After installing cryptsetup-suspend, the decrypt_keyctl script fails with a keyctl_set_timeout error. May be related to https://bugs.debian.org/939357.
Currently, decrypt_keyctl just terminates with an error message, which leaves me unable to unlock the root disk on resume. I've modified the script to print the passphrase to stdout as a fallback:
--- /lib/cryptsetup/scripts/decrypt_keyctl 2023-04-20 14:46:08.000000000 -0700
+++ src/decrypt_keyctl 2023-04-21 13:18:58.121017360 -0700
@@ -16,6 +16,7 @@
die()
{
echo "$@" >&2
+ printf "%s" "$KEY_"
exit 1
}
I'm not sure if there are any particular security implications of doing this, but on errors decrypt_keyctl is essentially just passing through the result of /lib/cryptsetup/askpass.
Best regards,
Chase Covello