Closed craftyguy closed 2 years ago
hey @craftyguy !
First of all, thanks for testing!
Weird, I made sure these would be hidden and I can't reproduce on the laptop I have with me (with several encrypted devices)...
Can you run these from the terminal?
udisksctl dump
and find your encrypted device(s), e.g. search for a /org/freedesktop/UDisks2/block_devices/<name>
which has a org.freedesktop.UDisks2.Encrypted
interface.CleartextDevice
property, e.g. it could point to something like /org/freedesktop/UDisks2/block_devices/<another_name>
or simply /
or maybe some other value (?)./org/freedesktop/UDisks2/block_devices/<name(s)>
here and their CleartextDevice
values?Also, pretty please, run from latest master :pray:
retested with 785a89e7e42ea5ac7d9c35994a5ecb3909e806eb (I filed this issue while running 9842728) :
/org/freedesktop/UDisks2/block_devices/mmcblk0p2:
org.freedesktop.UDisks2.Block:
Configuration: []
CryptoBackingDevice: '/'
Device: /dev/mmcblk0p2
DeviceNumber: 45826
Drive: '/org/freedesktop/UDisks2/drives/032G32_0xeeeeeeee'
HintAuto: false
HintIconName:
HintIgnore: false
HintName:
HintPartitionable: true
HintSymbolicIconName:
HintSystem: true
Id: by-id-mmc-032G32_0xeeeeeeee-part2
IdLabel:
IdType: crypto_LUKS
IdUUID:
IdUsage: crypto
IdVersion: 2
MDRaid: '/'
MDRaidMember: '/'
PreferredDevice: /dev/mmcblk0p2
ReadOnly: false
Size: 31068258304
Symlinks: /dev/disk/by-id/mmc-032G32_0xeeeeeeee-part2
/dev/disk/by-partuuid/111111111-02
/dev/disk/by-path/platform-30b40000.mmc-part2
/dev/disk/by-uuid/<uuid>
UserspaceMountOptions:
org.freedesktop.UDisks2.Encrypted:
ChildConfiguration: []
CleartextDevice: '/'
HintEncryptionType:
MetadataSize: 16777216
org.freedesktop.UDisks2.Partition:
Flags: 0
IsContained: false
IsContainer: false
Name:
Number: 2
Offset: 200278016
Size: 31068258304
Table: '/org/freedesktop/UDisks2/block_devices/mmcblk0'
Type: 0x83
UUID: 111111111-11
I find it strange that CleartextDevice
is set to /
, my understanding is that, if it's really unlocked it should specify the actual object path for the device, e.g. /org/freedesktop/UDisks2/block_devices/dm_2d0
.
Let's try two more things:
/org/freedesktop/UDisks2/block_devices/*
device with the org.freedesktop.UDisks2.Encrypted
interface?/org/freedesktop/UDisks2/block_devices/*
device with the org.freedesktop.UDisks2.Block
interface, that has a CryptoBackingDevice
property set to something different than /
?do you see any other /org/freedesktop/UDisks2/block_devices/* device with the org.freedesktop.UDisks2.Encrypted interface?
hmm, no, only that one I pasted earlier
do you see any /org/freedesktop/UDisks2/block_devices/* device with the org.freedesktop.UDisks2.Block interface, that has a CryptoBackingDevice property set to something different than / ?
yeah, actually, it seems like a lot of things (zram, some loop devices) are showing up with CryptoBackingDevice: '/'
, for example:
/org/freedesktop/UDisks2/block_devices/loop0:
org.freedesktop.UDisks2.Block:
Configuration: []
CryptoBackingDevice: '/'
Device: /dev/loop0
DeviceNumber: 1792
Drive: '/'
HintAuto: false
HintIconName:
HintIgnore: false
HintName:
HintPartitionable: true
HintSymbolicIconName:
HintSystem: true
Id:
IdLabel:
IdType:
IdUUID:
IdUsage:
IdVersion:
MDRaid: '/'
MDRaidMember: '/'
PreferredDevice: /dev/loop0
ReadOnly: false
Size: 0
Symlinks:
UserspaceMountOptions:
org.freedesktop.UDisks2.Loop:
Autoclear: false
BackingFile:
SetupByUID: 0
...
/org/freedesktop/UDisks2/block_devices/sda:
org.freedesktop.UDisks2.Block:
Configuration: []
CryptoBackingDevice: '/'
Device: /dev/sda
DeviceNumber: 2048
Drive: '/org/freedesktop/UDisks2/drives/Generic_Ultra_HS_SD_2fMMC_000008264001'
HintAuto: true
HintIconName:
HintIgnore: false
HintName:
HintPartitionable: true
HintSymbolicIconName:
HintSystem: false
Id:
IdLabel:
IdType:
IdUUID:
IdUsage:
IdVersion:
MDRaid: '/'
MDRaidMember: '/'
PreferredDevice: /dev/sda
ReadOnly: false
Size: 0
Symlinks: /dev/disk/by-id/usb-Generic_Ultra_HS-SD_MMC_000008264001-0:0
/dev/disk/by-path/platform-xhci-hcd.4.auto-usb-0:1.1:1.0-scsi-0:0:0:0
UserspaceMountOptions:
/org/freedesktop/UDisks2/block_devices/zram0:
org.freedesktop.UDisks2.Block:
Configuration: []
CryptoBackingDevice: '/'
Device: /dev/zram0
DeviceNumber: 64768
Drive: '/'
HintAuto: false
HintIconName:
HintIgnore: false
HintName:
HintPartitionable: true
HintSymbolicIconName:
HintSystem: true
Id:
IdLabel:
IdType:
IdUUID:
IdUsage:
IdVersion:
MDRaid: '/'
MDRaidMember: '/'
PreferredDevice: /dev/zram0
ReadOnly: false
Size: 783286272
Symlinks:
UserspaceMountOptions:
org.freedesktop.UDisks2.Swapspace:
Active: true
I find it strange that CleartextDevice is set to /, my understanding is that, if it's really unlocked it should specify the actual object path for the device, e.g. /org/freedesktop/UDisks2/block_devices/dm_2d0.
Ahhh! I might have the makings of a theory here...
on postmarketOS, we unlock the rootfs luks volume in the initfs, but anything created in /dev/mapper is not carried forward when we call switch_root
.
librem5:~$ ls /dev/mapper/
control
librem5:~$ df /
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/root 29874052 22703688 5637852 80% /
I bet that is throwing off udisks2...
do you see any other /org/freedesktop/UDisks2/block_devices/* device with the org.freedesktop.UDisks2.Encrypted interface?
hmm, no, only that one I pasted earlier
Strange... I will try to reproduce this when I free from work.
do you see any /org/freedesktop/UDisks2/block_devices/* device with the org.freedesktop.UDisks2.Block interface, that has a CryptoBackingDevice property set to something different than / ?
yeah, actually, it seems like a lot of things (zram, some loop devices) are showing up with
CryptoBackingDevice: '/'
, for example:
Oh, wait, I am actually asking the opposite. Do you see a device where CryptoBackingDevice
is not /
?
Oh, wait, I am actually asking the opposite. Do you see a device where CryptoBackingDevice is not / ?
Ah sorry, I misread.
so I see two things that do not have CryptoBackingDevice=/
:
/org/freedesktop/UDisks2/drives/032G32_0xeeeeeeee:
org.freedesktop.UDisks2.Drive:
CanPowerOff: false
Configuration: {}
ConnectionBus: sdio
Ejectable: false
Id: 032G32-0xeeeeeeee
Media:
MediaAvailable: true
MediaChangeDetected: true
MediaCompatibility:
MediaRemovable: false
Model: 032G32
Optical: false
OpticalBlank: false
OpticalNumAudioTracks: 0
OpticalNumDataTracks: 0
OpticalNumSessions: 0
OpticalNumTracks: 0
Removable: false
Revision:
RotationRate: 0
Seat: seat0
Serial: 0xeeeeeeee
SiblingId:
Size: 31268536320
SortKey: 00coldplug/00fixed/mmcblk0
TimeDetected: 21127373
TimeMediaDetected: 21127373
Vendor:
WWN:
/org/freedesktop/UDisks2/drives/Generic_Ultra_HS_SD_2fMMC_000008264001:
org.freedesktop.UDisks2.Drive:
CanPowerOff: false
Configuration: {}
ConnectionBus: usb
Ejectable: true
Id: Generic-Ultra-HS-SD-MMC-000008264001
Media:
MediaAvailable: false
MediaChangeDetected: true
MediaCompatibility: flash_sd
MediaRemovable: true
Model: Ultra HS-SD/MMC
Optical: false
OpticalBlank: false
OpticalNumAudioTracks: 0
OpticalNumDataTracks: 0
OpticalNumSessions: 0
OpticalNumTracks: 0
Removable: true
Revision: 2.09
RotationRate: 0
Seat: seat0
Serial: 000008264001
SiblingId: /sys/devices/platform/soc@0/38200000.usb/xhci-hcd.4.auto/usb1/1-1/1-1.1/1-1.1:1.0
Size: 0
SortKey: 00coldplug/12removable/sd____a
TimeDetected: 22443874
TimeMediaDetected: 0
Vendor: Generic
WWN:
hehe, I mean, that do have CryptoBackingDevice
but the value is different from /
:)
Ahhh! I might have the makings of a theory here...
on postmarketOS, we unlock the rootfs luks volume in the initfs, but anything created in /dev/mapper is not carried forward when we call
switch_root
.librem5:~$ ls /dev/mapper/ control librem5:~$ df / Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/root 29874052 22703688 5637852 80% /
I bet that is throwing off udisks2...
Interesting... I imagined something like that could be in play... but I am not entirely sure what I could do in that scenario...
Interesting... I imagined something like that could be in play... but I am not entirely sure what I could do in that scenario...
Yeah if that's the problem, then I don't think it's your fault. I'll try modifying our initfs to not remove /dev prior to switch_root
and see if that 'fixes' it. But I'm not sure if anyone remembers why we do that in the first place :P
Interesting... I imagined something like that could be in play... but I am not entirely sure what I could do in that scenario...
Yeah if that's the problem, then I don't think it's your fault. I'll try modifying our initfs to not remove /dev prior to
switch_root
and see if that 'fixes' it. But I'm not sure if anyone remembers why we do that in the first place :P
haha, well, I rather not force anyone to break pmOS xD, so if there's something reasonable I can do on Portfolio's side I can try it.
yeah I want to get to the bottom of why we are doing that in pmOS before making any further requests here. it seems like we shouldn't be umounting /dev before switch_root. anyways, thanks for the help, I'll report back if there's something that could be done in Portfolio, but for now I'll try to get some more context here; https://gitlab.com/postmarketOS/pmaports/-/issues/1410
well I patched our initfs to preserve /dev
when switch_root
is called, and I still see the exact same behavior as above, the root disk still has:
/org/freedesktop/UDisks2/block_devices/mmcblk0p2:
org.freedesktop.UDisks2.Block:
Configuration: []
CryptoBackingDevice: '/'
Device: /dev/mmcblk0p2
...
IdType: crypto_LUKS
...
and you can see here that the device that is mounted to /
is present now in /dev
:
foo:~$ ls -lah /dev/mapper/root
total 0
brw------- 1 root root 254, 0 Feb 21 11:36 root
foo:~$ df /
Filesystem 1K-blocks Used Available Use% Mounted on
devtmpfs 10240 0 10240 0% /dev
/dev/mapper/root 29873320 1624680 26718820 6% /
Hmm, on the object_path with the org.freedesktop.UDisks2.Encrypted
interface, I assume CleartextDevice
is also set to /
then...
I can't think of a reason for why udisk is not setting CryptoBackingDevice
and CleartextDevice
properties :confused: ... In the short term, maybe there's something else that can characterized those "already unlocked" blocks so I can least hide these.
here's what I see:
/org/freedesktop/UDisks2/block_devices/mmcblk0p2:
org.freedesktop.UDisks2.Block:
Configuration: []
CryptoBackingDevice: '/'
Device: /dev/mmcblk0p2
DeviceNumber: 45826
Drive: '/org/freedesktop/UDisks2/drives/032G32_0xxxxxxxxxx'
HintAuto: false
HintIconName:
HintIgnore: false
HintName:
HintPartitionable: true
HintSymbolicIconName:
HintSystem: true
Id: by-id-mmc-032G32_0xxxxxxxxxx-part2
IdLabel:
IdType: crypto_LUKS
IdUUID: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
IdUsage: crypto
IdVersion: 2
MDRaid: '/'
MDRaidMember: '/'
PreferredDevice: /dev/mmcblk0p2
ReadOnly: false
Size: 31012683776
Symlinks: /dev/disk/by-id/mmc-032G32_0xxxxxxxxxx-part2
/dev/disk/by-partuuid/xxxxxxxxxx-xx
/dev/disk/by-path/platform-xxxxxxx.mmc-part2
/dev/disk/by-uuid/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
UserspaceMountOptions:
org.freedesktop.UDisks2.Encrypted:
ChildConfiguration: []
CleartextDevice: '/'
HintEncryptionType:
MetadataSize: 16777216
org.freedesktop.UDisks2.Partition:
Flags: 0
IsContained: false
IsContainer: false
Name:
Number: 2
Offset: 255852544
Size: 31012683776
Table: '/org/freedesktop/UDisks2/block_devices/mmcblk0'
Type: 0x83
UUID: xxxxxxxx-xx
tl;dr: now I suspect that it's udev, so now I'm trying to figure out how to handle that....
I dug around in the udisks2 source to try and figure out how it is detecting encrypted volumes, and I think this "TODO" says it all: https://github.com/storaged-project/udisks/blob/master/src/udiskslinuxblock.c#L988
I've confirmed (through gdb) that udisksd is not finding any dm crypt devices on the system, which is odd because /dev/dm-0
exists and is the root partition...
foo:~$ udisksctl info -b /dev/dm-0
Error looking up object for device /dev/dm-0
I noticed that there are udev rules for device-mapper, and that the dm-0 device has some env set that seemed suspicious:
E: DM_UDEV_DISABLE_DISK_RULES_FLAG=1
E: DM_UDEV_DISABLE_OTHER_RULES_FLAG=1
E: DM_UDEV_DISABLE_SUBSYSTEM_RULES_FLAG=1
Specifically, it's this rule that is setting those flags:
ENV{DM_UDEV_RULES_VSN}!="1", ENV{DM_UDEV_PRIMARY_SOURCE_FLAG}!="1", GOTO="dm_disable"
And I confirmed it by removing that rule, and Portfolio was able to see the root partition disk as already mounted/unlocked!! Unfortunately those flags are set to help with coldplugging devices from initfs and allowing add events later without retriggering previously created devices, or something. udev in rootfs seems to expect udev in initfs to pass along the device database with already-initialized devices in it. Unfortunately for pmOS, we aren't using udev in initfs, so there's nothing to pass along and udev skips over the existing dm-0.
Anyways, unless you find some quick trick to ID the volume, it looks like I have a lot more work ahead of me to clean up this mess.
tl;dr: now I suspect that it's udev, so now I'm trying to figure out how to handle that....
@craftyguy impressive detective work !
unless you find some quick trick to ID the volume, it looks like I have a lot more work ahead of me to clean up this mess.
I need to get my head around this and see what I can do.
@craftyguy this is me thinking out of the box... see #261 (other FMs, such Nautilus, do this)
Running portfolio on my device, there's an entry for the luks partition that has my rootfs. Tapping on it prompts me for the passphrase to unlock it... but it's already unlocked. Perhaps portfolio should hide an encrypted volume if it's already unlocked and mounted to
/
?I'm not quite sure how it should be handled to be honest. This problem is mostly cosmetic, since I don't think I'd be able to actually unlock it through portfolio (since it's already unlocked, I think cryptsetup will complain), and it's unlikely that the 'eject' button would work too (I didn't try it... for obvious reasons... heh)