FS#45807 - [linux-grsec] Fails to unlock luks encrypted hdd.

Attached to Project: Community Packages
Opened by james evans (lx478) - Tuesday, 28 July 2015, 10:26 GMT
Last edited by Daniel Micay (thestinger) - Wednesday, 29 July 2015, 04:07 GMT
Task Type Bug Report
Category Upstream Bugs
Status Closed
Assigned To Daniel Micay (thestinger)
Architecture x86_64
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
After updating to the latest version of this kernel, it starts normally saying that a password is required to unlock VolGroup00, however it then nevers asks for 'Enter passphrase for /dev/sdx' and anything that is typed is in plaintext with no response unless Ctrl + Alt + Dlt.


Additional info:
4.1.3.201507261932-1 package version(s)
* config and/or log files etc.


Steps to reproduce:
Using a hdd encrypted with luks + dmcrypt, reboot after upgrading and you will not be able to unlock the hdd and boot.
   IMG_20150728_112008.jpg (277.8 KiB)
This task depends upon

Closed by  Daniel Micay (thestinger)
Wednesday, 29 July 2015, 04:07 GMT
Reason for closing:  Fixed
Additional comments about closing:  4.1.3.201507281943-1
Comment by Daniel Micay (thestinger) - Tuesday, 28 July 2015, 17:18 GMT
This is probably an upstream bug, but it's quite strange. It's likely going to need to be narrowed down to a specific PaX / grsecurity feature. Perhaps it's related to something like module auto-loading.
Comment by Daniel Micay (thestinger) - Tuesday, 28 July 2015, 17:23 GMT
Can you try booting with pax_nouderef on the kernel line?
Comment by james evans (lx478) - Tuesday, 28 July 2015, 18:19 GMT
Adding pax_nouderef seemded to fix the problem.
Comment by Daniel Micay (thestinger) - Tuesday, 28 July 2015, 18:38 GMT
Can you provide the output of `cat /proc/cpuinfo`?
Comment by Jean (rfnx) - Tuesday, 28 July 2015, 18:53 GMT
Hello,

I have the same problem since the last grsec version (I can't boot) but I'm not using LUKS, I use LVM. If I add pax_nouderef on the kernel line, I can boot.

My CPU is an Intel i7 3770k.
Comment by Daniel Micay (thestinger) - Tuesday, 28 July 2015, 19:02 GMT
Can you try booting with `nopcid` instead of `pax_nouderef`? It would also be interested to know if it works with `pax_weakuderef` (without either of the other options).
Comment by Jean (rfnx) - Tuesday, 28 July 2015, 19:25 GMT
It works with both, nopcid and pax_weakuderef.
Comment by james evans (lx478) - Tuesday, 28 July 2015, 21:06 GMT
Probably worth noting that I am also using LVM, so it may be due to that.
   cpuinfo (3.6 KiB)
Comment by Daniel Micay (thestinger) - Wednesday, 29 July 2015, 03:29 GMT
I reported this to upstream (probably wasn't the only one) and there's a new release with a fix for the issue. I'll push out the new package soon. I actually have a modern Intel machine hitting this issue, but it isn't the one where I built and tested this upgrade as it was busy building Android.

Loading...