[pkg-cryptsetup-devel] Bug#786559: cryptsetup: broken boot delay when using keyfile

westlake westlake2012 at videotron.ca
Fri May 22 20:34:30 UTC 2015 

Package: cryptsetup
Version: 2:1.6.6-5
Severity: normal

Dear Maintainer,

When using a keyfile with a luks volume on bootup there's a delay with 
the message showing a dependency failure but the given volume actually opens

"A start job is running for dev-disk-by\x2duuid-<> s / 1 min 30s"
which displays the uuid of the filesystem containing the keyfile

journalctl -b shows
"May 22 14:41:36 debian systemd[1]: Job dev-disk-by\x2d<uuid of 
/dev/sda2>:-mykeyfile.device/start
May 22 14:41:36 debian systemd[1]: Timed out waiting for device 
dev-disk-by\x2duuid-<uuid>
May 22 14:41:36 debian systemd[1]: Dependency failed for Cryptography 
Setup for sdb1_crypt.
May 22 14:41:36 debian systemd[1]: Dependency failed for Encrypted Volumes."

The encrypted volume does not fail and the system continues to boot as 
normal

The delay is very long of 30 seconds so this is problematic

The system setup here is,
/dev/sda1 (300 MB ext2) for /boot
/dev/sda2 (1 MB ext2) for one keyfile -- this partition contains the 
keyfile which was created as

(I know this is not the ideal location for the keyfile -- using a test 
machine)

dd if=/dev/urandom of=mykeyfile bs=512 count=8 iflag=fullblock

/dev/sdb1 which contains the luks volume - there is just 1 ext2 
filesystem on it (/dev/mapper/sdb1_crypt which maps to /)

The steps done after post-install was the creation of a secret partition 
(/dev/sda2) containing the keyfile, added this key to the luks key slot 
(crypsetup luksAddKey) for /dev/sdb1,

/etc/crypttab was edited to contain the following,
sdb1_crypt UUID=<crypt uuid> /dev/disk/by-uuid/<sda2's uuid>:/mykeyfile 
luks,keyscript=passdev

the previous line in this file was commented out
sdb1_crypt UUID=<uuid> none luk

so there's just one line in /etc/crypttab..and as usual, 
update-initramfs -u -k all

according to /usr/share/doc/cryptsetup/README.initramfs.gz the startup 
should immediately forget the partition containing the keyfile

"0. The "passdev" keyscript
  ----------------------------
If you have a keyfile on a removable device (e.g. a USB-key), you can 
use the *passdev keyscript. It will wait for the device to appear, mount 
it read-only, read the key and then unmount the device."

but here same boot delay occurs with removable devices

please have a look
thanks

Scott

More information about the pkg-cryptsetup-devel mailing list