[pkg-cryptsetup-devel] Bug#576186: cryptsetup: Setting up crypto device on Startup takes too long w/ ext3

Jonas Meurer jonas at freesources.org
Thu Jul 8 16:20:24 UTC 2010 

Hey Markus,

On 08/07/2010 Markus Melms wrote:
> On Thu, 8 Jul 2010 11:18:59 +0200
> Jonas Meurer <jonas at freesources.org> wrote:
> > > ok, so it is plain crypt device, not LUKS. So not problem
> > > with cryptsetup itself - here it simply takes passwords, hash it and
> > > use as key.
> > 
> > maybe it's a hardware issue?
> 
> Do you mean the harddisk or something else?

yes.

> > the default check script in 2:1.0.6-7 was 'vol_id', which does nothing
> > more than '/lib/udev/vol_id -t $dev'. Just give it a try manually:
> > 
> > # /lib/udev/vol_id -t /dev/mapper/cryptofs
> 
> When the system is up with crypto-fs mounted:
> root at playstation:~# /lib/udev/vol_id -t /dev/mapper/cryptofs
> ext3
> root at playstation:~# 
> 
> There is no delay.

so this is not the problem. see below.

> > Do you have custom udev rules?
> 
> Should I look for anything specific? I added 2 lines about my
> soundcard. Additionally there is one line about a device-mapper but I
> don't think I added it:
> 
> KERNEL=="device-mapper",	NAME="mapper/control"
> 
> KERNEL=="dsp", 		NAME="sound/%k", 	SYMLINK
> +="sound/dsp", SYMLINK+="dsp" KERNEL=="adsp",
> NAME="sound/%k", 	SYMLINK+="dsp0"
> root at playstation:/etc/udev/rules.d# 
> 
> > Please could you change the shebang line (first script line) of
> > /etc/init.d/cryptdisks-early to '#!/bin/sh -x' to see where exactly
> > the long delay happens? be warned that a lot of debugging messages
> > will be printed to boot screen.
> 
> Sure, just did it.
> Last line before prompting for passphrase is like: 
> cryptsetup -c -aes-... --key-file=- create cryptofs /dev/sda3
> After waiting 50 secs, first line is:
> '[' -z /lib/cryptsetup/checks/vol_id ']'

this verifies, that the delay is caused by cryptsetup binary, not by
anything else from the initscript. you could check the unlocking
by booting into single user runlevel (init=1), and manually invoking

# cryptsetup -c aes-cbc-essiv:sha256 create cryptofs /dev/sda3

simply let the unlocking process fail three times (wrong passphrase),
and the boot process will stop at runlevel 1 with an emergency shell.
there you can test the manual unlocking of encrypted device.

if this works, and the delay is reproducible at the emergency shell,
please also provide output of 'cryptsetup --debug -c aes-... create ...'

greetings,
 jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20100708/00a8db24/attachment.pgp>

More information about the pkg-cryptsetup-devel mailing list