Ubuntu (all variants): wireless USB keyboard unresponsive with LUKS full-disk encryption
If you’ve been following my posts lately, you’ll have seen that I’m quite keen on encryption and privacy, particularly following the ongoing Snowden revelations, and the 2013 GCSB furore here in New Zealand.
So I went out and purchased my favourite flavour of super-robust USB drive, the beautiful Corsair Survivor 3.0, and proceeded to install Linux Mint on it with LUKS full-disk encryption. You can see an overview of how I did this at my blog post here: http://www.gravitycomputing.co.nz/installing-linux-mint-usb-drive/
But there was a problem. When the system prompted me for the password to unlock my newly-encrypted drive, the password prompt wouldn’t take any input. In fact, the keyboard was completely unresponsive, even though it worked fine in the BIOS!
When Linux is loading up, one of the first things it does is load drivers into memory. This usually works fine, but there happens to be a critical bug where the cryptsetup password is requested before the USB keyboard drivers are loaded! This means that you will be prompted for the password to decrypt your drive, but the system will be completely unresponsive to your USB keyboard.
So, here’s the situation you’re in. If this doesn’t describe you, you’re probably looking for something different. You are:
- Booting into Linux, and using LUKS full-disk encryption
- You’ve got a USB keyboard
- The system boots and prompts for password fine
- Keyboard input doesn’t come into password box… in fact, the keyboard doesn’t respond at all
- The keyboard works fine in the bios and boot menu, but not at the cryptsetup password screen
The fix for this is actually fairly straightforward, provided you have a PS/2 keyboard handy (yes, actually), and a PS/2 port on your motherboard. If you don’t have this, you’ll need to boot from a LiveCD and make these changes using chroot. I can’t help you there sorry.
The Fix:
- Find your handy-dandy PS/2 keyboard, and plug it into your handy-dandy PS/2 port. Bet you’re glad you kept THAT old thing around.
- Boot from your USB stick onto your encrypted drive.
- Use your PS/2 keyboard to unencrypt your drive, and log into your Ubuntu / Lubuntu / Xubuntu / etc etc session.
- Your USB keyboard should be working now. Take a few deep breaths and calm down, you’re almost there.
- Open a terminal window, and run “sudo nano /etc/initramfs-tools/modules“
- Add the driver module “
ohci_pci
” on a new line at the bottom of the file. - For me it was also necessary to add “
hid_logitech
” and “hid_logitech_dj
“, because I’m using a Logitech keyboard. If you’re using an Apple keyboard, you’ll probably need to add “hid_apple
” and “mac_hid
“. If you’re using a Microsoft keyboard, you’ll need to add “hid_microsoft
“. - Once you’ve added all of the required modules, save and close the file.
- Back in the terminal window, run
sudo update-initramfs -u
. - Finally, reboot with
sudo reboot now
When you reboot, your USB keyboard should work! Remember to carefully and gratefully pack away your old PS/2 keyboard, and think nice thoughts towards it.
Most of the information from this blog post came from reading through the comments on the bug report here: https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1238194, which has been confirmed as affecting Ubuntu Precise Pangolin 12.04, Ubuntu Raring Ringtail 13.04, and Ubuntu Saucy Salamander 13.10.
It’s worth noting that, as of November 2013, the ohci_pci module has been added by default into the initramfs-tools package. This means that Ubuntu Trusty Tahr 14.04 shouldn’t have this problem with standard USB keyboards, however they haven’t included the packages for Logitech, Microsoft, or Apple keyboards. I suspect this means that various wireless USB keyboard users will continue to have this bug for a couple years into the future.