Public bug reported: [Description] This new feature of the installer adds a recovery key to the password page when the user selects an encrypted installation. The recovery key contains digits only and is generated automatically. The user can write it down or save it to a file that can then be used as input to unlock an encrypted volume.
This patch modifies the crypto page of the installer, the debconf templates (which introduces new strings) and the related python code. [Rationale] This is a request from corporate users to recover machines where the primary key has been lost (forgotten, user left the company, ...) [Risks] * Errors in python or UI code, either the installer won't load at all or the security page will trigger a crash. These are both highly visible crashes. The logs are in /var/log/syslog and /var/log/installer/ * Errors in the debconf templates: Some strings won't be translated on non-english installations * When the file browser opens verify that it opens in the right home directory. If it fails it would be a minor issue, the user can still browse to a writable location. [Build] Builds and tested successfully locally in live session and ubiquity-dm [Other info] Code reviewed, approved and already merged in main. [Test Plan] 1. Start latest Focal iso, and install the deb package ubiquity, ubiquity-frontend-gtk and ubiquity-ubuntu-artwork. 2. Proceed with the installation until the partitioning page. 3. Select "Advanced features" 4. In the new dialog, select LVM and check the box to enable encryption. 5. Close the dialog and continue installation 6. The page to enter a passphrase will be displayed. 7. Enter a passphrase. 8. In the "recovery key" section of the page, make the field visible to reveal the automatically generated password. Verify that it contains only digits. 9. Click on the refresh button next to the field and verify that the password is refreshed and contains only digits. 10. Write the password down. 11. Click on the file browser icon, and verify that the file browser opens in the home directory of the user. 12. Create a new folder to write the key too and close the file browser window 13. Continue with installation to the end but do not reboot yet. 14. Open Nautilus or a terminal and verify that the key is saved to the location you entered previously. 15. Verify that the content of the key matches the password that you wrote down in step 10. 16. Reboot the machine. 17. At the password prompt of plymouth, enter the passphrase you entered at step 7, press enter, and verify that the volume is unlocked and the machine boots as expected. 18. Reboot the machine 19. At the password prompt of plymouth, enter the password you wrote down at step 10, press enter, and verify that the volume is unlocked and the machine boots as expected. 20. Repeat the test from ubiquity-dm (boot with systemd.unit=rescue.target, in recovery mode systemctl start network-online.target, copy the debs with scp and install them) ** Affects: ubiquity (Ubuntu) Importance: Undecided Status: New ** Merge proposal linked: https://code.launchpad.net/~jibel/ubiquity/+git/ubiquity-1/+merge/397742 ** Description changed: [Description] This new feature of the installer adds a recovery key to the password page when the user selects an encrypted installation. The recovery key contains digits only and is generated automatically. The user can write it down or save it to a file that can then be used as input to unlock an encrypted volume. This patch modifies the crypto page of the installer, the debconf templates (which introduces new strings) and the related python code. [Rationale] This is a request from corporate users to recover machines where the primary key has been lost (forgotten, user left the company, ...) [Risks] * Errors in python or UI code, either the installer won't load at all or the security page will trigger a crash. These are both highly visible crashes. The logs are in /var/log/syslog and /var/log/installer/ * Errors in the debconf templates: Some strings won't be translated on non-english installations * When the file browser opens verify that it opens in the right home directory. If it fails it would be a minor issue, the user can still browse to a writable location. [Build] Builds and tested successfully locally in live session and ubiquity-dm + + [Other info] + Code reviewed, approved and already merged in main. [Test Plan] 1. Start latest Focal iso, and install the deb package ubiquity, ubiquity-frontend-gtk and ubiquity-ubuntu-artwork. 2. Proceed with the installation until the partitioning page. 3. Select "Advanced features" 4. In the new dialog, select LVM and check the box to enable encryption. 5. Close the dialog and continue installation 6. The page to enter a passphrase will be displayed. 7. Enter a passphrase. 8. In the "recovery key" section of the page, make the field visible to reveal the automatically generated password. Verify that it contains only digits. 9. Click on the refresh button next to the field and verify that the password is refreshed and contains only digits. 10. Write the password down. 11. Click on the file browser icon, and verify that the file browser opens in the home directory of the user. 12. Create a new folder to write the key too and close the file browser window 13. Continue with installation to the end but do not reboot yet. 14. Open Nautilus or a terminal and verify that the key is saved to the location you entered previously. 15. Verify that the content of the key matches the password that you wrote down in step 10. 16. Reboot the machine. 17. At the password prompt of plymouth, enter the passphrase you entered at step 7, press enter, and verify that the volume is unlocked and the machine boots as expected. 18. Reboot the machine 19. At the password prompt of plymouth, enter the password you wrote down at step 10, press enter, and verify that the volume is unlocked and the machine boots as expected. 20. Repeat the test from ubiquity-dm (boot with systemd.unit=rescue.target, in recovery mode systemctl start network-online.target, copy the debs with scp and install them) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921358 Title: [FFe] Master recovery key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1921358/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs