Closed VGrol closed 6 years ago
Yes, I had some issues with full boot hook implementation and decided to cut it to have minimal working solution. I may look at it and try to improve. Is it working ok if you provide ykfde password?
If I initialize the Yubikey, all works well. I do have an issue where occasionally the Yubikey prompt will trigger before I try to resume suspend and thus I am locked out, requiring a reboot.
Other than that, it works, it just has a few ways where it can loop/break the system, requiring a power-cycle.
I prepared some changes and will publish them for testing after your PR is merged.
@VGrol can you test suspendv2 branch. I made changes that should make suspend module on a par with boot one.
When I have some time tonight I'll test the new changes. I just finished some more testing, it appears the main issue the old version had was that it depended on the Yubikey.
As in, decryption would be successful if the Yubikey was present at sleep-initiate and sleep-wake. If at any point it was removed between the two stages, it would instantly prompt attempt 1, 2, 3 and then get stuck on 'decrypting'. You could only remove the Yubikey after sleep was succesful as long as it was inserted again before waking up.
Ok, I hope new version has it fixed.
Suspendv2 successfully fixes every iteration of the problems described above. Outstanding job.
Thanks for being so engaged.
Revision: I had initially figured that the problem was related to the trail counters, After testing a little bit more and reading over some of the code it appears that after suspending the system, with the suspend-module active, it can get stuck on 'Decrypting.
It seems that the suspend-resume variant does not include trails, but more importantly, does not allow for a manual passphrase or retry, which means that it gets stuck after the Initial attempt, retry and last try fail.
After which is props up
Decrypting {cryptsetup luksResume}...
At which it will sit until a power cycle.