Attaching a debdiff for a disco SRU, as I don't have upload permission for libblockdev. Please sponsor!
** Patch added: "debdiff 2.20-7 -> 2.20-7ubuntu0.1" https://bugs.launchpad.net/ubuntu/+source/libblockdev/+bug/1837437/+attachment/5279177/+files/libblockdev.debdiff ** Description changed: - This is fixed upstream. Logging this bug to track the fix in to Ubuntu. + [Impact] + Users with full disk encryption trying to change the encryption + passphrase in gnome-disks will get an error message, and after rebooting + neither the old passphrase nor the new one can unlock their disk, + rendering the machine unusable. + + + [Test Case] + + (can be done in a virtual machine, for testing purposes) + 1. Download a 19.04 ISO, and install it, choosing the full disk encryption option + 2. When rebooting after the installation is complete, you are prompted for your passphrase to unlock the disk + 3. Once logged in, open gnome-disks, select the encrypted disk and click the contextual action to change the encryption passphrase + 4. Enter your old passphrase and the new one (twice), as prompted, then click OK + + Expected result: the passphrase is changed successfully, and when + rebooting the new passphrase can unlock the disk + + Current result: changing the passphrase fails, the user is presented + with an error message ("Error changing passphrase on device /dev/sda5: + Failed to add the new passphrase: Invalid argument (udisks-error-quark, + 0)"), and when rebooting neither the old passphrase nor the new one can + unlock the disk, which renders it unusable + + To test the fix, the updated libblockdev* packages need to be installed + on the machine before attempting to change the encryption passphrase in + gnome-disks. + + + [Regression Potential] + + The patch only touches code related to changing the LUKS encryption passphrase, so non-encrypted disk setups should not be affected. + Scenarii with full-disk encryption should be carefully tested, including changing an existing passphrase, adding and removing passphrases, both from the gnome-disks UI and using the cryptsetup CLI. + + + [Original Description] + + This is fixed upstream. Logging this bug to track the fix in to Ubuntu. From the upstream bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928893 Dear Maintainer, * What led up to the situation? Install system using normal full disk encryption LUKS+Ext4. After install open gnome-disk-utility and change encryption password. It gives some error dialog and now you are royally screwed. It deleted the only LUKS keyslot. Cannot add new keyslots because of that. All data will be lost after reboot. Here is output of luksdump: udo cryptsetup luksDump /dev/sda5 LUKS header information - Version: 2 - Epoch: 4 - Metadata area: 16384 [bytes] - Keyslots area: 16744448 [bytes] - UUID: 3c16ad4c-294c-4547-bf3e-bb8864ba5ea3 - Label: (no label) - Subsystem: (no subsystem) - Flags: (no flags) + Version: 2 + Epoch: 4 + Metadata area: 16384 [bytes] + Keyslots area: 16744448 [bytes] + UUID: 3c16ad4c-294c-4547-bf3e-bb8864ba5ea3 + Label: (no label) + Subsystem: (no subsystem) + Flags: (no flags) Data segments: 0: crypt offset: 16777216 [bytes] length: (whole device) cipher: aes-xts-plain64 sector: 512 [bytes] Keyslots: Tokens: Digests: 0: pbkdf2 - Hash: sha256 + Hash: sha256 Iterations: 59904 - Salt: XX XX XX XX XX .... - Digest: XX XX XX XX XX ... + Salt: XX XX XX XX XX .... + Digest: XX XX XX XX XX ... ---------------------------------------- I changed salt and digest. No Keyslots are present!!! I tried this 2 times in a row with new install, exactly same result. - -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.0.8-xanmod5 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gnome-disk-utility depends on: - ii dconf-gsettings-backend [gsettings-backend] 0.30.1-2 - ii libatk1.0-0 2.30.0-2 - ii libc6 2.28-10 - ii libcairo2 1.16.0-4 - ii libcanberra-gtk3-0 0.30-7 - ii libdvdread4 6.0.1-1 - ii libgdk-pixbuf2.0-0 2.38.1+dfsg-1 - ii libglib2.0-0 2.58.3-1 - ii libgtk-3-0 3.24.5-1 - ii liblzma5 5.2.4-1 - ii libnotify4 0.7.7-4 - ii libpango-1.0-0 1.42.4-6 - ii libpangocairo-1.0-0 1.42.4-6 - ii libpwquality1 1.4.0-3 - ii libsecret-1-0 0.18.7-1 - ii libsystemd0 241-3 - ii libudisks2-0 2.8.1-4 - ii udisks2 2.8.1-4 + ii dconf-gsettings-backend [gsettings-backend] 0.30.1-2 + ii libatk1.0-0 2.30.0-2 + ii libc6 2.28-10 + ii libcairo2 1.16.0-4 + ii libcanberra-gtk3-0 0.30-7 + ii libdvdread4 6.0.1-1 + ii libgdk-pixbuf2.0-0 2.38.1+dfsg-1 + ii libglib2.0-0 2.58.3-1 + ii libgtk-3-0 3.24.5-1 + ii liblzma5 5.2.4-1 + ii libnotify4 0.7.7-4 + ii libpango-1.0-0 1.42.4-6 + ii libpangocairo-1.0-0 1.42.4-6 + ii libpwquality1 1.4.0-3 + ii libsecret-1-0 0.18.7-1 + ii libsystemd0 241-3 + ii libudisks2-0 2.8.1-4 + ii udisks2 2.8.1-4 gnome-disk-utility recommends no packages. gnome-disk-utility suggests no packages. -- no debconf information -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1837437 Title: disk content permanently lost when changing LUKS password To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libblockdev/+bug/1837437/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
