UI inconsistency: unlocking LUKS-encrypted drives
- Date: Sun, 3 Sep 2017 21:03:22 +0100
- From: Sam Kuper <sam.kuper@xxxxxxxxxxx>
- Subject: UI inconsistency: unlocking LUKS-encrypted drives
For some LUKS-encrypted partitions, when I unlock them from Debian,
the computer only asks me for the passphrase for the encrypted
partition. For other such partitions, when I unlock them, the computer
also asks me for my user password.* See detailed description below.
My questions are:
1. is this inconsistency intended, and if so, why?
2. is there a way to control this behaviour, i.e. to choose which
partitions require a user password upon unlocking?
The PC where I noticed this issue has the GNOME desktop environment.
All terminal transcripts in this email are from the "Terminal"
application. Here is the version of Debian the PC is running:
$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 9.1 (stretch)
$ cat /proc/version
Linux version 4.9.0-3-amd64 (debian-kernel@xxxxxxxxxxxxxxxx) (gcc
version 6.3.0 20170516 (Debian 6.3.0-18) ) #1 SMP Debian
Here are the block devices on this particular PC:
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 1.8T 0 disk
└─sda1 8:1 0 1.8T 0 part
sdb 8:16 0 1.8T 0 disk
└─sdb1 8:17 0 1.8T 0 part
sdc 8:32 0 232.9G 0 disk
├─sdc1 8:33 0 243M 0 part /boot
├─sdc2 8:34 0 1K 0 part
└─sdc5 8:37 0 232.7G 0 part
└─sdb5_crypt 253:0 0 232.7G 0 crypt
├─pc1--vg-root 253:1 0 224.7G 0 lvm /
└─pc1--vg-swap_1 253:2 0 7.9G 0 lvm [SWAP]
sdd 8:48 1 59.8G 0 disk
└─sdd1 8:49 1 59.8G 0 part
sda, sdb and sdc are all connected to the motherboard via the SATA
bus. sdd is connected via the Universal Serial Bus (USB). Maybe that
is a factor in the UI inconsistency I am reporting? As you will see,
unlocking a SATA device prompts for a user password; unlocking a USB
device does not.
Anyhow, here is an example of the behaviour I am reporting:
$ udisksctl unlock -b /dev/sdd1
Unlocked /dev/sdd1 as /dev/dm-3.
$ udisksctl unlock -b /dev/sda1
# After entering the passphrase for sda1, the screen darkens
# with a transulcent radial gradient overlay, and a Gnome
# modal window pops up: with the following text:
## Authentication Required
## Authentication is required to unlock the encrypted device
## XXXXXXXXXXX-XXXXXX (/dev/sda1).
## <My username>
## Password: _________
# After entering my user password, the modal window closes
# and the translucent overlay disappears, returning focus to
Unlocked /dev/sda1 as /dev/dm-4.
I hope that illustrates the issue clearly. If not, please let me know.
In any case, please CC me in your reply, as I am not currently
subscribed to the debian-users mailing list. Thanks!
* This particular Debian installation does not have a root account, it
uses sudo instead. Perhaps the computer would ask for the root
password instead of the user password, if this particular Debian
installation *did* have a root account instead of having a user
account with sudo privileges, but I have not tested this.