Crypto-sdcard does not work on 4.4.0.72 / Sony Xperia 10 II

[Thermo41]

Hi

here are my attempts, a bit in disorder so far - moved from https://forum.sailfishos.org/t/automatically-mount-encrypted-sd-card/12023/10

[EDIT]
check the file, it is same as the one install by the package.
I retry the instructions in case I missed something.

[EDIT 2] I have run

• reinstalled crypto-sdcard
• executed section 9 of https://together.jolla.com/question/195850/guide-creating-partitions-on-sd-card-optionally-encrypted/#195850-43-dm-crypt-encrypted since I have an already Luks crypted file system
• then section 4.3.5 i.e rebooted
  Checks
  Nothing about crypto in journalctl -r
  tried to force cryptosd-luks@ service
  Result:

[root@Xperia10II-DualSIM etc]# systemctl enable cryptosd-luks@
The unit files have no installation config (WantedBy, RequiredBy, Also, Alias
settings in the [Install] section, and DefaultInstance for template units).
This means they are not meant to be enabled using systemctl.
Possible reasons for having this kind of units are:
1) A unit may be statically enabled by being symlinked from another unit's
   .wants/ or .requires/ directory.
2) A unit's purpose may be to act as a helper for some other unit which has
   a requirement dependency on it.
3) A unit may be started when needed via activation (socket, path, timer,
   D-Bus, udev, scripted systemctl call, ...).
4) In case of template units, the unit is meant to be enabled with some
   instance name specified.

continue looking at that until I am too tired and restore the luksHeader and mount it by hand 😀

[EDIT 3] I understand it is supposed to be activated by udevd (case 3) and is a template unit (case 4) looking at udev.
Progressing : generate escaped service name

/usr/bin/systemd-escape --template=cryptosd-luks@.service %E{a203bea7-6722-431c-a423-f4f742052c6b}

When trying to start it

[root@Xperia10II-DualSIM system]# systemctl start cryptosd-luks@\x25E\x7ba203bea7\x2d6722\x2d431c\x2da423\x2df4f742052c6b\x7d.service 
A dependency job for cryptosd-luks@x25Ex7ba203bea7x2d6722x2d431cx2da423x2df4f742052c6bx7d.service failed. See 'journalctl -xe' for details.

Pertinent details - I hope -

févr. 02 21:49:22 Xperia10II-DualSIM systemd[1]: selinux: Unknown class service
févr. 02 21:49:22 Xperia10II-DualSIM systemd[1]: selinux: Unknown class service
févr. 02 21:49:22 Xperia10II-DualSIM systemd[1]: dev-disk-by\x2duuid-x25Ex7ba203bea7x2d6722x2d431cx2da423x2df4f742052c6bx7d.device is not active.
févr. 02 21:49:22 Xperia10II-DualSIM systemd[1]: Dependency failed for Open /dev/disk/by-uuid/x25Ex7ba203bea7x2d6722x2d431cx2da423x2df4f742052c6bx7d per cryptsetup.
-- Subject: L'unité (unit) cryptosd-luks@x25Ex7ba203bea7x2d6722x2d431cx2da423x2df4f742052c6bx7d.service a échoué
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- L'unité (unit) cryptosd-luks@x25Ex7ba203bea7x2d6722x2d431cx2da423x2df4f742052c6bx7d.service a échoué, avec le résultat RESULT.
févr. 02 21:49:22 Xperia10II-DualSIM systemd[1]: cryptosd-luks@x25Ex7ba203bea7x2d6722x2d431cx2da423x2df4f742052c6bx7d.service: Job cryptosd-luks@x25Ex7ba203bea7x2d6722x2d431cx2da423x2df4f742052c6bx7d.service/start failed with result 'dependency'.

I conclude from the fact I did not find any mention to crypto that it might have not fired.
I need to find what dependency issue that may be.

[EDIT 4]
Looking at dependencies that I can't find

• cryptsetup-pre.target but I find a target named cryptsetup.target
• dev-disk-by\x2duuid-%i.device - it seems the syntax has changed -
  Apparently related

sys-devices-platform-soc-4784000.sdhci-mmc_host-mmc1-mmc1:aaaa-block-mmcblk1-mmcblk1p1.device                            loaded active plugged /sys/devices/platform/soc/
sys-devices-platform-soc-4784000.sdhci-mmc_host-mmc1-mmc1:aaaa-block-mmcblk1.device                                      loaded active plugged /sys/devices/platform/soc/

Stopping for tonight.
I mount my SD by hand, I try at least.
I will continue tomorrow, @olf , AM I on the right way ?

[EDIT 5]
progressing in understanding ... but slowly.
I umounted m SD card and LuksClose the partition then retried starting the crypto-luks service

Feb 03 16:43:20 Xperia10II-DualSIM systemd[1]: dev-disk-by\x2duuid-a203bea7x2d6722x2d431cx2da423x2df4f742052c6b.device is not active.
Feb 03 16:43:20 Xperia10II-DualSIM systemd[1]: Dependency failed for Open /dev/disk/by-uuid/a203bea7x2d6722x2d431cx2da423x2df4f742052c6b per cryptsetup.
-- Subject: Unit cryptosd-luks@a203bea7x2d6722x2d431cx2da423x2df4f742052c6b.service has failed
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit cryptosd-luks@a203bea7x2d6722x2d431cx2da423x2df4f742052c6b.service has failed.
-- 
-- The result is RESULT.
Feb 03 16:43:20 Xperia10II-DualSIM systemd[1]: cryptosd-luks@a203bea7x2d6722x2d431cx2da423x2df4f742052c6b.service: Job cryptosd-luks@a203bea7x2d6722x2d431cx2da423x2df4f742052c6

I try to understand why the device is said not active.

Now what I do not get well - still learning -

/usr/lib/udev/rules.d/60-persistent-storage.rules does not exist on my phone
a file with same name exists as /lib/udev/rules.d/60-persistent-storage.rules.

At the moment : I try and read to understand how the device is detected and fields filled-in.

[Olf0]

Your conclusions in [EDIT3] are correct, most of the others are not.

[EDIT4] is likely due to not retracing what crypto-sdcard from the sfos4.0.1 branch does.

Still you better start anew with the current guide on USB-attached media and check if that works with crypto-sdcard-1.7.2-1.sfos401regular.noarch.rpm installed when hotplugging.

Also create an unencrypted partition on that media and check if this becomes auto-mounted on boot, with and / or without mount-sdcard-1.8.1-1.sfos340.noarch.rpm installed.

P.S.: A lengthy reply on an abstract level was already provided. Please follow it, and then come back here with answers and likely more and potentially better questions.

P.P.S.: For other readers: While this is a continuation of issue #115, I requested to separate these tests, debugging tries and questions which arise from that.

[Olf0]

/usr/lib/udev/rules.d/60-persistent-storage.rules does not exist on my phone
a file with same name exists as /lib/udev/rules.d/60-persistent-storage.rules.

Context? I.e., why do you think this matters?

[Thermo41]

Actually seems not to matter after checking.
Just remarked that on line 9 of 96-cryptosd.rules it mentions the /usr/lib path - hence I tried to look at it, and foudn the file line the /lib/... path.

When simply rebooting I am probably not fast enough to catch details with journalctl.

Tried to trigger using udevadm, I see the systemd attempt to start cryptosd-luks@a203bea7\x2d6722\x2d431c\x2da423\x2df4f742052c6b.service'
It fails but this was expected here since my Encrypted partition is already mounted hence opening with cryptsetup fails.

I will try tomorrow

1. to trigger when my encrypted partition is not mounted
2. to use a USB device as you suggested to control when it is inserted and be ready to capture logs.

Thanks for your help and patience. I am a fast learner but there are quite a few elements to acquire to start and be efficient :-)

[Olf0]

… Just remarked that on line 9 of 96-cryptosd.rules it mentions the /usr/lib path - hence I tried to look at it, and found the file line the /lib/... path.

¿https://github.com/Olf0/crypto-sdcard/blob/sfos401/polkit-1/localauthority/50-local.d/69-cryptosd.pkla#L9?
AFAICS, it does not.
^{Please check things twice, before you trigger others to check things by your statements.}

When simply rebooting I am probably not fast enough to catch details with journalctl.

Then make the journal persistent. But better stop testing via reboots. Do use hotplugging, until you are fine with that (i.e., you fully understand what is going on).

[Thermo41]

I meant in udev/rules.d/96-cryptosd.rules in branch sfos401, see below the line 9

# - SUBSYSTEMS=="usb", KERNEL=="mmcblk[0-9]*|sd*|sr*" to filter for anything attached via (presumably "external") USB.  Mind that on devices without an SD-card slot mmcblk1 will be an externally attached card.
# Reference: /usr/lib/udev/rules.d/60-persistent-storage.rules
# 

---

I have an issue with testing on plug-in as I do not have a usbc adapter for my new xperia 10 II yet.
I am going to restart my older xperia X for that and find a SD card (not all my packages are well sorted since I moved in my new house yet).
32 or 64 bits should not change on that, my older xperia X is also 4.4.0.72.

[Olf0]

I meant in udev/rules.d/96-cryptosd.rules in branch sfos401, […]

Sorry, I am overworked and did not read well enough: This is why I love links, they are unambiguous. How to make them point to a specific line or section, see small text below.

Technically: It is only a comment, the path is irrelevant, it is the file which is meant to be referenced. It is intended to trigger a reader to look at this or rules/60-persistent-storage.rules on a SailfishOS installation. Yes, the path might be better adapted to the new location since SailfishOS 3.4.0 in the corresponding branches.

^{If you click on the line numbers or manually append #L<line-number> to the link, you can link to specific lines, for example for this line 9: https://github.com/Olf0/crypto-sdcard/blob/sfos401/udev/rules.d/96-cryptosd.rules#L9
If you click on a line number, then press the <Shift> key followed by clicking on another line number (or manually by appending #L<line-number1>-#L<line-number2>), you can select an area. As an example, the lines 8 to 10 you quoted: https://github.com/Olf0/crypto-sdcard/blob/sfos401/udev/rules.d/96-cryptosd.rules#L8-L10}

I have an issue with testing on plug-in as I do not have a usbc adapter for my new xperia 10 II yet.

Amazon etc. offers them for a few €. They are quite handy, at attach USB-A hardware, not only sticks (in theory a keyboard, printer etc. should work with a bit of configuration of SailfishOS, a keyboard maybe even without configuring anything).

I am going to restart my older xperia X for that and find a SD card (not all my packages are well sorted since I moved in my new house yet). 32 or 64 bits should not change on that, my older xperia X is also 4.4.0.72.

Yes, all this is independent of the CPU-architecture.

Hey, take your time, do not rush things. This has been lying around stale for more than a year, a couple of days will not make any difference. And you are too fast for me. 😉
So you may better spend a couple of hours moving stuff in your new house.

[Thermo41]

Actually seems not to matter after checking.
Just remarked that on line 9 of 96-cryptosd.rules it mentions the /usr/lib path - hence I tried to look at it, and foudn the file line the /lib/... path.

When simply rebooting I am probably not fast enough to catch details with journalctl.

Tried to trigger using udevadm, I see the systemd attempt to start cryptosd-luks@a203bea7\x2d6722\x2d431c\x2da423\x2df4f742052c6b.service'
It fails but this was expected here since my Encrypted partition is already mounted hence opening with cryptsetup fails.

I will try tomorrow

1. to trigger when my encrypted partition is not mounted
2. to use a USB device as you suggested to control when it is inserted and be ready to capture logs.

Thanks for your help and patience. I am a fast learner but there are quite a few elements to acquire to start and be efficient :-)

[Edit] As I am back to work, I have less time to spend - not giving up nonetheless

[Thermo41]

HI

I just got a bit of time tonight, while waiting for the delivery of a USB-micro <-> USBC adapter:

• I made sure I unmounted the SDCard, lukClosed the device and checked the entry in /dev/mapper was not ther
• I triggered the udev rule and
• partial success on cryptosd-luks systemd rule.
  Partial because

1. it creates the /dev/mapper entry hence it has luksOpened the devide
2. it generates logs - sorry I left the French language ...

févr. 15 20:36:57 Xperia10II-DualSIM systemd[1]: selinux: Unknown class service
févr. 15 20:36:57 Xperia10II-DualSIM systemd[1]: selinux: Unknown class service
févr. 15 20:36:57 Xperia10II-DualSIM systemd[1]: Starting Open /dev/disk/by-uuid/a203bea7-6722-431c-a423-f4f742052c6b per cryptsetup...
-- Subject: L'unité (unit) cryptosd-luks@a203bea7\x2d6722\x2d431c\x2da423\x2df4f742052c6b.service a commencé à démarrer
-- Defined-By: systemd
-- Support: https://forum.sailfishos.org/
-- 
-- L'unité (unit) cryptosd-luks@a203bea7\x2d6722\x2d431c\x2da423\x2df4f742052c6b.service a commencé à démarrer.
févr. 15 20:36:57 Xperia10II-DualSIM systemd[1]: selinux: Unknown class service
févr. 15 20:36:57 Xperia10II-DualSIM systemd[1]: selinux: Unknown class service
févr. 15 20:36:59 Xperia10II-DualSIM systemd[1]: Started Open /dev/disk/by-uuid/a203bea7-6722-431c-a423-f4f742052c6b per cryptsetup.
-- Subject: L'unité (unit) cryptosd-luks@a203bea7\x2d6722\x2d431c\x2da423\x2df4f742052c6b.service a terminé son démarrage
-- Defined-By: systemd
-- Support: https://forum.sailfishos.org/
-- 
-- L'unité (unit) cryptosd-luks@a203bea7\x2d6722\x2d431c\x2da423\x2df4f742052c6b.service a terminé son démarrage, avec le résultat RESULT.
févr. 15 20:36:59 Xperia10II-DualSIM systemd-udevd[25228]: conflicting device node '/dev/mapper/a203bea7-6722-431c-a423-f4f742052c6b' found
févr. 15 20:36:59 Xperia10II-DualSIM systemd[1]: selinux: Unknown class service

• but mount-cryptosd-liks failed

févr. 15 20:37:00 Xperia10II-DualSIM systemd[5148]: selinux: Unknown permission status for class system
févr. 15 20:37:00 Xperia10II-DualSIM harbour-amazfishd[6225]: 2023-02-15 20:37:00.145 : AbstractDevice::reconnectionTimer
févr. 15 20:37:00 Xperia10II-DualSIM harbour-amazfishd[6225]: 2023-02-15 20:37:00.149 : Lost connection
févr. 15 20:37:00 Xperia10II-DualSIM harbour-amazfishd[6225]: 2023-02-15 20:37:00.149 : QBLEDevice::disconnectFromDevice
févr. 15 20:37:00 Xperia10II-DualSIM harbour-amazfishd[6225]: 2023-02-15 20:37:00.152 : QBLEDevice::connectToDevice
févr. 15 20:37:00 Xperia10II-DualSIM harbour-amazfishd[6225]: 2023-02-15 20:37:00.152 : DeviceInterface::onRefreshTimer
févr. 15 20:37:00 Xperia10II-DualSIM udisksctl-user[25245]: Error looking up object for device /dev/mapper/a203bea7-6722-431c-a423-f4f74205
févr. 15 20:37:00 Xperia10II-DualSIM su[25251]: pam_unix(su-l:session): session closed for user defaultuser
févr. 15 20:37:00 Xperia10II-DualSIM systemd[1]: mount-cryptosd-luks@a203bea7\x2d6722\x2d431c\x2da423\x2df4f742052c6b.service: Main process
févr. 15 20:37:00 Xperia10II-DualSIM systemd[1]: selinux: Unknown permission stop for class system
févr. 15 20:37:00 Xperia10II-DualSIM systemd[1]: selinux: Unknown permission status for class system
févr. 15 20:37:00 Xperia10II-DualSIM systemd[1]: mount-cryptosd-luks@a203bea7\x2d6722\x2d431c\x2da423\x2df4f742052c6b.service: Failed with 
févr. 15 20:37:00 Xperia10II-DualSIM systemd[1]: Failed to start Mount /dev/mapper/a203bea7-6722-431c-a423-f4f742052c6b per udisks2.
-- Subject: L'unité (unit) mount-cryptosd-luks@a203bea7\x2d6722\x2d431c\x2da423\x2df4f742052c6b.service a échoué
-- Defined-By: systemd
-- Support: https://forum.sailfishos.org/
-- 
-- L'unité (unit) mount-cryptosd-luks@a203bea7\x2d6722\x2d431c\x2da423\x2df4f742052c6b.service a échoué, avec le résultat RESULT.
févr. 15 20:37:00 Xperia10II-DualSIM systemd[1]: selinux: Unknown permission status for class system
févr. 15 20:37:00 Xperia10II-DualSIM systemd[1]: selinux: Unknown class service

I noticed that there are concomitant selinux messages, hence I believe I have to look at the policies - a new topic to learn ...

[EDIT]
Is it pertinent that the policy file mentions "unix-group:root;unix-group:media_rw" whilst it seems the used group is "disk" as shown below ?

[root@Xperia10II-DualSIM 50-local.d]# ls -l /dev/mapper/
total 0
brw-rw----    1 root     disk      252,   3 Feb 15 20:36 a203bea7-6722-431c-a423-f4f742052c6b
crw-------    1 root     root       10, 236 Feb 10 14:05 control

[Olf0]

* I made sure I unmounted the SDCard, lukClosed the device and checked the entry in /dev/mapper was not ther

👍

* I triggered the udev rule and

* partial success on cryptosd-luks systemd rule.
  Partial because


1. it creates the /dev/mapper entry hence it has luksOpened the devide

2. it generates logs - sorry I left the French language ...

That is O.K., though I may have to look up some words (or ask you).
What is not nice, that some lines seem to be truncated. Please look at journalctl's options -a or -o … (IIRC I used the latter) or it happened when copy&paste'ing the output here; see, e.g. "Main process" and "Failed with " in the second box: Both would have been interesting to read in their entirety.

* but mount-cryptosd-liks failed

[…]
I noticed that there are concomitant selinux messages, hence I believe I have to look at the policies - a new topic to learn ...

Good luck, then we can chat again in a couple of months earliest. 😉
Seriously: Determine how to switch SElinux off temporarily and then check if it makes a difference.

[EDIT] Is it pertinent that the policy file mentions "unix-group:root;unix-group:media_rw" whilst it seems the used group is "disk" as shown below ?

If "pertinent" means "relevant": No.

Do try to execute things which do not work by hand.

If you use the units look at their status with systemctl and do not truncate the lines there, too.

BTW, starting and stopping them by hand (systemctl start|stop) in one terminal window and a journalctl -f in another makes life easier.

Take a look at the journalctl option -u.

Please do read man-pages, the systemd-documentation at freedesktop.org and my documentation here.
For example (i.e., just a single example): https://github.com/Olf0/crypto-sdcard/blob/master/On-Polkit.md#22--implementation-notes-for-69-cryptosdpkla-as-of-crypto-sdcard-170

Please ask after you have searched and read thoroughly.