diff options
| author | Lennart Poettering <lennart@poettering.net> | 2022-03-31 10:49:30 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2022-03-31 11:24:07 +0200 |
| commit | 2e4aae981e5860a830293d16bf28cc658d89110d (patch) | |
| tree | 29e554c6418f47bbeb451511726bdbb61cda43d9 /src/cryptsetup | |
| parent | cryptsetup: add helper for mangling "none" option strings (diff) | |
| download | systemd-2e4aae981e5860a830293d16bf28cc658d89110d.tar.xz systemd-2e4aae981e5860a830293d16bf28cc658d89110d.zip | |
cryptsetup: adjust some log levels
Let's upgrade log levels of some noteworthy messages from LOG_DEBUG to
LOG_NOTICE. These messages contain information that previous log
messages in the error path didn't say, namely that we'll now fall back
to traditional unlocking.
Note that this leaves similar log messages for cases where
TPM2/PKCS#11/FIDO2 support is disabled at build at LOG_DEBUG, since in
that case nothing really failed, we just systematically can't do
TPM2/PKCS#11/FIDO2 and hence it is pointless and not actionable for
users to do anything about it...
Diffstat (limited to 'src/cryptsetup')
| -rw-r--r-- | src/cryptsetup/cryptsetup.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index 137e7ee95d..21430d4256 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -1329,8 +1329,8 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2( /* EAGAIN means: no tpm2 chip found * EOPNOTSUPP means: no libcryptsetup plugins support */ if (r == -ENXIO) - return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), - "No TPM2 metadata matching the current system state found in LUKS2 header, falling back to traditional unlocking."); + return log_notice_errno(SYNTHETIC_ERRNO(EAGAIN), + "No TPM2 metadata matching the current system state found in LUKS2 header, falling back to traditional unlocking."); if (r == -ENOENT) return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), "No TPM2 metadata enrolled in LUKS2 header or TPM2 support not available, falling back to traditional unlocking."); @@ -1367,10 +1367,11 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2( &tpm2_flags); if (r == -ENXIO) /* No further TPM2 tokens found in the LUKS2 header. */ - return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), - found_some - ? "No TPM2 metadata matching the current system state found in LUKS2 header, falling back to traditional unlocking." - : "No TPM2 metadata enrolled in LUKS2 header, falling back to traditional unlocking."); + return log_full_errno(found_some ? LOG_NOTICE : LOG_DEBUG, + SYNTHETIC_ERRNO(EAGAIN), + found_some + ? "No TPM2 metadata matching the current system state found in LUKS2 header, falling back to traditional unlocking." + : "No TPM2 metadata enrolled in LUKS2 header, falling back to traditional unlocking."); if (ERRNO_IS_NOT_SUPPORTED(r)) /* TPM2 support not compiled in? */ return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 support not available, falling back to traditional unlocking."); if (r < 0) @@ -1393,7 +1394,7 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2( arg_ask_password_flags, &decrypted_key, &decrypted_key_size); if (IN_SET(r, -EACCES, -ENOLCK)) - return log_error_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 PIN unlock failed, falling back to traditional unlocking."); + return log_notice_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 PIN unlock failed, falling back to traditional unlocking."); if (r != -EPERM) break; |