Why is it necessary to enter security code twice after boot up?

Once I rebooted the device, I need to enter the same security code twice within a few seconds. After I enter it for the first time, the phone is locked, I try to use the fingerprint but Sailfish OS requires me to enter the code ‘for the first unlock after the boot’. But I did it a couple of seconds ago!

Xperia 10 II, OS 4.3.0.12.

3 Likes

One is for device (un)encryption. Not sure about 10ii, but on my XZ2c (community), it’s optional at first boot. If you’re encrypted, you need to enter password to access the phone.

After that, it’s just the regular lock screen code…

And IIRC, password for encryption could not be stored into memory to be reused for the device lock as this would represent a security flaw. Memory could be read from an attacker.

I’ve said it elsewhere but I’ll say it again; the prompts should indicate why it asks to unlock. Ie. it should first say something like ‘enter code to decrypt’ and then ‘enter code to unlock’. Now it doesn’t make sense unless you know why it happens (and why the two prompts look slightly different).

7 Likes

When hopefully in future the encryption key will be allowed to differ from the device pin there will be a meaningful prompt for sure. As far as I understand this change is in the works for improved security of the encryption.

I’d be extremely grateful if this whole encryption thing was OPTIONAL… Even in the BlackBerry BB10 security madness I had a choice.

2 Likes

A meaningful prompt is welcome even now. In the first case, I see something like ‘Enter security code’ (this is a tranlstaion; sorry, have no time to switch language and reboot) and in the second case, the same title with the subtitle ‘Security code is necessary after the reboot’.

It would be perfect to see the subtitle in the first case as well as not to see black screen just after entering the code. The use case ‘to enter the code, to turn the phone on and to enter the same code again’ is terrible.

This line of arguments do not make sense:

As long as a device is encrypted (and hence an encryption passphrase has to be entered to successfully boot to the “launcher”), it is not necessary to bring up the “launcher” in a locked state (not only when there is only a single user configured, see next sentence).
Edit: If more than a single user is configured, LUKS1 allows for 8 independent encryption passphrases (LUKS2 for even more), hence still a single passphrase supplied by each user is sufficient for unlocking the encryption and lock-screen in one go (thanks to @fph to denote that).
Even if Jolla ever allows for different passphrases for encryption and screen locking, these arguments still apply.
IMO there is no reason for the extant inconvenience than the effort to implement something better.

Hence my suggestion (“feature request”) is simply to not set the screen locking on boot-up, when the device is encrypted. But do use different LUKS slots for different users (which implies to first eliminate the bug that all LUKS slots are used up in a single user setup).
Then only set the screen locking after the configured time has passed, then.

P.S.: As a reference, depicting the current implementation.

4 Likes

I also don’t like it, or think it makes sense - I was just answering the original question. It seemed like op didn’t know why that was happening.

Maybe they actually did know why it was happening, but were just saying it shouldn’t be that way. I may have misunderstood …

1 Like

Same for me.
I didn’t think of that question very deeply.
Only 1 pin code or 1 alphanumeric + 1 pin, or 2 pins, external key, fingerprint…
I don’t know yet.

One other thing to bear in mind is that a device may also have multiple users. After the encryption lock has been entered, it’s possible to switch users before entering the device lock code.

If a device only has one user, then maybe the process could be streamlined (I’m not sure whether there are technical limitations to this), but there are several different flows to consider.

2 Likes

I’ve never used a Sailfish phone with multiple users, but I’m curious: how do the device lock passwords and the encryption password(s) interact in this case? I can imagine several different technically viable possibilities to choose from:
(1) the users need to agree on a single password to decrypt the storage on boot, and then each one of them can have their own device lock password;
(2) each user has their own device lock password, and that password can also be used to decrypt the storage on boot (since an encrypted partition can have multiple passwords associated with it).

1 Like

I remind that the regular Android also asks two times for the unlock code, albeit not being encrypted. There must be an independent reason for it.

So which reason (besides ease of implementing) do you consider?

BTW, “regular Android” has an encrypted home volume for long.

It appears the same code is used for at least two different things: Unlocking the encrypted partition and logging in the main user. Since it is the same, it only has to be entered once at boot.
EDIT: Customer care says that two dialogs showing up is actually the default. So I might be wrong here.

If, however, at some point you had added another user (even if you deleted it in the meantime), the system will ask you separately for decrypting the partition and logging-in a user.

This resembles a desktop/server machine.

Done differently, it could instead log in the main user as before, and the main user could then switch users as he hands the device to the unprivileged user.

Yesterday I created a second user and apart from this causing the main user (me) to loose all data, I am now too suffering the double request - so actually I have to enter three codes, if I count the SIM PIN. A reflash would probably get rid of the problem, but I’m first looking for a specific solution.

1 Like

Thanks! This does not answer my question entirely, though; this version with only one password does not distinguish between my case (1) and (2).

It seems that (1) is how it’s implemented.

It could be implemented as you describe in (2), but it doesn’t appear that it’s done that way.

1 Like

I think its a good thing… in the country I live we pretty much have a police state. .So the more gates a pig has to cross the less said pig can lie and falsely incriminate you. Ots the one thing sale fish got right

1 Like