[pkg-cryptsetup-devel] Bug#902245: cryptsetup: Broken volume in initrd with decrypt_gnupg and plain dm-crypt
skodde
skodde at gmail.com
Sat Jun 23 21:31:09 BST 2018
Hi,
Sorry, the body was missing in the original message.
I've been using the following line in crypttab to unlock the root
volume in initrd and it's been working till version 2:2.0.2-1
included:
/etc/crypttab
root /dev/device /path/to/key.gpg
cipher=aes-xts-plain64,size=256,hash=plain,initramfs,noearly,keyscript=decrypt_gnupg,discard
With the current version (2:2.0.3-3) the volume is created with the
wrong size (256 blocks) and no filesystem is recognized, halting the
boot process.
If I recreate it manually in the initramfs emergency shell, then it
works as expected:
/lib/cryptsetup/scripts/decrypt_gnupg /path/to/key.gpg | cryptsetup -c
aes-xts-plain64 -d /dev/stdin -s 256 --allow-discards create root
/dev/device
I've also tried different values of hash= in crypttab, to mimic the
default cryptsetup behavior of not hashing the key when specified with
the -d option and creating a plain dm_crypt volume, without success.
Other values will not create the volume at all, as opposed to "plain"
which creates the wrong size volume.
Thanks
More information about the pkg-cryptsetup-devel
mailing list