From: Lennart Poettering Date: Thu, 31 Mar 2022 08:49:30 +0000 (+0200) Subject: cryptsetup: adjust some log levels X-Git-Tag: v251-rc2~236^2~8 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2e4aae981e5860a830293d16bf28cc658d89110d;p=thirdparty%2Fsystemd.git cryptsetup: adjust some log levels Let's upgrade log levels of some noteworthy messages from LOG_DEBUG to LOG_NOTICE. These messages contain information that previous log messages in the error path didn't say, namely that we'll now fall back to traditional unlocking. Note that this leaves similar log messages for cases where TPM2/PKCS#11/FIDO2 support is disabled at build at LOG_DEBUG, since in that case nothing really failed, we just systematically can't do TPM2/PKCS#11/FIDO2 and hence it is pointless and not actionable for users to do anything about it... --- diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index 137e7ee95d9..21430d42562 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -1329,8 +1329,8 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2( /* EAGAIN means: no tpm2 chip found * EOPNOTSUPP means: no libcryptsetup plugins support */ if (r == -ENXIO) - return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), - "No TPM2 metadata matching the current system state found in LUKS2 header, falling back to traditional unlocking."); + return log_notice_errno(SYNTHETIC_ERRNO(EAGAIN), + "No TPM2 metadata matching the current system state found in LUKS2 header, falling back to traditional unlocking."); if (r == -ENOENT) return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), "No TPM2 metadata enrolled in LUKS2 header or TPM2 support not available, falling back to traditional unlocking."); @@ -1367,10 +1367,11 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2( &tpm2_flags); if (r == -ENXIO) /* No further TPM2 tokens found in the LUKS2 header. */ - return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), - found_some - ? "No TPM2 metadata matching the current system state found in LUKS2 header, falling back to traditional unlocking." - : "No TPM2 metadata enrolled in LUKS2 header, falling back to traditional unlocking."); + return log_full_errno(found_some ? LOG_NOTICE : LOG_DEBUG, + SYNTHETIC_ERRNO(EAGAIN), + found_some + ? "No TPM2 metadata matching the current system state found in LUKS2 header, falling back to traditional unlocking." + : "No TPM2 metadata enrolled in LUKS2 header, falling back to traditional unlocking."); if (ERRNO_IS_NOT_SUPPORTED(r)) /* TPM2 support not compiled in? */ return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 support not available, falling back to traditional unlocking."); if (r < 0) @@ -1393,7 +1394,7 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2( arg_ask_password_flags, &decrypted_key, &decrypted_key_size); if (IN_SET(r, -EACCES, -ENOLCK)) - return log_error_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 PIN unlock failed, falling back to traditional unlocking."); + return log_notice_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 PIN unlock failed, falling back to traditional unlocking."); if (r != -EPERM) break;