Web lists-archives.com

UI inconsistency: unlocking LUKS-encrypted drives




For some LUKS-encrypted partitions, when I unlock them from Debian,
the computer only asks me for the passphrase for the encrypted
partition. For other such partitions, when I unlock them, the computer
also asks me for my user password.* See detailed description below.

My questions are:

1. is this inconsistency intended, and if so, why?

2. is there a way to control this behaviour, i.e. to choose which
partitions require a user password upon unlocking?


The PC where I noticed this issue has the GNOME desktop environment.
All terminal transcripts in this email are from the "Terminal"
application. Here is the version of Debian the PC is running:

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux 9.1 (stretch)
Release:	9.1
Codename:	stretch
$ cat /proc/version
Linux version 4.9.0-3-amd64 (debian-kernel@xxxxxxxxxxxxxxxx) (gcc
version 6.3.0 20170516 (Debian 6.3.0-18) ) #1 SMP Debian
4.9.30-2+deb9u3 (2017-08-06)


Here are the block devices on this particular PC:

$ lsblk
NAME                   MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                      8:0    0   1.8T  0 disk
└─sda1                   8:1    0   1.8T  0 part
sdb                      8:16   0   1.8T  0 disk
└─sdb1                   8:17   0   1.8T  0 part
sdc                      8:32   0 232.9G  0 disk
├─sdc1                   8:33   0   243M  0 part  /boot
├─sdc2                   8:34   0     1K  0 part
└─sdc5                   8:37   0 232.7G  0 part
  └─sdb5_crypt         253:0    0 232.7G  0 crypt
    ├─pc1--vg-root   253:1    0 224.7G  0 lvm   /
    └─pc1--vg-swap_1 253:2    0   7.9G  0 lvm   [SWAP]
sdd                      8:48   1  59.8G  0 disk
└─sdd1                   8:49   1  59.8G  0 part


sda, sdb and sdc are all connected to the motherboard via the SATA
bus. sdd is connected via the Universal Serial Bus (USB). Maybe that
is a factor in the UI inconsistency I am reporting? As you will see,
unlocking a SATA device prompts for a user password; unlocking a USB
device does not.


Anyhow, here is an example of the behaviour I am reporting:

$ udisksctl unlock -b /dev/sdd1
Passphrase:
Unlocked /dev/sdd1 as /dev/dm-3.
$ udisksctl unlock -b /dev/sda1
Passphrase:
# After entering the passphrase for sda1, the screen darkens
# with a transulcent radial gradient overlay, and a Gnome
# modal window pops up: with the following text:
#
## Authentication Required
## Authentication is required to unlock the encrypted device
## XXXXXXXXXXX-XXXXXX (/dev/sda1).
## <My username>
## Password: _________
#
# After entering my user password, the modal window closes
# and the translucent overlay disappears, returning focus to
# Terminal.
Unlocked /dev/sda1 as /dev/dm-4.


I hope that illustrates the issue clearly. If not, please let me know.

In any case, please CC me in your reply, as I am not currently
subscribed to the debian-users mailing list. Thanks!


* This particular Debian installation does not have a root account, it
uses sudo instead. Perhaps the computer would ask for the root
password instead of the user password, if this particular Debian
installation *did* have a root account instead of having a user
account with sudo privileges, but I have not tested this.