[pkg-cryptsetup-devel] Bug#926689: cryptsetup-initramfs: config lines in grub.cfg for cryptodisk/luks and other modules missing
Gabriel Filion
gabster at lelutin.ca
Tue Apr 9 01:19:47 BST 2019
Package: cryptsetup
Version: 2:2.1.0-2
Severity: grave
Justification: renders package unusable
Hello,
I've rebooted my computer this morning and the password prompt to unlock the
crypto device would not appear before grub would search for the lvm device
inside.
This means that the system was not booting and I was getting dropped in the grub
rescue prompt.
The only way that I could bring the system back was by using the "Rescue mode"
with the debian stretch installer.
I have all files, including /boot, in one partition, and I use grub to unlock
the crypto in order for it to find kernel and boot options.
If this seems like a case that wouldn't affect most users, please don't hesitate
to demote the severity.
I found out that some configuration lines are missing in all options that get
generated inside grub.cfg.
Here's a diff between the grub configuration that was generated while in rescue
mode (in a chroot inside the device that gets used for / ) vs. generated while
the system is running:
-------------8<------------8<----------------8<-----------
$ diff -burN ~/grub.cfg /boot/grub/grub.cfg
--- /home/gabster/grub.cfg 2019-04-08 19:20:24.000726392 -0400
+++ /boot/grub/grub.cfg 2019-04-08 19:37:00.360714287 -0400
@@ -58,15 +58,8 @@
if [ x$feature_default_font_path = xy ] ; then
font=unicode
else
-insmod part_msdos
-insmod cryptodisk
-insmod luks
-insmod gcry_rijndael
-insmod gcry_rijndael
-insmod gcry_sha256
insmod lvm
insmod ext2
-cryptomount -u f100e85eb832489a9e97f1a9661a0c45
set root='lvmid/RfBQnU-gtRN-m55o-zwRA-L433-esRb-UpOa0w/lEtX5E-aBNo-0ngD-TwvX-3qrY-OxNF-DaG8T4'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint='lvmid/RfBQnU-gtRN-m55o-zwRA-L433-esRb-UpOa0w/lEtX5E-aBNo-0ngD-TwvX-3qrY-OxNF-DaG8T4' f8c6cb03-667e-46fc-b531-eb30a2558d74
@@ -81,7 +74,7 @@
load_video
insmod gfxterm
set locale_dir=$prefix/locale
- set lang=C
+ set lang=en_CA
insmod gettext
fi
terminal_output gfxterm
------------->8------------>8---------------->8-----------
(I've abbreviated the diff since all the rest is just repetition of missing
"insmod" and "cryptomount" lines for all options.
for some reason those lines are not added when running the system after
decrypting the disk properly, but they are present when the grub.conf file is
generated in the chroot in rescue mode. since the same versions of software are
used in both cases, I can only presume that something is different in the mounts
currently available, or some other kernel setting that might differ..
Heres a listing of mounts (which are mostly things that come from the kernel --
you can also see the debian stretch usb key that saved me :P )
-------------8<------------8<----------------8<-----------
$ mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,nosuid,relatime,size=8053524k,nr_inodes=2013381,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=1614472k,mode=755)
/dev/mapper/host-root on / type ext4 (rw,relatime,errors=remount-ro,stripe=8191)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup2 on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/rdma type cgroup (rw,nosuid,nodev,noexec,relatime,rdma)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=25,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=12208)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
mqueue on /dev/mqueue type mqueue (rw,relatime)
sunrpc on /run/rpc_pipefs type rpc_pipefs (rw,relatime)
nfsd on /proc/fs/nfsd type nfsd (rw,relatime)
/var/lib/snapd/snaps/riseup-vpn_126.snap on /snap/riseup-vpn/126 type squashfs (ro,nodev,relatime,x-gdu.hide)
/var/lib/snapd/snaps/core_6673.snap on /snap/core/6673 type squashfs (ro,nodev,relatime,x-gdu.hide)
/var/lib/snapd/snaps/core_6405.snap on /snap/core/6405 type squashfs (ro,nodev,relatime,x-gdu.hide)
/var/lib/snapd/snaps/core_6531.snap on /snap/core/6531 type squashfs (ro,nodev,relatime,x-gdu.hide)
/var/lib/snapd/snaps/riseup-vpn_116.snap on /snap/riseup-vpn/116 type squashfs (ro,nodev,relatime,x-gdu.hide)
/var/lib/snapd/snaps/riseup-vpn_98.snap on /snap/riseup-vpn/98 type squashfs (ro,nodev,relatime,x-gdu.hide)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,noexec,relatime,size=4843408k)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime)
tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=1614468k,mode=700,uid=1000,gid=1000)
/dev/sdb1 on /media/gabster/Debian 9.7.0 amd64 n type iso9660 (ro,nosuid,nodev,relatime,nojoliet,check=s,map=n,blocksize=2048,uid=1000,gid=1000,dmode=500,fmode=400,uhelper=udisks2)
fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
------------->8------------>8---------------->8-----------
I can provide more information if needed.
-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-4.19.0-4-amd64 root=/dev/mapper/host-root ro quiet apparmor=1 security=apparmor apparmor=1 security=apparmor apparmor=1 security=apparmor apparmor=1 security=apparmor apparmor=1 security=apparmor apparmor=1 security=apparmor apparmor=1 security=apparmor apparmor=1 security=apparmor
-- /etc/crypttab
sda1_crypt UUID=f100e85e-b832-489a-9e97-f1a9661a0c45 none luks,discard
-- /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/host-root / ext4 errors=remount-ro 0 1
/dev/mapper/host-swap none swap sw 0 0
#/dev/sdb1 /media/usb0 auto rw,user,noauto 0 0
#/dev/sdb2 /media/usb1 auto rw,user,noauto 0 0
tmpfs /tmp tmpfs nodev,nosuid,noexec,size=30% 0 0
-- lsmod
Module Size Used by
fuse 122880 1
ufs 86016 0
qnx4 16384 0
hfsplus 114688 0
hfs 69632 0
minix 40960 0
ntfs 110592 0
vfat 24576 0
msdos 20480 0
fat 86016 2 msdos,vfat
jfs 208896 0
xfs 1458176 0
ctr 16384 4
ccm 20480 6
nls_utf8 16384 1
isofs 45056 1
nft_chain_route_ipv4 16384 1
xt_CHECKSUM 16384 1
nft_chain_nat_ipv4 16384 4
ipt_MASQUERADE 16384 1
nf_nat_ipv4 16384 2 ipt_MASQUERADE,nft_chain_nat_ipv4
tun 49152 2
bridge 188416 0
stp 16384 1 bridge
llc 16384 2 bridge,stp
devlink 77824 0
snd_hda_codec_hdmi 57344 1
snd_hda_codec_realtek 118784 1
snd_hda_codec_generic 86016 1 snd_hda_codec_realtek
bnep 24576 2
binfmt_misc 20480 1
arc4 16384 2
intel_rapl 24576 0
x86_pkg_temp_thermal 16384 0
intel_powerclamp 16384 0
uvcvideo 118784 0
kvm_intel 241664 0
videobuf2_vmalloc 16384 1 uvcvideo
iwldvm 159744 0
videobuf2_memops 16384 1 videobuf2_vmalloc
wmi_bmof 16384 0
mei_wdt 16384 0
nf_log_ipv6 16384 5
videobuf2_v4l2 28672 1 uvcvideo
ip6t_REJECT 16384 1
btusb 53248 0
nf_reject_ipv6 16384 1 ip6t_REJECT
kvm 729088 1 kvm_intel
videobuf2_common 53248 2 videobuf2_v4l2,uvcvideo
btrtl 16384 1 btusb
mac80211 823296 1 iwldvm
btbcm 16384 1 btusb
btintel 24576 1 btusb
videodev 212992 3 videobuf2_v4l2,uvcvideo,videobuf2_common
bluetooth 643072 11 btrtl,btintel,btbcm,bnep,btusb
xt_hl 16384 1
iwlwifi 241664 1 iwldvm
irqbypass 16384 1 kvm
drbg 28672 1
ip6_tables 32768 1
snd_hda_intel 45056 3
intel_cstate 16384 0
intel_uncore 135168 0
ansi_cprng 16384 0
ip6t_rt 16384 1
evdev 28672 14
joydev 24576 0
intel_rapl_perf 16384 0
pcspkr 16384 0
iTCO_wdt 16384 0
i915 1728512 4
ecdh_generic 24576 1 bluetooth
media 45056 2 videodev,uvcvideo
snd_hda_codec 151552 4 snd_hda_codec_generic,snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec_realtek
sg 36864 0
serio_raw 16384 0
snd_hda_core 94208 5 snd_hda_codec_generic,snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec,snd_hda_codec_realtek
iTCO_vendor_support 16384 1 iTCO_wdt
cfg80211 765952 3 iwldvm,iwlwifi,mac80211
snd_hwdep 16384 1 snd_hda_codec
snd_pcm_oss 61440 0
snd_mixer_oss 28672 1 snd_pcm_oss
thinkpad_acpi 106496 1
snd_pcm 114688 5 snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec,snd_pcm_oss,snd_hda_core
drm_kms_helper 204800 1 i915
snd_timer 36864 1 snd_pcm
nf_log_ipv4 16384 5
nvram 16384 1 thinkpad_acpi
nf_log_common 16384 2 nf_log_ipv4,nf_log_ipv6
ipt_REJECT 16384 1
nf_reject_ipv4 16384 1 ipt_REJECT
drm 483328 5 drm_kms_helper,i915
snd 94208 17 snd_hda_codec_generic,snd_hda_codec_hdmi,snd_hwdep,snd_hda_intel,snd_hda_codec,snd_hda_codec_realtek,snd_timer,snd_pcm_oss,thinkpad_acpi,snd_pcm,snd_mixer_oss
xt_LOG 16384 2
mei_me 45056 1
soundcore 16384 1 snd
xt_multiport 16384 2
mei 118784 3 mei_wdt,mei_me
i2c_algo_bit 16384 1 i915
tpm_tis 16384 0
rfkill 28672 8 bluetooth,thinkpad_acpi,cfg80211
tpm_tis_core 20480 1 tpm_tis
tpm 65536 2 tpm_tis,tpm_tis_core
battery 24576 1 thinkpad_acpi
ac 16384 0
rng_core 16384 1 tpm
nft_limit 16384 13
video 45056 2 thinkpad_acpi,i915
wmi 28672 1 wmi_bmof
pcc_cpufreq 16384 0
button 16384 0
xt_limit 16384 0
xt_addrtype 16384 1
xt_tcpudp 16384 4
xt_conntrack 16384 1
nft_compat 20480 175
nft_counter 16384 224
squashfs 65536 6
jc42 16384 0
nf_conntrack_netbios_ns 16384 0
coretemp 16384 0
nf_conntrack_broadcast 16384 1 nf_conntrack_netbios_ns
nf_nat_ftp 16384 0
nf_nat 36864 2 nf_nat_ftp,nf_nat_ipv4
loop 36864 12
nf_conntrack_ftp 20480 1 nf_nat_ftp
parport_pc 32768 0
nf_conntrack 163840 8 xt_conntrack,nf_nat,nf_nat_ftp,ipt_MASQUERADE,nf_conntrack_netbios_ns,nf_nat_ipv4,nf_conntrack_broadcast,nf_conntrack_ftp
nf_defrag_ipv6 20480 1 nf_conntrack
nf_defrag_ipv4 16384 1 nf_conntrack
ppdev 20480 0
nfsd 425984 13
nf_tables 143360 660 nft_chain_route_ipv4,nft_compat,nft_chain_nat_ipv4,nft_counter,nft_limit
lp 20480 0
parport 57344 3 parport_pc,lp,ppdev
nfnetlink 16384 2 nft_compat,nf_tables
auth_rpcgss 73728 1 nfsd
nfs_acl 16384 1 nfsd
lockd 118784 1 nfsd
grace 16384 2 nfsd,lockd
sunrpc 425984 18 nfsd,auth_rpcgss,lockd,nfs_acl
ip_tables 28672 1
x_tables 45056 15 xt_conntrack,nft_compat,xt_LOG,xt_multiport,xt_tcpudp,ipt_MASQUERADE,xt_addrtype,xt_CHECKSUM,ip6t_rt,ip6_tables,ipt_REJECT,ip_tables,xt_limit,xt_hl,ip6t_REJECT
autofs4 49152 2
ext4 733184 1
crc16 16384 2 bluetooth,ext4
mbcache 16384 1 ext4
jbd2 122880 1 ext4
fscrypto 32768 1 ext4
ecb 16384 0
btrfs 1384448 0
zstd_decompress 81920 2 squashfs,btrfs
zstd_compress 172032 1 btrfs
xxhash 16384 2 zstd_compress,zstd_decompress
algif_skcipher 16384 0
af_alg 28672 1 algif_skcipher
dm_crypt 40960 1
dm_mod 155648 9 dm_crypt
raid10 57344 0
raid456 176128 0
async_raid6_recov 20480 1 raid456
async_memcpy 16384 2 raid456,async_raid6_recov
async_pq 16384 2 raid456,async_raid6_recov
async_xor 16384 3 async_pq,raid456,async_raid6_recov
async_tx 16384 5 async_pq,async_memcpy,async_xor,raid456,async_raid6_recov
xor 24576 2 async_xor,btrfs
raid6_pq 122880 4 async_pq,btrfs,raid456,async_raid6_recov
libcrc32c 16384 5 nf_conntrack,nf_nat,btrfs,xfs,raid456
crc32c_generic 16384 0
raid1 45056 0
raid0 20480 0
multipath 16384 0
linear 16384 0
md_mod 167936 6 raid1,raid10,raid0,linear,raid456,multipath
sd_mod 61440 4
uas 28672 0
usb_storage 73728 2 uas
crct10dif_pclmul 16384 0
crc32_pclmul 16384 0
crc32c_intel 24576 3
ghash_clmulni_intel 16384 0
pcbc 16384 0
ahci 40960 1
libahci 40960 1 ahci
aesni_intel 200704 6
libata 278528 2 libahci,ahci
aes_x86_64 20480 1 aesni_intel
crypto_simd 16384 1 aesni_intel
cryptd 28672 4 crypto_simd,ghash_clmulni_intel,aesni_intel
glue_helper 16384 1 aesni_intel
psmouse 172032 0
scsi_mod 249856 5 sd_mod,usb_storage,uas,libata,sg
sdhci_pci 45056 0
i2c_i801 28672 0
cqhci 28672 1 sdhci_pci
xhci_pci 16384 0
lpc_ich 28672 0
sdhci 57344 1 sdhci_pci
xhci_hcd 266240 1 xhci_pci
ehci_pci 16384 0
ehci_hcd 94208 1 ehci_pci
e1000e 282624 0
mmc_core 172032 3 sdhci,cqhci,sdhci_pci
usbcore 290816 8 xhci_hcd,ehci_pci,usb_storage,uvcvideo,ehci_hcd,btusb,xhci_pci,uas
usb_common 16384 1 usbcore
thermal 20480 0
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8) (ignored: LC_ALL set to en_CA.utf8), LANGUAGE=en_CA.utf8 (charmap=UTF-8) (ignored: LC_ALL set to en_CA.utf8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages cryptsetup depends on:
ii cryptsetup-initramfs 2:2.1.0-2
ii cryptsetup-run 2:2.1.0-2
cryptsetup recommends no packages.
cryptsetup suggests no packages.
-- debconf information:
cryptsetup/prerm_active_mappings: true
More information about the pkg-cryptsetup-devel
mailing list