[pkg-cryptsetup-devel] Bug#507722: cryptsetup: unable to enter passphrase at boot time with bootlogd enabled

Jochen Schulz ml at well-adjusted.de
Sat Feb 21 19:48:01 UTC 2009


Jochen Schulz:
> 
>   As you can see, there's (unfortunately) no luks. I don't know whether
>   that makes any difference.

I just changed my /home to luks, but that didn't solve the issue. So, to
summarize

insserv with CONCURRENCY=shell and bootlodg with BOOTLOGD_ENABLE=Yes
make it hard to enter the cryptdisks-early passphrase at boot because
the prompt is invisible.

And I think I understand why I observed that my keypresses have been
echoed to the screen sometimes. /var/log/boot reveals a pause of almost
thirty seconds when setting up encrypted swap (I used 'set -x' in
/etc/init.d/cryptdisks-early):

Sat Feb 21 19:32:03 2009: + cryptsetup -c aes-cbc-essiv:sha256 -s 256 -h sha256 --key-file=/dev/random create cswap0 /dev/sda6
Sat Feb 21 19:32:29 2009: + '[' -z '' ']'
Sat Feb 21 19:32:29 2009: + break
Sat Feb 21 19:32:29 2009: + return 0
Sat Feb 21 19:32:29 2009: + '[' ok '!=' ok ']'

Probably my machine lacks entropy during that time. Any keys pressed
while cryptsetup is waiting for the entropy pool to fill up end up on
the screen. Ironically, pressing keys appears to speed up this process.

But there are no messages at all from cryptdisks-early on screen. Not
even a success message about cswap0. I can only recognize that
cryptsetup is done setting up cswap0 and waiting for /home's passphrase
by pressing keys und wait for them to *not* appear on the screen.

One idea I had when investigating this issue: bootlogd appears to
prevent stderr from being printed to the screen. I can only see the 'set
-x' output from cryptdisks-early when shutting down (and, of course, in
the boot log file). Are all of cryptdisks-early's messages printed to
stderr instead of stdout? At least /lib/cryptsetup/askpass only prints
to stderr, as fas as I can see.

J.
-- 
If I was Mark Chapman I would have shot John Lennon with a water pistol.
[Agree]   [Disagree]
                 <http://www.slowlydownward.com/NODATA/data_enter2.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20090221/25f2b1f4/attachment.pgp 


More information about the pkg-cryptsetup-devel mailing list