[Bug 959988] New: No password queried for encrypted devices after resume from suspend to disk
http://bugzilla.opensuse.org/show_bug.cgi?id=959988 Bug ID: 959988 Summary: No password queried for encrypted devices after resume from suspend to disk Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: Other OS: openSUSE 42.1 Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: Ulrich.Windl@rz.uni-regensburg.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- When having suspended to disk (manually or automatically), the subsequent resume continues to the graphical login prompt (the first screen you see) without querying a password, even if multiple encrypted partitions exist (e.g. root and swap). IMHO this makes an encrypted swap (holding the suspend data) rather ridiculous. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=959988 http://bugzilla.opensuse.org/show_bug.cgi?id=959988#c1 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |astieger@suse.com, | |Ulrich.Windl@rz.uni-regensb | |urg.de Flags| |needinfo?(Ulrich.Windl@rz.u | |ni-regensburg.de) --- Comment #1 from Andreas Stieger <astieger@suse.com> --- Thanks for reporting. Please give your partitioning / storage layout including related details (lvm, file systems, cryptsetup luksDump) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=959988 http://bugzilla.opensuse.org/show_bug.cgi?id=959988#c2 Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(Ulrich.Windl@rz.u | |ni-regensburg.de) | --- Comment #2 from Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> --- LVM: # lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert home sys -wi-ao---- 250.00g root sys -wi-ao---- 32.00g var sys Vwi-aotz-- 8.00g varpool 24.83 varpool sys twi-aotz-- 16.00g 12.42 6.88 fstab: # cat /etc/fstab /dev/mapper/cr_swap swap swap defaults 0 0 UUID=3f14e45d-12be-42ba-a05f-875f69e88290 / btrfs defaults 0 0 /dev/mapper/cr_home /home xfs nofail 0 2 UUID=3f14e45d-12be-42ba-a05f-875f69e88290 /opt btrfs subvol=@/opt 0 0 UUID=3f14e45d-12be-42ba-a05f-875f69e88290 /srv btrfs subvol=@/srv 0 0 UUID=3f14e45d-12be-42ba-a05f-875f69e88290 /tmp btrfs subvol=@/tmp 0 0 UUID=3f14e45d-12be-42ba-a05f-875f69e88290 /usr/local btrfs subvol=@/usr/local 0 0 UUID=3f14e45d-12be-42ba-a05f-875f69e88290 /.snapshots btrfs subvol=@/.snapshots 0 0 UUID=0268f4f3-1d71-4f98-818e-21d46454616c /boot ext3 acl,user_xattr 1 2 UUID=f93af6df-74b3-4846-afb1-da3a15030e22 /var btrfs defaults 0 0 Swap: # cryptsetup luksDump /dev/sdb2 LUKS header information for /dev/sdb2 Version: 1 Cipher name: aes Cipher mode: xts-plain64 Hash spec: sha1 Payload offset: 4096 MK bits: 256 MK digest: <removed> MK salt: <removed> MK iterations: 19875 UUID: 75271dab-b04b-430d-848f-322948deca8c Key Slot 0: ENABLED Iterations: <removed> Salt: <removed> Key material offset: 8 AF stripes: 4000 Key Slot 1: DISABLED Key Slot 2: DISABLED Key Slot 3: DISABLED Key Slot 4: DISABLED Key Slot 5: DISABLED Key Slot 6: DISABLED Key Slot 7: DISABLED Home: # cryptsetup luksDump /dev/sys/home LUKS header information for /dev/sys/home Version: 1 Cipher name: aes Cipher mode: xts-plain64 Hash spec: sha1 Payload offset: 4096 MK bits: 256 MK digest: <removed> MK salt: <removed> MK iterations: 20125 UUID: f1ac4f6a-20f9-48db-949d-f1c0c7f1e06e Key Slot 0: ENABLED Iterations: <removed> Salt: <removed> Key material offset: 8 AF stripes: 4000 Key Slot 1: DISABLED Key Slot 2: DISABLED Key Slot 3: DISABLED Key Slot 4: DISABLED Key Slot 5: DISABLED Key Slot 6: DISABLED Key Slot 7: DISABLED So this correction applies (sorry for mixing it up): swap and HOME are encrypted, not ROOT. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=959988 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC|astieger@suse.com | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=959988 Tomáš Chvátal <tchvatal@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|Leap 42.1 |Leap 42.3 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com