Bug 1827225
| Summary: | clevis luks bind fails with key file in non-interactive mode | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Sergio Correia <scorreia> |
| Component: | clevis | Assignee: | Sergio Correia <scorreia> |
| Status: | CLOSED ERRATA | QA Contact: | Martin Zelený <mzeleny> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 8.0 | CC: | dapospis |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | 8.0 | Flags: | pm-rhel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | clevis-13-1.el8 | Doc Type: | No Doc Update |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-11-04 03:09:18 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
AC: Upstream test suite covering binding by keyfile with trailing newline will pass [1]. [1] https://github.com/latchset/clevis/blob/master/src/luks/tests/bind-pass-with-newline-luks1 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (clevis bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4701 |
Description of problem: Trying to bind using a key file fails Version-Release number of selected component (if applicable): Tested with clevis-luks-11-9.el8.x86_64 How reproducible: always Steps to Reproduce: 1. Create a keyfile: openssl rand -hex 8 > keyfile 2. Add the keyfile to the LUKS device: cryptsetup luksAddKey /dev/sda1 keyfile 3. Bind: clevis luks bind -f -k key -d /dev/sda1 tpm2 {} Actual results: No key available with this passphrase. Failed to import token from file. Error while saving Clevis metadata as a LUKS token! No key available with this passphrase. Expected results: Bind completes successfully and we can use clevis luks unlock in the device Additional info: Reported upstream in https://github.com/latchset/clevis/issues/105