1 to Tails_3.11

#14 Updated by intrigeri 2018-10-31 15:42:30

Status changed from Confirmed to In Progress
% Done changed from 0 to 50

segfault wrote:
> We got at least two bug reports for 3.9 which show that the timeout was still exceeded. Note that these could also have been caused by ~~Bug #15967~~, which will always cause a timeout, because the cleartext device can’t be found.

Any new bug report since ~~Bug #15967~~ got fixed in 3.10.1? If not, let’s call this done.

#15 Updated by segfault 2018-11-06 12:18:13

Status changed from In Progress to Resolved
Assignee deleted (~~segfault~~)
Target version deleted (~~Tails_3.11~~)

No new bugs since 3.10.1.

#16 Updated by segfault 2018-11-06 12:18:22

% Done changed from 50 to 100

#17 Updated by segfault 2018-11-06 14:45:39

Description updated

#18 Updated by segfault 2018-11-06 14:45:49

related to ~~Bug #15757~~: Some VeraCrypt volumes require admin password to unlock added

#19 Updated by segfault 2018-11-06 14:47:45

related to ~~Bug #15967~~: udisks doesn't recognize volumes with multiple encryption as unlocked added