search

agherzan / yubikey-full-disk-encryption

Use YubiKey to unlock a LUKS partition
Apache License 2.0
808 stars 50 forks source link

[Issue] Suspend-module stuck on Decrypting. #21

Closed VGrol closed 6 years ago

VGrol commented 6 years ago

Revision: I had initially figured that the problem was related to the trail counters, After testing a little bit more and reading over some of the code it appears that after suspending the system, with the suspend-module active, it can get stuck on 'Decrypting.
It seems that the suspend-resume variant does not include trails, but more importantly, does not allow for a manual passphrase or retry, which means that it gets stuck after the Initial attempt, retry and last try fail.

After which is props up Decrypting {cryptsetup luksResume}... At which it will sit until a power cycle.

Vincent43 commented 6 years ago

Yes, I had some issues with full boot hook implementation and decided to cut it to have minimal working solution. I may look at it and try to improve. Is it working ok if you provide ykfde password?

VGrol commented 6 years ago

If I initialize the Yubikey, all works well. I do have an issue where occasionally the Yubikey prompt will trigger before I try to resume suspend and thus I am locked out, requiring a reboot.

Other than that, it works, it just has a few ways where it can loop/break the system, requiring a power-cycle.

Vincent43 commented 6 years ago

I prepared some changes and will publish them for testing after your PR is merged.

Vincent43 commented 6 years ago

@VGrol can you test suspendv2 branch. I made changes that should make suspend module on a par with boot one.

VGrol commented 6 years ago

When I have some time tonight I'll test the new changes. I just finished some more testing, it appears the main issue the old version had was that it depended on the Yubikey.

As in, decryption would be successful if the Yubikey was present at sleep-initiate and sleep-wake. If at any point it was removed between the two stages, it would instantly prompt attempt 1, 2, 3 and then get stuck on 'decrypting'. You could only remove the Yubikey after sleep was succesful as long as it was inserted again before waking up.

Vincent43 commented 6 years ago

Ok, I hope new version has it fixed.

VGrol commented 6 years ago

Suspendv2 successfully fixes every iteration of the problems described above. Outstanding job.

Thanks for being so engaged.