[pkg-cryptsetup-devel] Bug#774647: cryptsetup on initramfs does not support key files (resume swap on LVM)
Łukasz Stelmach
stlman at poczta.fm
Mon Jan 5 18:15:48 UTC 2015
Package: cryptsetup
Version: 2:1.4.3-4
Severity: normal
Dear Maintainer,
I have the following setup (see below for the files)
+ /boot on /dev/sda1
+ root filesystem on /dev/mapper/sda2_cryptblk
+ /home, /var and swap on LVM on /dev/mapper/sdb2_crypt
--- blkid ---
/dev/mapper/vg1-home: LABEL="HOME" UUID="3c300542" TYPE="ext4"
/dev/mapper/vg1-var: LABEL="VAR" UUID="c4be931f" TYPE="ext4"
/dev/mapper/vg1-swap: LABEL="swap" UUID="cb8020c2" TYPE="swap"
-------------
sda2_crypt is protected by a password I enter upon boot-up,
sdb2_crypt with a key file stored on the root filesystem.
I added resume=UUID=... pointing to my swap to the kernel command
line and ran update-initramfs and got the following message
cryptsetup: WARNING: target sdb2_crypt uses a key file, skipped
Apparently the cryptsetup initramfs scripts do not support my
case where a key file for a partition is stored on another
encrypted partition.
A simmilar use case has been described here:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/238163
-- Package-specific info:
-- /proc/cmdline
initrd=/initrd.img-3.2.0-4-amd64 root=/dev/mapper/sda2_crypt ro quiet resume=UUID=cb8020c2 BOOT_IMAGE=/vmlinuz-3.2.0-4-amd64
-- /etc/crypttab
sda2_crypt UUID=2646df90 none luks
sdb2_crypt UUID=06e17a3e /root/sdb2.key luks
-- /etc/fstab
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/sda2_crypt / ext4 noatime,errors=remount-ro 0 1
# /boot was on /dev/sda1 during installation
UUID=abb3bb32 /boot ext2 noatime,nodev,nosuid,noexec 0 2
UUID=c4be931f /var ext4 defaults,noatime,errors=remount-ro 0 2
UUID=3c300542 /home ext4 defaults,noatime,errors=remount-ro 0 2
UUID=cb8020c2 none swap defaults 0 0
-- lsmod
Module Size Used by
parport_pc 22364 0
ppdev 12763 0
lp 17149 0
parport 31858 3 lp,ppdev,parport_pc
rfcomm 33700 0
bnep 17567 2
bluetooth 119455 10 bnep,rfcomm
binfmt_misc 12957 1
uinput 17440 1
nfsd 216181 2
nfs 308353 0
nfs_acl 12511 2 nfs,nfsd
auth_rpcgss 37143 2 nfs,nfsd
fscache 36739 1 nfs
lockd 67306 2 nfs,nfsd
sunrpc 173730 6 lockd,auth_rpcgss,nfs_acl,nfs,nfsd
ext3 162072 1
jbd 56902 1 ext3
ext2 59231 1
loop 22641 0
adt7475 21744 0
hwmon_vid 12430 1 adt7475
snd_hda_codec_realtek 188851 1
joydev 17266 0
arc4 12458 2
ath9k 64619 0
nouveau 583385 3
ath9k_common 12728 1 ath9k
ath9k_hw 322112 2 ath9k_common,ath9k
snd_hda_intel 26259 2
snd_hda_codec 78031 2 snd_hda_intel,snd_hda_codec_realtek
ath 21370 3 ath9k_hw,ath9k_common,ath9k
video 17683 1 nouveau
mac80211 192806 1 ath9k
snd_hwdep 13186 1 snd_hda_codec
ttm 53664 1 nouveau
psmouse 69265 0
snd_pcm 68083 2 snd_hda_codec,snd_hda_intel
drm_kms_helper 31370 1 nouveau
cfg80211 137243 3 mac80211,ath,ath9k
snd_page_alloc 13003 2 snd_pcm,snd_hda_intel
drm 183952 5 drm_kms_helper,ttm,nouveau
snd_seq 45126 0
rfkill 19012 5 cfg80211,bluetooth
snd_seq_device 13176 1 snd_seq
snd_timer 22917 2 snd_seq,snd_pcm
mxm_wmi 12515 1 nouveau
evdev 17562 12
power_supply 13475 1 nouveau
i2c_algo_bit 12841 1 nouveau
snd 52893 12 snd_timer,snd_seq_device,snd_seq,snd_pcm,snd_hwdep,snd_hda_codec,snd_hda_intel,snd_hda_codec_realtek
coretemp 12898 0
pcspkr 12579 0
serio_raw 12931 0
soundcore 13065 1 snd
i2c_i801 16870 0
i7core_edac 22454 0
iTCO_wdt 17081 0
i2c_core 23876 6 i2c_i801,i2c_algo_bit,drm,drm_kms_helper,nouveau,adt7475
iTCO_vendor_support 12704 1 iTCO_wdt
edac_core 35258 3 i7core_edac
button 12937 1 nouveau
wmi 13243 2 mxm_wmi,nouveau
processor 28149 0
ext4 350763 3
crc16 12343 2 ext4,bluetooth
jbd2 62115 1 ext4
mbcache 13114 3 ext4,ext2,ext3
cryptd 14517 0
aes_x86_64 16843 33
aes_generic 33026 1 aes_x86_64
xts 12645 16
gf128mul 13048 1 xts
dm_crypt 22586 2
dm_mod 63645 14 dm_crypt
raid1 30714 1
md_mod 87742 2 raid1
sg 25874 0
sr_mod 21899 0
sd_mod 36136 9
cdrom 35401 1 sr_mod
crc_t10dif 12348 1 sd_mod
usbhid 36418 0
hid 81372 1 usbhid
uhci_hcd 26865 0
crc32c_intel 12747 0
ahci 24997 5
firewire_ohci 35772 0
libahci 22941 1 ahci
firewire_core 48449 1 firewire_ohci
libata 140630 2 libahci,ahci
crc_itu_t 12347 1 firewire_core
scsi_mod 162321 4 libata,sd_mod,sr_mod,sg
sky2 45442 0
ehci_hcd 40249 0
fan 12674 0
usbcore 128741 4 ehci_hcd,uhci_hcd,usbhid
thermal 17383 0
thermal_sys 18040 4 thermal,fan,processor,video
usb_common 12354 1 usbcore
-- System Information:
Debian Release: 7.7
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages cryptsetup depends on:
ii cryptsetup-bin 2:1.4.3-4
ii debconf [debconf-2.0] 1.5.49
ii dmsetup 2:1.02.74-8
ii libc6 2.13-38+deb7u6
Versions of packages cryptsetup recommends:
ii busybox 1:1.20.0-7
ii console-setup 1.88
ii initramfs-tools [linux-initramfs-tool] 0.109.1
ii kbd 1.15.3-9
Versions of packages cryptsetup suggests:
ii dosfstools 3.0.13-1
ii liblocale-gettext-perl 1.05-7+b1
-- debconf information:
cryptsetup/prerm_active_mappings: true
More information about the pkg-cryptsetup-devel
mailing list