OEM setup asks disk encryption passphrase after completed OEM setup
Closed, ResolvedPublic

Description

Latest OEM ISO image: http://downloads.puri.sm/oem/gnome/2018-08-10/

OEM procedure:

  1. Boot OEM disk, GNOME initial setup starts
  2. After GNOME initial setup is complete, the installer starts
  3. Select automatic partitioning, WITH encryption, use password 12345678
  4. The installer is done, restart

What should happen:

When the computer is started again, it should boot into a desktop without asking for any password to unlock the disk.

What actually happens:

When the computer is started again, system is asking for a password to unlock the encrypted disk! Entering the temporary password 12345678 works, disk is unlocked and desktop is started.

mladen created this task.Aug 10 2018, 7:44 PM
mladen created this object with edit policy "Restricted Project (Project)".
mladen assigned this task to mak.
mak triaged this task as "Normal" priority.Aug 13 2018, 2:45 PM

Not a high priority because this only affects a playground OEM image. Needs to be fixed though before we update the image (which should happen soonish).

mak added a comment.Aug 19 2018, 7:24 PM

Tracked the issue down to a ton of regressions in cryptsetup starting with 2:2.0.3-2 - so maybe a fix for this will just be rebuilding the image :-)

mak raised the priority of this task from "Normal" to "High".Aug 23 2018, 6:57 PM

A new image was built and I installed it (https://downloads.puri.sm/playground/2018-08-23/pureos-8.0-gnome-oem_20180823-amd64.hybrid.iso) in virt manager. After the install completed, I was prompted to reboot. Right after the reboot, I was prompted to enter the disk encryption password:

mak added a comment.Aug 24 2018, 4:53 PM

Since I am quite out of ideas on this one now, I reported the issue with all information that I figured out so far against cryptsetup at Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907201

The actual issue is only a second prompt showing unconditionally for the rootfs (even for password-file LUKS disk unlocks!), no matter how the system encryption was set up.

mak closed this task as "Resolved".Aug 25 2018, 3:15 AM

This is resolved in the latest OEM and Live images, please test them! (for the oem image: https://downloads.puri.sm/oem/gnome/2018-08-25/, the live image is currently building)

I also proposed a patch for this against Calamares:
https://github.com/calamares/calamares/pull/1022

Add Comment