Crypto-sdcard does not work on 4.4.0.72 / Sony Xperia 10 II about crypto-sdcard HOT 9 OPEN

Actually seems not to matter after checking.
Just remarked that on line 9 of 96-cryptosd.rules it mentions the /usr/lib path - hence I tried to look at it, and foudn the file line the /lib/... path.

When simply rebooting I am probably not fast enough to catch details with journalctl.

Tried to trigger using udevadm, I see the systemd attempt to start cryptosd-luks@a203bea7\x2d6722\x2d431c\x2da423\x2df4f742052c6b.service'
It fails but this was expected here since my Encrypted partition is already mounted hence opening with cryptsetup fails.

I will try tomorrow

1. to trigger when my encrypted partition is not mounted
2. to use a USB device as you suggested to control when it is inserted and be ready to capture logs.

Thanks for your help and patience. I am a fast learner but there are quite a few elements to acquire to start and be efficient :-)

from crypto-sdcard.

Actually seems not to matter after checking.
Just remarked that on line 9 of 96-cryptosd.rules it mentions the /usr/lib path - hence I tried to look at it, and foudn the file line the /lib/... path.

When simply rebooting I am probably not fast enough to catch details with journalctl.

Tried to trigger using udevadm, I see the systemd attempt to start cryptosd-luks@a203bea7\x2d6722\x2d431c\x2da423\x2df4f742052c6b.service'
It fails but this was expected here since my Encrypted partition is already mounted hence opening with cryptsetup fails.

I will try tomorrow

1. to trigger when my encrypted partition is not mounted
2. to use a USB device as you suggested to control when it is inserted and be ready to capture logs.

Thanks for your help and patience. I am a fast learner but there are quite a few elements to acquire to start and be efficient :-)

[Edit] As I am back to work, I have less time to spend - not giving up nonetheless

from crypto-sdcard.

Your conclusions in [EDIT3] are correct, most of the others are not.

[EDIT4] is likely due to not retracing what crypto-sdcard from the sfos4.0.1 branch does.

Still you better start anew with the current guide on USB-attached media and check if that works with crypto-sdcard-1.7.2-1.sfos401regular.noarch.rpm installed when hotplugging.

Also create an unencrypted partition on that media and check if this becomes auto-mounted on boot, with and / or without mount-sdcard-1.8.1-1.sfos340.noarch.rpm installed.

P.S.: A lengthy reply on an abstract level was already provided. Please follow it, and then come back here with answers and likely more and potentially better questions.

P.P.S.: For other readers: While this is a continuation of issue #115, I requested to separate these tests, debugging tries and questions which arise from that.

from crypto-sdcard.

/usr/lib/udev/rules.d/60-persistent-storage.rules does not exist on my phone
a file with same name exists as /lib/udev/rules.d/60-persistent-storage.rules.

Context? I.e., why do you think this matters?

from crypto-sdcard.

… Just remarked that on line 9 of 96-cryptosd.rules it mentions the /usr/lib path - hence I tried to look at it, and found the file line the /lib/... path.

¿https://github.com/Olf0/crypto-sdcard/blob/sfos401/polkit-1/localauthority/50-local.d/69-cryptosd.pkla#L9?
AFAICS, it does not.
^{Please check things twice, before you trigger others to check things by your statements.}

When simply rebooting I am probably not fast enough to catch details with journalctl.

Then make the journal persistent. But better stop testing via reboots. Do use hotplugging, until you are fine with that (i.e., you fully understand what is going on).

from crypto-sdcard.

I meant in udev/rules.d/96-cryptosd.rules in branch sfos401, see below the line 9

# - SUBSYSTEMS=="usb", KERNEL=="mmcblk[0-9]*|sd*|sr*" to filter for anything attached via (presumably "external") USB.  Mind that on devices without an SD-card slot mmcblk1 will be an externally attached card.
# Reference: /usr/lib/udev/rules.d/60-persistent-storage.rules
# 

I have an issue with testing on plug-in as I do not have a usbc adapter for my new xperia 10 II yet.
I am going to restart my older xperia X for that and find a SD card (not all my packages are well sorted since I moved in my new house yet).
32 or 64 bits should not change on that, my older xperia X is also 4.4.0.72.

from crypto-sdcard.

I meant in udev/rules.d/96-cryptosd.rules in branch sfos401, […]

Sorry, I am overworked and did not read well enough: This is why I love links, they are unambiguous. How to make them point to a specific line or section, see small text below.

Technically: It is only a comment, the path is irrelevant, it is the file which is meant to be referenced. It is intended to trigger a reader to look at this or rules/60-persistent-storage.rules on a SailfishOS installation. Yes, the path might be better adapted to the new location since SailfishOS 3.4.0 in the corresponding branches.

^{If you click on the line numbers or manually append #L<line-number> to the link, you can link to specific lines, for example for this line 9: https://github.com/Olf0/crypto-sdcard/blob/sfos401/udev/rules.d/96-cryptosd.rules#L9
If you click on a line number, then press the <Shift> key followed by clicking on another line number (or manually by appending #L<line-number1>-#L<line-number2>), you can select an area. As an example, the lines 8 to 10 you quoted: https://github.com/Olf0/crypto-sdcard/blob/sfos401/udev/rules.d/96-cryptosd.rules#L8-L10}

I have an issue with testing on plug-in as I do not have a usbc adapter for my new xperia 10 II yet.

Amazon etc. offers them for a few €. They are quite handy, at attach USB-A hardware, not only sticks (in theory a keyboard, printer etc. should work with a bit of configuration of SailfishOS, a keyboard maybe even without configuring anything).

I am going to restart my older xperia X for that and find a SD card (not all my packages are well sorted since I moved in my new house yet). 32 or 64 bits should not change on that, my older xperia X is also 4.4.0.72.

Yes, all this is independent of the CPU-architecture.

Hey, take your time, do not rush things. This has been lying around stale for more than a year, a couple of days will not make any difference. And you are too fast for me. 😉
So you may better spend a couple of hours moving stuff in your new house.

from crypto-sdcard.

HI

I just got a bit of time tonight, while waiting for the delivery of a USB-micro <-> USBC adapter:

• I made sure I unmounted the SDCard, lukClosed the device and checked the entry in /dev/mapper was not ther
• I triggered the udev rule and
• partial success on cryptosd-luks systemd rule.
  Partial because

1. it creates the /dev/mapper entry hence it has luksOpened the devide
2. it generates logs - sorry I left the French language ...

févr. 15 20:36:57 Xperia10II-DualSIM systemd[1]: selinux: Unknown class service
févr. 15 20:36:57 Xperia10II-DualSIM systemd[1]: selinux: Unknown class service
févr. 15 20:36:57 Xperia10II-DualSIM systemd[1]: Starting Open /dev/disk/by-uuid/a203bea7-6722-431c-a423-f4f742052c6b per cryptsetup...
-- Subject: L'unité (unit) cryptosd-luks@a203bea7\x2d6722\x2d431c\x2da423\x2df4f742052c6b.service a commencé à démarrer
-- Defined-By: systemd
-- Support: https://forum.sailfishos.org/
-- 
-- L'unité (unit) cryptosd-luks@a203bea7\x2d6722\x2d431c\x2da423\x2df4f742052c6b.service a commencé à démarrer.
févr. 15 20:36:57 Xperia10II-DualSIM systemd[1]: selinux: Unknown class service
févr. 15 20:36:57 Xperia10II-DualSIM systemd[1]: selinux: Unknown class service
févr. 15 20:36:59 Xperia10II-DualSIM systemd[1]: Started Open /dev/disk/by-uuid/a203bea7-6722-431c-a423-f4f742052c6b per cryptsetup.
-- Subject: L'unité (unit) cryptosd-luks@a203bea7\x2d6722\x2d431c\x2da423\x2df4f742052c6b.service a terminé son démarrage
-- Defined-By: systemd
-- Support: https://forum.sailfishos.org/
-- 
-- L'unité (unit) cryptosd-luks@a203bea7\x2d6722\x2d431c\x2da423\x2df4f742052c6b.service a terminé son démarrage, avec le résultat RESULT.
févr. 15 20:36:59 Xperia10II-DualSIM systemd-udevd[25228]: conflicting device node '/dev/mapper/a203bea7-6722-431c-a423-f4f742052c6b' found
févr. 15 20:36:59 Xperia10II-DualSIM systemd[1]: selinux: Unknown class service

• but mount-cryptosd-liks failed

févr. 15 20:37:00 Xperia10II-DualSIM systemd[5148]: selinux: Unknown permission status for class system
févr. 15 20:37:00 Xperia10II-DualSIM harbour-amazfishd[6225]: 2023-02-15 20:37:00.145 : AbstractDevice::reconnectionTimer
févr. 15 20:37:00 Xperia10II-DualSIM harbour-amazfishd[6225]: 2023-02-15 20:37:00.149 : Lost connection
févr. 15 20:37:00 Xperia10II-DualSIM harbour-amazfishd[6225]: 2023-02-15 20:37:00.149 : QBLEDevice::disconnectFromDevice
févr. 15 20:37:00 Xperia10II-DualSIM harbour-amazfishd[6225]: 2023-02-15 20:37:00.152 : QBLEDevice::connectToDevice
févr. 15 20:37:00 Xperia10II-DualSIM harbour-amazfishd[6225]: 2023-02-15 20:37:00.152 : DeviceInterface::onRefreshTimer
févr. 15 20:37:00 Xperia10II-DualSIM udisksctl-user[25245]: Error looking up object for device /dev/mapper/a203bea7-6722-431c-a423-f4f74205
févr. 15 20:37:00 Xperia10II-DualSIM su[25251]: pam_unix(su-l:session): session closed for user defaultuser
févr. 15 20:37:00 Xperia10II-DualSIM systemd[1]: mount-cryptosd-luks@a203bea7\x2d6722\x2d431c\x2da423\x2df4f742052c6b.service: Main process
févr. 15 20:37:00 Xperia10II-DualSIM systemd[1]: selinux: Unknown permission stop for class system
févr. 15 20:37:00 Xperia10II-DualSIM systemd[1]: selinux: Unknown permission status for class system
févr. 15 20:37:00 Xperia10II-DualSIM systemd[1]: mount-cryptosd-luks@a203bea7\x2d6722\x2d431c\x2da423\x2df4f742052c6b.service: Failed with 
févr. 15 20:37:00 Xperia10II-DualSIM systemd[1]: Failed to start Mount /dev/mapper/a203bea7-6722-431c-a423-f4f742052c6b per udisks2.
-- Subject: L'unité (unit) mount-cryptosd-luks@a203bea7\x2d6722\x2d431c\x2da423\x2df4f742052c6b.service a échoué
-- Defined-By: systemd
-- Support: https://forum.sailfishos.org/
-- 
-- L'unité (unit) mount-cryptosd-luks@a203bea7\x2d6722\x2d431c\x2da423\x2df4f742052c6b.service a échoué, avec le résultat RESULT.
févr. 15 20:37:00 Xperia10II-DualSIM systemd[1]: selinux: Unknown permission status for class system
févr. 15 20:37:00 Xperia10II-DualSIM systemd[1]: selinux: Unknown class service

I noticed that there are concomitant selinux messages, hence I believe I have to look at the policies - a new topic to learn ...

[EDIT]
Is it pertinent that the policy file mentions "unix-group:root;unix-group:media_rw" whilst it seems the used group is "disk" as shown below ?

[root@Xperia10II-DualSIM 50-local.d]# ls -l /dev/mapper/
total 0
brw-rw----    1 root     disk      252,   3 Feb 15 20:36 a203bea7-6722-431c-a423-f4f742052c6b
crw-------    1 root     root       10, 236 Feb 10 14:05 control

from crypto-sdcard.

* I made sure I unmounted the SDCard, lukClosed the device and checked the entry in /dev/mapper was not ther

👍

* I triggered the udev rule and

* partial success on cryptosd-luks systemd rule.
  Partial because


1. it creates the /dev/mapper entry hence it has luksOpened the devide

2. it generates logs - sorry I left the French language ...

That is O.K., though I may have to look up some words (or ask you).
What is not nice, that some lines seem to be truncated. Please look at journalctl's options -a or -o … (IIRC I used the latter) or it happened when copy&paste'ing the output here; see, e.g. "Main process" and "Failed with " in the second box: Both would have been interesting to read in their entirety.

* but mount-cryptosd-liks failed

[…]
I noticed that there are concomitant selinux messages, hence I believe I have to look at the policies - a new topic to learn ...

Good luck, then we can chat again in a couple of months earliest. 😉
Seriously: Determine how to switch SElinux off temporarily and then check if it makes a difference.

[EDIT] Is it pertinent that the policy file mentions "unix-group:root;unix-group:media_rw" whilst it seems the used group is "disk" as shown below ?

If "pertinent" means "relevant": No.

Do try to execute things which do not work by hand.

If you use the units look at their status with systemctl and do not truncate the lines there, too.

BTW, starting and stopping them by hand (systemctl start|stop) in one terminal window and a journalctl -f in another makes life easier.

Take a look at the journalctl option -u.

Please do read man-pages, the systemd-documentation at freedesktop.org and my documentation here.
For example (i.e., just a single example): https://github.com/Olf0/crypto-sdcard/blob/master/On-Polkit.md#22--implementation-notes-for-69-cryptosdpkla-as-of-crypto-sdcard-170

Please ask after you have searched and read thoroughly.

from crypto-sdcard.