[pkg-cryptsetup-devel] Bug#907201: cryptsetup-initramfs: Asks for disk password twice unless 'debug' is passed to kernel command line

Matthias Klumpp mak at debian.org
Fri Aug 24 17:49:10 BST 2018 

Package: cryptsetup-initramfs
Version: 2:2.0.4-2
Severity: normal

Hi!
First of all, this bug appears on PureOS and I am currently working on
testing it on Debian as well. However, the issue started to appear at
the time cryptsetup was updated with massive changes in June, so I am
reasonably confident that it has something to do with this bug.

While trying to debug the issue, which originally appeared on a more
complex crypto setup, I have now reduced it to a simpler setup.
The system has a rootfs mounted as / with a LUKS-encrypted disk, as
well as a separate, unencrypted boot partition.

/etc/crypttab contains:
luks-90cebda2-1c6b-4ea8-9bac-6c3be8b3ced6
UUID=90cebda2-1c6b-4ea8-9bac-6c3be8b3ced6     none luks

When booting the system, the very first thing shown to the user is a
bare prompt asking to unlock the root partition. You can enter an
arbitrary password there or the real one or just hit enter, the
outcome is the same: After a while, you get dropped into a proper
Plymouth-based screen which asks you again to enter the password for
the partition.
At this point, you need to supply the real password and the system boots fine.

I tried to debug this issue, and wanted to get more debug information
about what happens in the initramfs. Therefore I added the "debug"
parameter to the kernel command line - as a result the additional
superfluous prompt vanished and I was only asked for the right
password once.

This issue is really annoying, and I would be glad for any pointers on
how to investigate the issue further, as I am no expert on cryptsetup.
Also, adding "debug" fixing the problem makes this issue really
suspicious to me.

Thank you!
Regards,
    Matthias

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.17.0-3-amd64 (SMP w/8 CPU cores)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

More information about the pkg-cryptsetup-devel mailing list