diff options
| author | Jonas Witschel <diabonas@archlinux.org> | 2022-05-25 14:06:12 +0200 |
|---|---|---|
| committer | Jonas Witschel <diabonas@archlinux.org> | 2022-08-05 12:22:27 +0200 |
| commit | ee6c66acc5a61cb56f9b1d6e3132728c4d1ce66d (patch) | |
| tree | 8c825efb34628cf4d4b27f5a5238d3f59026e311 /src/cryptsetup | |
| parent | 89db47550d137d2e120f9e7002d831591eaa269f (diff) | |
| download | systemd-ee6c66acc5a61cb56f9b1d6e3132728c4d1ce66d.tar.gz | |
cryptsetup: ask for PIN when trying to activate using a LUKS2 token plugin
crypt_activate_by_token() fails with ENOANO if the token is protected with a
PIN, in this case we need to call crypt_activate_by_token_pin() with a PIN.
This logic is already implemented in
crypt_activate_by_token_pin_ask_password().
This code path is relevant when using systemd-gpt-auto-generator because there
is no a priory information about the type of the used security device, so
systemd-cryptsetup tries to unlock the volume using the corresponding
cryptsetup plugin.
Diffstat (limited to 'src/cryptsetup')
| -rw-r--r-- | src/cryptsetup/cryptsetup.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index 7a9878e689..c8e71c43de 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -1886,7 +1886,17 @@ static int run(int argc, char *argv[]) { /* Tokens are available in LUKS2 only, but it is ok to call (and fail) with LUKS1. */ if (!key_file && !key_data) { - r = crypt_activate_by_token(cd, volume, CRYPT_ANY_TOKEN, NULL, flags); + r = crypt_activate_by_token_pin_ask_password( + cd, + volume, + NULL, + until, + arg_headless, + NULL, + flags, + "Please enter LUKS2 token PIN:", + "luks2-pin", + "cryptsetup.luks2-pin"); if (r >= 0) { log_debug("Volume %s activated with LUKS token id %i.", volume, r); return 0; |