shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-06 00:58:29 +03:00
Code

cryptsetup: ask for PIN when trying to activate using a LUKS2 token plugin

Browse Source 
crypt_activate_by_token() fails with ENOANO if the token is protected with a
PIN, in this case we need to call crypt_activate_by_token_pin() with a PIN.
This logic is already implemented in
crypt_activate_by_token_pin_ask_password().

This code path is relevant when using systemd-gpt-auto-generator because there
is no a priory information about the type of the used security device, so
systemd-cryptsetup tries to unlock the volume using the corresponding
cryptsetup plugin.
This commit is contained in:
Jonas Witschel 2022-05-25 14:06:12 +02:00
parent 89db47550d
commit ee6c66acc5
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/cryptsetup/cryptsetup.c
View File

@ -1886,7 +1886,17 @@ static int run(int argc, char *argv[]) {
/* Tokens are available in LUKS2 only, but it is ok to call (and fail) with LUKS1. */
if (!key_file && !key_data) {
r = crypt_activate_by_token(cd, volume, CRYPT_ANY_TOKEN, NULL, flags);
r = crypt_activate_by_token_pin_ask_password(
cd,
volume,
NULL,
until,
arg_headless,
NULL,
flags,
"Please enter LUKS2 token PIN:",
"luks2-pin",
"cryptsetup.luks2-pin");
if (r >= 0) {
log_debug("Volume %s activated with LUKS token id %i.", volume, r);
return 0;