From ecdc6926b707adbbf5fda4d1f0140538237d03a6 Mon Sep 17 00:00:00 2001 From: olf Date: Wed, 21 Oct 2020 04:02:10 +0200 Subject: [PATCH 01/17] Update crypto-sdcard.spec --- rpm/crypto-sdcard.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec index 98b2ad1e..5f60d8c0 100644 --- a/rpm/crypto-sdcard.spec +++ b/rpm/crypto-sdcard.spec @@ -14,7 +14,7 @@ Version: 1.3.1 # - An optional third field might be used by downstream packagers, who alter the package but want to # retain the exact version number. It shall consist of the packager's name appended with a natural # number greater than zero, e.g "joe8". -Release: 1.sfos340 +Release: 1.sfos340+qcrypto Group: System/Base Distribution: SailfishOS Vendor: olf From 1993e0a49eec0fc18f329d986bdb2a028f3b8707 Mon Sep 17 00:00:00 2001 From: olf Date: Wed, 21 Oct 2020 04:11:10 +0200 Subject: [PATCH 02/17] Correct indentation --- rpm/crypto-sdcard.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec index 55e45c75..779b400d 100644 --- a/rpm/crypto-sdcard.spec +++ b/rpm/crypto-sdcard.spec @@ -39,8 +39,8 @@ Requires: sailfish-version >= 3.2.1 # Requires: sailfish-version < 3.9.9 Requires: cryptsetup >= 1.4.0 # Provides the file $(find /lib/modules/ -name qcrypto.ko) on a Jolla 1: -Requires: kernel-adaptation-sbj -# Requires: (kernel-adaptation-sbj or droid-hal-l500d or XYZ) +Requires: kernel-adaptation-sbj +# Requires: (kernel-adaptation-sbj or droid-hal-l500d or XYZ) Conflicts: crypto-sdcard_sbj Obsoletes: crypto-sdcard_sbj Provides: crypto-sdcard_sbj From ad71f139b7cb4f88a2fe134a49c5c29f828b0018 Mon Sep 17 00:00:00 2001 From: olf Date: Wed, 21 Oct 2020 05:43:17 +0200 Subject: [PATCH 03/17] Update crypto-sdcard.spec --- rpm/crypto-sdcard.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec index 78c0b4b0..568c807d 100644 --- a/rpm/crypto-sdcard.spec +++ b/rpm/crypto-sdcard.spec @@ -13,7 +13,7 @@ Version: 1.3.1 # - An optional third field might be used by downstream packagers, who alter the package but want to # retain the exact version number. It shall consist of the packager's name appended with a natural # number greater than zero, e.g "joe8". -Release: 1.sfosABC+qcrypto +Release: 1.sfosABCqcrypto Group: System/Base Distribution: SailfishOS Vendor: olf From 947964f25357eefe88211c681157d906bf8b48ee Mon Sep 17 00:00:00 2001 From: olf Date: Wed, 21 Oct 2020 06:02:10 +0200 Subject: [PATCH 04/17] Update crypto-sdcard.spec --- rpm/crypto-sdcard.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec index 9ed00697..73ca0bbd 100644 --- a/rpm/crypto-sdcard.spec +++ b/rpm/crypto-sdcard.spec @@ -13,7 +13,7 @@ Version: 1.3.1 # - An optional third field might be used by downstream packagers, who alter the package but want to # retain the exact version number. It shall consist of the packager's name appended with a natural # number greater than zero, e.g "joe8". -Release: 1.sfos321 +Release: 2.sfos321 Group: System/Base Distribution: SailfishOS Vendor: olf From ef6f95217c134ece742eb1154906b3a7ae79c046 Mon Sep 17 00:00:00 2001 From: olf Date: Wed, 21 Oct 2020 19:35:57 +0200 Subject: [PATCH 05/17] Update crypto-sdcard.spec --- rpm/crypto-sdcard.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec index d7f4268c..941a0c69 100644 --- a/rpm/crypto-sdcard.spec +++ b/rpm/crypto-sdcard.spec @@ -10,7 +10,7 @@ Version: 1.3.1 # - An optional third field might be used by downstream packagers, who alter the package but want to # retain the exact version number. It shall consist of the packager's name appended with a natural # number greater than zero, e.g "joe8". -Release: 2.sfos321 +Release: 3.sfos321regular Group: System/Base Distribution: SailfishOS Vendor: olf From 20fcd8f9d664605da9c6b693d9e33c0214d28dc0 Mon Sep 17 00:00:00 2001 From: olf Date: Wed, 21 Oct 2020 19:37:06 +0200 Subject: [PATCH 06/17] Update crypto-sdcard.spec --- rpm/crypto-sdcard.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec index 713ad0bc..f018bcb3 100644 --- a/rpm/crypto-sdcard.spec +++ b/rpm/crypto-sdcard.spec @@ -10,7 +10,7 @@ Version: 1.3.1 # - An optional third field might be used by downstream packagers, who alter the package but want to # retain the exact version number. It shall consist of the packager's name appended with a natural # number greater than zero, e.g "joe8". -Release: 2.sfos340 +Release: 2.sfos340regular Group: System/Base Distribution: SailfishOS Vendor: olf From dc4345d6dd5f3fc887cfb910981d9c20f8dfa3a4 Mon Sep 17 00:00:00 2001 From: olf Date: Wed, 21 Oct 2020 19:39:35 +0200 Subject: [PATCH 07/17] Update crypto-sdcard.spec --- rpm/crypto-sdcard.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec index f018bcb3..4af18145 100644 --- a/rpm/crypto-sdcard.spec +++ b/rpm/crypto-sdcard.spec @@ -10,7 +10,7 @@ Version: 1.3.1 # - An optional third field might be used by downstream packagers, who alter the package but want to # retain the exact version number. It shall consist of the packager's name appended with a natural # number greater than zero, e.g "joe8". -Release: 2.sfos340regular +Release: 3.sfos340regular Group: System/Base Distribution: SailfishOS Vendor: olf From 289530abfa91051cb71d5cbed1553583d40caee8 Mon Sep 17 00:00:00 2001 From: olf Date: Wed, 21 Oct 2020 20:07:36 +0200 Subject: [PATCH 08/17] Update crypto-sdcard.spec --- rpm/crypto-sdcard.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec index 68eacd67..c52bd5a0 100644 --- a/rpm/crypto-sdcard.spec +++ b/rpm/crypto-sdcard.spec @@ -34,6 +34,9 @@ Requires: sailfish-version >= 3.2.1 # Omit anti-dependency on future, untested SFOS versions, until a known conflict exists: # Requires: sailfish-version < 3.9.9 Requires: cryptsetup >= 1.4.0 +# Should not provide the file qcrypto.ko (check: find /lib/modules/ -name qcrypto.ko): +Conflicts: kernel-adaptation-sbj +# Conflicts: (kernel-adaptation-sbj or droid-hal-l500d or XYZ) Conflicts: crypto-sdcard_sbj %description From d2c4522ac9c99d3527c5bef1bc0457e0e13bf1fd Mon Sep 17 00:00:00 2001 From: olf Date: Wed, 21 Oct 2020 20:48:21 +0200 Subject: [PATCH 09/17] Update crypto-sdcard.spec --- rpm/crypto-sdcard.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec index c52bd5a0..620c68b7 100644 --- a/rpm/crypto-sdcard.spec +++ b/rpm/crypto-sdcard.spec @@ -34,7 +34,7 @@ Requires: sailfish-version >= 3.2.1 # Omit anti-dependency on future, untested SFOS versions, until a known conflict exists: # Requires: sailfish-version < 3.9.9 Requires: cryptsetup >= 1.4.0 -# Should not provide the file qcrypto.ko (check: find /lib/modules/ -name qcrypto.ko): +# Should not provide the file qcrypto.ko, check: find /lib/modules/ -name qcrypto.ko; rpm -qf $(find /lib/modules/ -name qcrypto.ko) Conflicts: kernel-adaptation-sbj # Conflicts: (kernel-adaptation-sbj or droid-hal-l500d or XYZ) Conflicts: crypto-sdcard_sbj From dbd11aec61495ce06408a036e3cc69b76e41597d Mon Sep 17 00:00:00 2001 From: olf Date: Wed, 21 Oct 2020 21:02:31 +0200 Subject: [PATCH 10/17] Update crypto-sdcard.spec --- rpm/crypto-sdcard.spec | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec index 620c68b7..bd5a2caf 100644 --- a/rpm/crypto-sdcard.spec +++ b/rpm/crypto-sdcard.spec @@ -34,9 +34,11 @@ Requires: sailfish-version >= 3.2.1 # Omit anti-dependency on future, untested SFOS versions, until a known conflict exists: # Requires: sailfish-version < 3.9.9 Requires: cryptsetup >= 1.4.0 -# Should not provide the file qcrypto.ko, check: find /lib/modules/ -name qcrypto.ko; rpm -qf $(find /lib/modules/ -name qcrypto.ko) -Conflicts: kernel-adaptation-sbj -# Conflicts: (kernel-adaptation-sbj or droid-hal-l500d or XYZ) +# Must provide the file qcrypto.ko, check: find /lib/modules/ -name qcrypto.ko; rpm -qf $(find /lib/modules/ -name qcrypto.ko) +# On a Jolla 1 (sbj) this file is deployed by the following RPM; feedback is required for the Jolla C / Intex Aquafish (l500d), +# Inoi R7 (p4903), Jala Accione and Accione P, which may also have qcrypto.ko installed and then should use it (is faster and uses less energy). +Requires: kernel-adaptation-sbj +# Requires: (kernel-adaptation-sbj or droid-hal-l500d or XYZ) Conflicts: crypto-sdcard_sbj %description From ce96c6e2c3a1318c1b7a5cd2a657b63cc0515f47 Mon Sep 17 00:00:00 2001 From: olf Date: Thu, 22 Oct 2020 00:51:46 +0200 Subject: [PATCH 11/17] Update crypto-sdcard.spec --- rpm/crypto-sdcard.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec index 620c68b7..8701abf1 100644 --- a/rpm/crypto-sdcard.spec +++ b/rpm/crypto-sdcard.spec @@ -36,7 +36,8 @@ Requires: sailfish-version >= 3.2.1 Requires: cryptsetup >= 1.4.0 # Should not provide the file qcrypto.ko, check: find /lib/modules/ -name qcrypto.ko; rpm -qf $(find /lib/modules/ -name qcrypto.ko) Conflicts: kernel-adaptation-sbj -# Conflicts: (kernel-adaptation-sbj or droid-hal-l500d or XYZ) +# Conflicts: droid-hal-l500d +# Conflicts: XYZ Conflicts: crypto-sdcard_sbj %description From 1f9e23f14c6fe6ed273a91a9761ada2dae1e86cf Mon Sep 17 00:00:00 2001 From: olf Date: Thu, 22 Oct 2020 01:00:43 +0200 Subject: [PATCH 12/17] Update crypto-sdcard.spec --- rpm/crypto-sdcard.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec index b38dd9cb..d0d599ef 100644 --- a/rpm/crypto-sdcard.spec +++ b/rpm/crypto-sdcard.spec @@ -38,7 +38,7 @@ Requires: cryptsetup >= 1.4.0 # On a Jolla 1 (sbj) this file is deployed by the following RPM; feedback is required for the Jolla C / Intex Aquafish (l500d), # Inoi R7 (p4903), Jala Accione and Accione P, which may also have qcrypto.ko installed and then should use it (is faster and uses less energy). Requires: kernel-adaptation-sbj -# Requires: (kernel-adaptation-sbj or droid-hal-l500d or XYZ) +# Requires: (kernel-adaptation-sbj or droid-hal-l500d or XYZ or ...) Conflicts: crypto-sdcard_sbj Obsoletes: crypto-sdcard_sbj Provides: crypto-sdcard_sbj From 85c69480345eb52c97e89298ba4c8f001924d2f6 Mon Sep 17 00:00:00 2001 From: olf Date: Thu, 22 Oct 2020 02:32:45 +0200 Subject: [PATCH 13/17] Update README.md --- README.md | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index add5f592..bd61a8fd 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,10 @@ -# crypto-sdcard (qcrypto edition) +# crypto-sdcard #### Configuration files for unlocking and mounting encrypted SD-cards, using udev, udisks2, polkit and systemd. -This edition is provided specifically for devices (e.g. Jolla 1 phones aka "sbj", but maybe also other older devices using Qualcomm SoCs), which need Qualcomm's `qcrypto` kernel module to be loaded in order to support modern cryptographic schemes as e.g. XTS. Currently only the Jolla 1 is supported, because I own one and hence can test on it.
-The Jolla C / Intex Aquafish (l500d), Inoi R7 (p4903), Jala Accione and Accione P may also need the explicit loading of the `qcrypto` kernel module, but I need the output of these two commands (can be done as a regular user, no need for root) to correctly define a dependency to the RPM (for each of these devices, as I do not have access to any of these), which contains qcrypto.ko:
-`rpm -qf $(find /lib/modules/ -name qcrypto.ko)`
-`ssu s # Delete your "Device UID" before posting!`
-For all other devices (i.e., on those where `find /lib/modules/ -name qcrypto.ko` yields nothing), the [generic edition](https://github.com/Olf0/crypto-sdcard) shall be used. +Note that for devices (e.g. Jolla 1 phones (aka "sbj"), but maybe also other older devices using Qualcomm SoCs as the Jolla C / Intex Aquafish (l500d), Inoi R7 (p4903), Jala Accione and Accione P), which need Qualcomm's `qcrypto` kernel module to be loaded in order to support modern cryptographic schemes as e.g. XTS (plus it is faster and more energy efficient), a [separate "qcrypto edition" is provided](https://github.com/Olf0/crypto-sdcard/tree/qcrypto). Extensively tested with systemd 225 (which includes udev), udisks2 2.7.5 and polkit 0.104 (e.g. SailfishOS 2.2 / 3.x, which provides aforementioned environment).
-Built RPMs are available in the [release section](https://github.com/Olf0/crypto-sdcard/releases) and for easy installation under SailfishOS at [OpenRepos](https://openrepos.net/content/olf/crypto-sdcard_sbj). +Built RPMs are available in the [release section](https://github.com/Olf0/crypto-sdcard/releases) and for easy installation under SailfishOS at [OpenRepos](https://openrepos.net/content/olf/crypto-sdcard). The necessary steps to prepare an SD-card (or any other removable storage) are described at [Together.Jolla.com](https://together.jolla.com/question/195850/guide-creating-partitions-on-sd-card-optionally-encrypted/).
Note that the "key"-files reside unencrypted on fixed, internal mass storage, as mobile devices usually have only a single user, who unlocks the whole device.
From 07e185c29a523ece6413509f89aac7b5be92d699 Mon Sep 17 00:00:00 2001 From: olf Date: Thu, 22 Oct 2020 02:41:29 +0200 Subject: [PATCH 14/17] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bd61a8fd..082a0a34 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# crypto-sdcard +# crypto-sdcard (regular edition) #### Configuration files for unlocking and mounting encrypted SD-cards, using udev, udisks2, polkit and systemd. Note that for devices (e.g. Jolla 1 phones (aka "sbj"), but maybe also other older devices using Qualcomm SoCs as the Jolla C / Intex Aquafish (l500d), Inoi R7 (p4903), Jala Accione and Accione P), which need Qualcomm's `qcrypto` kernel module to be loaded in order to support modern cryptographic schemes as e.g. XTS (plus it is faster and more energy efficient), a [separate "qcrypto edition" is provided](https://github.com/Olf0/crypto-sdcard/tree/qcrypto). From a57bc913f163c73fecfe68b04621cbf9d99bee96 Mon Sep 17 00:00:00 2001 From: olf Date: Thu, 22 Oct 2020 02:53:42 +0200 Subject: [PATCH 15/17] Update cryptosd-luks@.service --- systemd/system/cryptosd-luks@.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd/system/cryptosd-luks@.service b/systemd/system/cryptosd-luks@.service index 0a1ad920..642c314c 100644 --- a/systemd/system/cryptosd-luks@.service +++ b/systemd/system/cryptosd-luks@.service @@ -10,7 +10,7 @@ AssertFileNotEmpty=/etc/crypto-sdcard/%I.key Type=oneshot RemainAfterExit=yes # For devices, which need the qcrypto kernel module loaded to support modern cryptographic schemes as e.g. XTS: -ExecStartPre=/sbin/modprobe qcrypto +# ExecStartPre=/sbin/modprobe qcrypto # For various reasons (dependency on udisks2, allow discards etc.), do not use "udisksctl unlock --key-file", call cryptsetup directly: ExecStart=/usr/sbin/cryptsetup --allow-discards -d /etc/crypto-sdcard/%I.key luksOpen /dev/%I %I # ExecStartPost=chgrp disk /dev/mapper/%I # Moved to udev rules 96-cryptosd From cf4afceb3a912d471d6fdec45ab4e4b4b40f2710 Mon Sep 17 00:00:00 2001 From: olf Date: Thu, 22 Oct 2020 02:55:10 +0200 Subject: [PATCH 16/17] Disable qcrypto --- systemd/system/cryptosd-plain@.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd/system/cryptosd-plain@.service b/systemd/system/cryptosd-plain@.service index 99cb53fb..603afc8e 100644 --- a/systemd/system/cryptosd-plain@.service +++ b/systemd/system/cryptosd-plain@.service @@ -10,7 +10,7 @@ AssertFileNotEmpty=/etc/crypto-sdcard/%I.key Type=oneshot RemainAfterExit=yes # For devices, which need the qcrypto kernel module loaded to support modern cryptographic schemes as e.g. XTS: -ExecStartPre=/sbin/modprobe qcrypto +# ExecStartPre=/sbin/modprobe qcrypto ExecStart=/bin/sh -c 'cat /etc/crypto-sdcard/%I.key | /usr/sbin/cryptsetup -h sha1 -s 256 -c aes-xts-plain --allow-discards --type plain open /dev/%I %I' # ExecStartPost=chgrp disk /dev/mapper/%I # Moved to udev rules 96-cryptosd ExecStop=/usr/sbin/cryptsetup close %I From 4241d88b3154c7dafbacbf93b53ec31efbe31b08 Mon Sep 17 00:00:00 2001 From: olf Date: Thu, 22 Oct 2020 03:18:12 +0200 Subject: [PATCH 17/17] Update crypto-sdcard.spec --- rpm/crypto-sdcard.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rpm/crypto-sdcard.spec b/rpm/crypto-sdcard.spec index d4d9e848..d908d3bb 100644 --- a/rpm/crypto-sdcard.spec +++ b/rpm/crypto-sdcard.spec @@ -10,7 +10,7 @@ Version: 1.3.1 # - An optional third field might be used by downstream packagers, who alter the package but want to # retain the exact version number. It shall consist of the packager's name appended with a natural # number greater than zero, e.g "joe8". -Release: 1.sfosABCregular +Release: 4.sfos340regular Group: System/Base Distribution: SailfishOS Vendor: olf @@ -32,7 +32,7 @@ Requires: udisks2 >= 2.8.1+git5-1.12.1.jolla # ultimately decided to use both in this case: Requires: sailfish-version >= 3.4.0 # Omit anti-dependency on future, untested SFOS versions, until a known conflict exists: -Requires: sailfish-version < 3.4.0 +# Requires: sailfish-version < 3.9.9 Requires: cryptsetup >= 1.4.0 # Should not provide the file qcrypto.ko, check: find /lib/modules/ -name qcrypto.ko; rpm -qf $(find /lib/modules/ -name qcrypto.ko) Conflicts: kernel-adaptation-sbj