Project

General

Profile

Bug #15733

Feature #14468: Add VeraCrypt support to Tails

Feature #14480: Fix bugs and UX issues of VeraCrypt support

Unlocking TCRYPT volume sometimes shows a confusing error message

Added by segfault about 1 year ago. Updated 9 months ago.

Status:
Resolved
Priority:
Elevated
Assignee:
-
Category:
-
Target version:
-
Start date:
07/16/2018
Due date:
% Done:

100%

Feature Branch:
feature/14481-TCRYPT-support-beta
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

When unlocking a volume via udisks, there is a 10 second timeout for determining the resulting cleartext object (see udisks/src/udiskslinuxencrypted.c:536). This timeout is good enough for LUKS volumes, but unlocking TCRYPT can take a lot longer, so we should increase this timeout for TCRYPT volumes.

Also, I doubt that an error message dialog shown to the user even 10 seconds after the user interaction is useful for them. The volume is still being unlocked, but the "unlocked-crypto-dev" file is not updated and the D-Bus call does not return the cleartext object. As a result, udisks doesn't store which user unlocked the device and is therefore allowed to mount the volume, which causes #15757.

This affects upstream as well as Tails, so we should upstream the fix.

Merge request: https://github.com/storaged-project/udisks/pull/558


Related issues

Related to Tails - Bug #15757: Some VeraCrypt volumes require admin password to unlock Resolved 07/31/2018
Related to Tails - Bug #15967: udisks doesn't recognize volumes with multiple encryption as unlocked Resolved 09/20/2018

Associated revisions

Revision 9a3c69ea
Added by intrigeri 11 months ago

Merge branch 'feature/14481-TCRYPT-support-beta' into testing-integration (Fix-committed: #15795, #15733, #15843, #15849)

History

#1 Updated by segfault about 1 year ago

  • Parent task set to #14480

#2 Updated by segfault 12 months ago

  • Description updated (diff)

I created a merge request to increase the timeout in udisks.

#3 Updated by segfault 12 months ago

https://github.com/storaged-project/udisks/pull/558 was merged.

I should still create a new udisks package for Tails, so we can have this in Tails 3.9.

#4 Updated by segfault 11 months ago

segfault wrote:

https://github.com/storaged-project/udisks/pull/558 was merged.

I should still create a new udisks package for Tails, so we can have this in Tails 3.9.

Crap, I forgot to do this in the context of #15521, so this bug is not fixed in the RC and we are getting new bug reports about this :(

https://mailman.boum.org/pipermail/tails-testers/2018-August/001109.html

I'm currently creating a new udisks package which fixes this.

#5 Updated by segfault 11 months ago

  • Assignee changed from segfault to intrigeri
  • Priority changed from Normal to Elevated
  • QA Check set to Ready for QA

segfault wrote:

I'm currently creating a new udisks package which fixes this.

I pushed udisks2 2.1.8-1.0tails3

#6 Updated by intrigeri 11 months ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 50

(Now that we have a fix, we can as well report about it.)

#7 Updated by intrigeri 11 months ago

  • Feature Branch set to feature/14481-TCRYPT-support-beta

#8 Updated by intrigeri 11 months ago

  • % Done changed from 50 to 100
  • QA Check changed from Ready for QA to Pass

Built & uploaded, will merge once I'm done with #15849.

#9 Updated by intrigeri 11 months ago

  • Status changed from In Progress to Fix committed
  • Assignee deleted (intrigeri)

#10 Updated by intrigeri 11 months ago

  • Status changed from Fix committed to Resolved

#11 Updated by segfault 10 months ago

  • Status changed from Resolved to Confirmed
  • Target version changed from Tails_3.9 to Tails_3.10.1
  • % Done changed from 100 to 0
  • QA Check deleted (Pass)

We got at least two bug reports for 3.9 which show that the timeout was still exceeded. Note that these could also have been caused by #15967, which will always cause a timeout, because the cleartext device can't be found.

#12 Updated by segfault 10 months ago

  • Assignee set to segfault

#13 Updated by segfault 9 months ago

  • Target version changed from Tails_3.10.1 to Tails_3.11

#14 Updated by intrigeri 9 months ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 50

segfault wrote:

We got at least two bug reports for 3.9 which show that the timeout was still exceeded. Note that these could also have been caused by #15967, which will always cause a timeout, because the cleartext device can't be found.

Any new bug report since #15967 got fixed in 3.10.1? If not, let's call this done.

#15 Updated by segfault 9 months ago

  • Status changed from In Progress to Resolved
  • Assignee deleted (segfault)
  • Target version deleted (Tails_3.11)

No new bugs since 3.10.1.

#16 Updated by segfault 9 months ago

  • % Done changed from 50 to 100

#17 Updated by segfault 9 months ago

  • Description updated (diff)

#18 Updated by segfault 9 months ago

  • Related to Bug #15757: Some VeraCrypt volumes require admin password to unlock added

#19 Updated by segfault 9 months ago

  • Related to Bug #15967: udisks doesn't recognize volumes with multiple encryption as unlocked added

Also available in: Atom PDF