[pkg-cryptsetup-devel] Bug#886007: cryptsetup: Required /etc/CRYPTTAB OPTION "PLAIN" not documented in "man crypttab" resulting in boot automatic UNLOCK failure
Harrison
sainokawara.sisyphus at gmail.com
Mon Jan 1 14:01:33 UTC 2018
Package: cryptsetup
Version: 2:1.7.3-4
Severity: normal
"man crypttab" does not describe/mention the "plain" option required to
automatically unlock a "plain" encrypted partition during boot resulting in
failure to automatically unlock the encrypted partition at boot and all
subsequent processing dependent upon the partition.
CRYPTTAB entry which worked:
# Unlock/Mount Encrypted data Partition sda4_data
data /dev/disk/by-id/ata-...-part4 /root/keys/data.key plain,cipher=serpent-
xts-plain64:sha256,size=256,noearly
The "plain," is undocumented but REQUIRED or the unlock fails during boot.
-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-4.9.0-4-amd64 root=/dev/mapper/sda3_crypt ro quiet
-- /etc/crypttab
# Unlock/Mount Encrypted Root Filesystem Partition sda3_crypt
sda3_crypt UUID=c171e730-6137-4b58-a511-9cea2de0c588 none luks
# Unlock/Mount Encrypted Swap Partition sda2_swap
swap /dev/disk/by-id/ata-TOSHIBA_MD04ACA400_15O3KFA0FSAA-part2 /dev/urandom plain,swap,noearly
# Unlock/Mount Encrypted data Partition sda4_data
data /dev/disk/by-id/ata-TOSHIBA_MD04ACA400_15O3KFA0FSAA-part4 /root/keys/data.key plain,cipher=serpent-xts-plain64:sha256,size=256,noearly
# Do NOT Automatically Unlock Encrypted crypt Partition sda5_crypt
crypt /dev/disk/by-id/ata-TOSHIBA_MD04ACA400_15O3KFA0FSAA-part5 /root/keys/crypt.key plain,cipher=serpent-xts-plain64:sha256,size=256,noauto
# Do NOT Automatically Unlock Encrypted vault Partition sdb3_vault
vault /dev/disk/by-id/ata-TOSHIBA_HDWE160_47JIK4XWF56D-part3 /root/keys/vault.key plain,cipher=serpent-xts-plain64:sha256,size=256,noauto
-- /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
# Mount Encrypted Filesystem Partition
/dev/mapper/sda3_crypt / ext4 errors=remount-ro 0 2
# Mount Boot Partition
# /boot was on /dev/sda6 during installation
UUID=4d94d244-9aa9-4930-b8a7-be3138103d16 /boot ext2 defaults 0 1
# /boot/efi was on /dev/sda1 during installation
# Mount EFI Partition
UUID=B5F8-E04C /boot/efi vfat umask=0077 0 1
# Mount Encrypted Swap Partition
/dev/mapper/swap none swap sw 0 2
# Mount CD/Rom
/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
# Mount Encrypted data Partition sda4
/dev/mapper/data /mnt/data ext4 auto,nofail,rw 0 2
# Mount Non-Backed Partition sdb1
/dev/disk/by-id/ata-TOSHIBA_HDWE160_47JIK4XWF56D-part1 /mnt/Non-Backed ext4 auto,nofail,rw 0 1
# Do NOT Automount Archive Partition sdb2
/dev/disk/by-id/ata-TOSHIBA_HDWE160_47JIK4XWF56D-part2 /mnt/Archive ext4 noauto,nofail,rw 0 1
# Do NOT Automount Encrypted crypt Partition sda5_crypt
/dev/mapper/crypt /mnt/crypt ext4 noauto,nofail,rw 0 2
# Do NOT Automount Encrypted vault Partition sdb3_vault
/dev/mapper/vault /mnt/vault ext4 noauto,nofail,rw 0 2
# Mount Music and Videos Directories
/mnt/Non-Backed/Music /media/Music none bind,nofail,ro 0 2
/mnt/Non-Backed/Videos /media/Videos none bind,nofail,ro 0 2
-- lsmod
Module Size Used by
fuse 98304 3
bnep 20480 2
nls_ascii 16384 1
nls_cp437 20480 1
vfat 20480 1
fat 69632 1 vfat
serpent_avx2 49152 0
serpent_avx_x86_64 49152 1 serpent_avx2
serpent_sse2_x86_64 53248 3
serpent_generic 32768 3 serpent_sse2_x86_64,serpent_avx_x86_64,serpent_avx2
xts 16384 1 serpent_sse2_x86_64
snd_hda_codec_hdmi 49152 1
snd_hda_codec_realtek 90112 1
snd_hda_codec_generic 69632 1 snd_hda_codec_realtek
intel_rapl 20480 0
joydev 20480 0
x86_pkg_temp_thermal 16384 0
intel_powerclamp 16384 0
coretemp 16384 0
hci_uart 98304 0
i2c_designware_platform 16384 0
snd_hda_intel 36864 6
btbcm 16384 1 hci_uart
snd_hda_codec 135168 4 snd_hda_intel,snd_hda_codec_hdmi,snd_hda_codec_generic,snd_hda_codec_realtek
kvm_intel 192512 0
i2c_designware_core 20480 1 i2c_designware_platform
btqca 16384 1 hci_uart
mxm_wmi 16384 0
snd_hda_core 81920 5 snd_hda_intel,snd_hda_codec,snd_hda_codec_hdmi,snd_hda_codec_generic,snd_hda_codec_realtek
ppdev 20480 0
btintel 16384 1 hci_uart
evdev 24576 10
snd_hwdep 16384 1 snd_hda_codec
snd_pcm 110592 4 snd_hda_intel,snd_hda_codec,snd_hda_core,snd_hda_codec_hdmi
kvm 589824 1 kvm_intel
bluetooth 552960 11 hci_uart,btintel,btqca,bnep,btbcm
irqbypass 16384 1 kvm
intel_cstate 16384 0
iTCO_wdt 16384 0
i915 1236992 14
drm_kms_helper 155648 1 i915
drm 360448 8 i915,drm_kms_helper
snd_timer 32768 1 snd_pcm
intel_uncore 118784 0
pcspkr 16384 0
iTCO_vendor_support 16384 1 iTCO_wdt
intel_lpss_acpi 16384 0
mei_me 36864 0
intel_rapl_perf 16384 0
efi_pstore 16384 0
idma64 20480 0
intel_lpss_pci 16384 0
rfkill 24576 4 bluetooth
serio_raw 16384 0
intel_lpss 16384 2 intel_lpss_pci,intel_lpss_acpi
parport_pc 28672 0
mfd_core 16384 1 intel_lpss
snd 86016 20 snd_hda_intel,snd_hwdep,snd_hda_codec,snd_timer,snd_hda_codec_hdmi,snd_hda_codec_generic,snd_hda_codec_realtek,snd_pcm
soundcore 16384 1 snd
efivars 20480 1 efi_pstore
shpchp 36864 0
sg 32768 0
mei 102400 1 mei_me
i2c_algo_bit 16384 1 i915
ie31200_edac 16384 0
edac_core 57344 1 ie31200_edac
battery 20480 0
parport 49152 2 parport_pc,ppdev
video 40960 1 i915
acpi_als 16384 0
wmi 16384 1 mxm_wmi
button 16384 1 i915
acpi_pad 24576 0
kfifo_buf 16384 1 acpi_als
industrialio 69632 2 acpi_als,kfifo_buf
efivarfs 16384 1
ip_tables 24576 0
x_tables 36864 1 ip_tables
autofs4 40960 2
ext4 585728 4
crc16 16384 2 bluetooth,ext4
jbd2 106496 1 ext4
crc32c_generic 16384 0
fscrypto 28672 1 ext4
ecb 16384 0
mbcache 16384 5 ext4
algif_skcipher 20480 0
af_alg 16384 1 algif_skcipher
dm_crypt 24576 3
dm_mod 118784 7 dm_crypt
sr_mod 24576 0
cdrom 61440 1 sr_mod
sd_mod 45056 8
hid_logitech_hidpp 28672 0
hid_logitech_dj 20480 0
usbhid 53248 0
crct10dif_pclmul 16384 0
crc32_pclmul 16384 0
crc32c_intel 24576 6
ghash_clmulni_intel 16384 0
aesni_intel 167936 8
aes_x86_64 20480 1 aesni_intel
lrw 16384 4 serpent_sse2_x86_64,serpent_avx_x86_64,serpent_avx2,aesni_intel
gf128mul 16384 2 lrw,xts
glue_helper 16384 4 serpent_sse2_x86_64,serpent_avx_x86_64,serpent_avx2,aesni_intel
ablk_helper 16384 4 serpent_sse2_x86_64,serpent_avx_x86_64,serpent_avx2,aesni_intel
cryptd 24576 6 ablk_helper,ghash_clmulni_intel,aesni_intel
psmouse 135168 0
e1000e 245760 0
ahci 36864 6
ptp 20480 1 e1000e
i2c_i801 24576 0
libahci 32768 1 ahci
xhci_pci 16384 0
pps_core 16384 1 ptp
i2c_smbus 16384 1 i2c_i801
xhci_hcd 188416 1 xhci_pci
libata 249856 2 ahci,libahci
r8169 81920 0
mii 16384 1 r8169
scsi_mod 225280 4 sd_mod,libata,sr_mod,sg
usbcore 249856 3 usbhid,xhci_pci,xhci_hcd
usb_common 16384 1 usbcore
fan 16384 0
thermal 20480 0
i2c_hid 20480 0
hid 122880 6 i2c_hid,usbhid,hid_logitech_dj,hid_logitech_hidpp
-- System Information:
Debian Release: 9.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages cryptsetup depends on:
ii cryptsetup-bin 2:1.7.3-4
ii debconf [debconf-2.0] 1.5.61
ii dmsetup 2:1.02.137-2
ii libc6 2.24-11+deb9u1
Versions of packages cryptsetup recommends:
ii busybox 1:1.22.0-19+b3
ii console-setup 1.164
ii initramfs-tools [linux-initramfs-tool] 0.130
ii kbd 2.0.3-2+b1
Versions of packages cryptsetup suggests:
ii dosfstools 4.1-1
pn keyutils <none>
ii liblocale-gettext-perl 1.07-3+b1
-- debconf information:
cryptsetup/prerm_active_mappings: true
More information about the pkg-cryptsetup-devel
mailing list