system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-10-15 04:24:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

cryptsetup: ask for PIN when trying to activate using a LUKS2 token plugin

Browse source 
crypt_activate_by_token() fails with ENOANO if the token is protected with a
PIN, in this case we need to call crypt_activate_by_token_pin() with a PIN.
This logic is already implemented in
crypt_activate_by_token_pin_ask_password().

This code path is relevant when using systemd-gpt-auto-generator because there
is no a priory information about the type of the used security device, so
systemd-cryptsetup tries to unlock the volume using the corresponding
cryptsetup plugin.
This commit is contained in:
Jonas Witschel 2022-05-25 14:06:12 +02:00
parent 89db47550d
commit ee6c66acc5
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/cryptsetup/cryptsetup.c
View file

@ -1886,7 +1886,17 @@ static int run(int argc, char *argv[]) {
/* Tokens are available in LUKS2 only, but it is ok to call (and fail) with LUKS1. */
if (!key_file && !key_data) {
r = crypt_activate_by_token(cd, volume, CRYPT_ANY_TOKEN, NULL, flags);
r = crypt_activate_by_token_pin_ask_password(
cd,
volume,
NULL,
until,
arg_headless,
NULL,
flags,
"Please enter LUKS2 token PIN:",
"luks2-pin",
"cryptsetup.luks2-pin");
if (r >= 0) {
log_debug("Volume %s activated with LUKS token id %i.", volume, r);
return 0;