[pkg-cryptsetup-devel] Bug#839584: cryptsetup: cryptroot hook for initramfs doesn't detect root within RAID
Chuck Mason
cemasoniv at gmail.com
Sun Oct 2 12:14:58 UTC 2016
Package: cryptsetup
Version: 2:1.7.0-2
Severity: important
Dear Maintainer,
* What led up to the situation?
Configuring a machine with RAID and encrypted disks.
* What exactly did you do (or not do) that was effective (or ineffective)?
Begin by encrypting entire disks:
cryptsetup luksFormat /dev/sdc
cryptsetup luksFormat /dev/sdd
cryptsetup luksOpen /dev/sdc sdc_encrypted
cryptsetup luksOpen /dev/sdd sdd_encrypted
Create a raid array on the whole encrypted disk:
mdadm --create --verbose --level=1 /dev/md/hdd_storage --raid-devices=2 /dev/mapper/sdc_encrypted /dev/mapper/sdd_encrypted
/usr/share/mdadm/mkconf > /etc/mdadm/mdadm.conf
Partition the raid array:
fdisk /dev/md/hdd_storage
...
w (write changes)
* Linux immediately recognizes new partition /dev/md127p1
Create a filesystem:
mkfs.ext4 /dev/md127p1
Using blkid, add /dev/sdc -> sdc_encrypted and /dev/sdd -> sdd_encrypted targets to /etc/crypttab
# <target name> <source device> <key file> <options>
sdc_encrypted /dev/disk/by-uuid/58560717-94f7-4a57-ae88-d83e16948969 none luks,timeout=30
sdd_encrypted /dev/disk/by-uuid/fc6fa717-83dc-44a3-8a09-de7585f70809 none luks,timeout=30
Using blkid, set /dev/md127p1 to be the root (/) in /etc/fstab
Output of blkid | grep md127p1:
/dev/md127p1: UUID="e084a1e0-f5bd-4342-ae87-a014561fce0c" TYPE="ext4" PARTUUID="2e7f7afa-b579-4b1f-83a8-c755708b9051"
After mounting /dev/md127p1 (and necessary /proc, /sys, /dev, etc.), update-initramfs does NOT detect an encrypted root partition.
* What was the outcome of this action?
Cryptsetup was not included in initrd and the machine does not complete boot.
* What outcome did you expect instead?
Cryptsetup should be included in initrd.
* More information:
It seems that get_fs_devices() in /usr/share/initramfs-tools/hooks/cryptroot only looks at /etc/crypttab for device UUIDs, when there are
other device UUIDs available in "blkid" that are available for use as a root mount.
-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-4.6.0-1-amd64 root=/dev/sda3 ro quiet
-- /etc/crypttab
# <target name> <source device> <key file> <options>
sdc_encrypted /dev/disk/by-uuid/58560717-94f7-4a57-ae88-d83e16948969 none luks,timeout=30
sdd_encrypted /dev/disk/by-uuid/fc6fa717-83dc-44a3-8a09-de7585f70809 none luks,timeout=30
-- /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
# / was on /dev/sda3 during installation
UUID=e084a1e0-f5bd-4342-ae87-a014561fce0c / ext4 errors=remount-ro 0 1
# /boot was on /dev/sda2 during installation
UUID=85c8ca98-b0c4-48cc-a5be-334ea4597de5 /boot ext4 defaults 0 2
# /boot/efi was on /dev/nvme0n1p2 during installation
UUID=7293-2005 /boot/efi vfat umask=0077 0 3
-- lsmod
Module Size Used by
nls_utf8 16384 1
nls_cp437 20480 1
vfat 20480 1
fat 69632 1 vfat
dm_crypt 24576 3
algif_skcipher 20480 0
af_alg 16384 1 algif_skcipher
joydev 20480 0
btusb 45056 0
btrtl 16384 1 btusb
btbcm 16384 1 btusb
btintel 16384 1 btusb
bluetooth 516096 5 btbcm,btrtl,btusb,btintel
snd_hda_codec_hdmi 45056 3
iTCO_wdt 16384 0
iTCO_vendor_support 16384 1 iTCO_wdt
dm_mod 106496 7 dm_crypt
snd_hda_codec_realtek 86016 1
nouveau 1486848 1
snd_hda_codec_generic 69632 1 snd_hda_codec_realtek
intel_rapl 20480 0
x86_pkg_temp_thermal 16384 0
intel_powerclamp 16384 0
coretemp 16384 0
kvm_intel 188416 0
mxm_wmi 16384 1 nouveau
video 40960 1 nouveau
snd_hda_intel 36864 0
iwlwifi 147456 0
kvm 561152 1 kvm_intel
ttm 94208 1 nouveau
snd_hda_codec 135168 4 snd_hda_codec_realtek,snd_hda_codec_hdmi,snd_hda_codec_generic,snd_hda_intel
drm_kms_helper 147456 1 nouveau
irqbypass 16384 1 kvm
snd_hda_core 81920 5 snd_hda_codec_realtek,snd_hda_codec_hdmi,snd_hda_codec_generic,snd_hda_codec,snd_hda_intel
cfg80211 573440 1 iwlwifi
crct10dif_pclmul 16384 0
efi_pstore 16384 0
drm 360448 4 ttm,drm_kms_helper,nouveau
snd_hwdep 16384 1 snd_hda_codec
crc32_pclmul 16384 0
snd_pcm 106496 4 snd_hda_codec_hdmi,snd_hda_codec,snd_hda_intel,snd_hda_core
sb_edac 32768 0
snd_timer 32768 1 snd_pcm
serio_raw 16384 0
pcspkr 16384 0
efivars 20480 1 efi_pstore
edac_core 57344 1 sb_edac
i2c_algo_bit 16384 1 nouveau
ghash_clmulni_intel 16384 0
mei_me 32768 0
i2c_i801 20480 0
snd 81920 8 snd_hda_codec_realtek,snd_hwdep,snd_timer,snd_hda_codec_hdmi,snd_pcm,snd_hda_codec_generic,snd_hda_codec,snd_hda_intel
rfkill 24576 3 cfg80211,bluetooth
lpc_ich 24576 0
soundcore 16384 1 snd
sg 32768 0
mei 94208 1 mei_me
mfd_core 16384 1 lpc_ich
evdev 24576 2
shpchp 36864 0
8250_fintek 16384 0
wmi 20480 2 mxm_wmi,nouveau
tpm_tis 20480 0
tpm 45056 1 tpm_tis
processor 36864 0
button 16384 1 nouveau
efivarfs 16384 1
autofs4 40960 2
ext4 593920 4
ecb 16384 0
crc16 16384 2 ext4,bluetooth
jbd2 106496 1 ext4
mbcache 16384 5 ext4
raid10 45056 0
raid456 106496 0
async_raid6_recov 20480 1 raid456
async_memcpy 16384 2 raid456,async_raid6_recov
async_pq 16384 2 raid456,async_raid6_recov
async_xor 16384 3 async_pq,raid456,async_raid6_recov
async_tx 16384 5 async_pq,raid456,async_xor,async_memcpy,async_raid6_recov
xor 24576 1 async_xor
uas 24576 0
usb_storage 69632 1 uas
hid_generic 16384 0
usbhid 49152 0
hid 118784 2 hid_generic,usbhid
raid6_pq 102400 3 async_pq,raid456,async_raid6_recov
libcrc32c 16384 1 raid456
crc32c_generic 16384 0
raid1 36864 1
raid0 20480 0
multipath 16384 0
linear 16384 0
md_mod 131072 9 raid456,raid0,raid1,multipath,linear,raid10
sd_mod 45056 6
crc32c_intel 24576 9
aesni_intel 167936 9
aes_x86_64 20480 1 aesni_intel
glue_helper 16384 1 aesni_intel
lrw 16384 1 aesni_intel
gf128mul 16384 1 lrw
ablk_helper 16384 1 aesni_intel
cryptd 20480 6 ghash_clmulni_intel,aesni_intel,ablk_helper
psmouse 126976 0
ahci 36864 5
libahci 32768 1 ahci
libata 233472 2 ahci,libahci
scsi_mod 233472 5 sg,uas,usb_storage,libata,sd_mod
xhci_pci 16384 0
ehci_pci 16384 0
xhci_hcd 180224 1 xhci_pci
ehci_hcd 77824 1 ehci_pci
e1000e 233472 0
ptp 20480 1 e1000e
pps_core 20480 1 ptp
usbcore 241664 8 uas,btusb,usb_storage,ehci_hcd,ehci_pci,usbhid,xhci_hcd,xhci_pci
usb_common 16384 1 usbcore
nvme 28672 1
nvme_core 28672 3 nvme
fjes 28672 0
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.6.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Versions of packages cryptsetup depends on:
ii cryptsetup-bin 2:1.7.0-2
ii debconf [debconf-2.0] 1.5.59
ii dmsetup 2:1.02.133-1
ii libc6 2.24-3
Versions of packages cryptsetup recommends:
ii busybox 1:1.22.0-19
ii console-setup 1.147
ii initramfs-tools [linux-initramfs-tool] 0.125
ii kbd 2.0.3-2
Versions of packages cryptsetup suggests:
pn dosfstools <none>
pn keyutils <none>
ii liblocale-gettext-perl 1.07-3+b1
-- debconf information:
cryptsetup/prerm_active_mappings: true
More information about the pkg-cryptsetup-devel
mailing list