[pkg-cryptsetup-devel] Bug#1023716: cryptsetup: cryptroot-unlock in initramfs fails with lvm
Hauke Mehrtens
hauke at hauke-m.de
Tue Nov 8 21:36:39 GMT 2022
Package: cryptsetup
Version: 2:2.5.0-6
Severity: important
Dear Maintainer,
Unlocking and mounting of the root partitions does not work any more
from the initramfs. When I call cryptroot-unlock and provide the disk
password I see some error messages about mdadm, but the bootup process
does not continue. If needed I can provide the detailed messages, they
are not in a log file, but only printed on screen. Normally I unlock the
system over the network from the initramfs, then I do not get any error
message, but the system continues to stay in initramfs.
It looks like this when unlocking the system unsuccessfully from the
initramfs over ssh:
----------
$ ssh root at 192.168.10.15
To unlock root partition, and maybe others like swap, run
`cryptroot-unlock`.
BusyBox v1.35.0 (Debian 1:1.35.0-2) built-in shell (ash)
Enter 'help' for a list of built-in commands.
~ # vi /scripts/local-top/cryptroot
~ # cryptroot-unlock
Please unlock disk sda3_crypt:
cryptsetup: sda3_crypt set up successfully
~ #
------------------
The system was installed using Debian bookworm in July 2022 and
unlocking worked fine at that time.
Then this change was introduced which broke the unlocking:
https://salsa.debian.org/cryptsetup-team/cryptsetup/-/commit/3854ce68641ba84b04df35828ccb9abcb569e5c6
When I revert this change and generate a new initramfs it works again.
Hauke
-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-6.0.0-2-amd64 root=/dev/mapper/system-root ro
rd.luks.options=discard
-- /etc/crypttab
sda3_crypt UUID=aabe34b0-d2e8-4e3f-9243-655acdc286bc none luks,discard
data1_crypt UUID=d835f05f-a68d-445a-b7b0-75092049d23b /etc/cryptkeyfile luks
data2_crypt UUID=e2cf01d0-2982-48b0-837f-d83cf1445185 /etc/cryptkeyfile luks
-- /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# systemd generates mount units based on this file, see systemd.mount(5).
# Please run 'systemctl daemon-reload' after making changes here.
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/system-root / ext4 errors=remount-ro 0 1
# /boot was on /dev/sda2 during installation
UUID=1a2f9f2a-4d12-49bf-a170-bb6536cf2a97 /boot ext4
defaults 0 2
# /boot/efi was on /dev/sda1 during installation
UUID=25FC-83BA /boot/efi vfat umask=0077 0 1
/dev/mapper/system-swap none swap sw 0 0
-- lsmod
Module Size Used by
vhost_net 36864 2
vhost 57344 1 vhost_net
vhost_iotlb 16384 1 vhost
tap 28672 1 vhost_net
tun 61440 5 vhost_net
ctr 16384 2
ccm 20480 6
dm_cache_smq 28672 1
dm_cache 73728 2 dm_cache_smq
dm_persistent_data 106496 1 dm_cache
dm_bio_prison 20480 1 dm_cache
dm_bufio 40960 1 dm_persistent_data
qrtr 49152 4
dm_raid 45056 3
bridge 311296 0
stp 16384 1 bridge
llc 16384 2 bridge,stp
binfmt_misc 24576 1
nls_ascii 16384 1
nls_cp437 20480 1
vfat 24576 1
intel_rapl_msr 20480 0
fat 90112 1 vfat
intel_rapl_common 28672 1 intel_rapl_msr
amdgpu 9347072 0
iwlmvm 376832 0
btusb 65536 0
btrtl 28672 1 btusb
btbcm 24576 1 btusb
btintel 45056 1 btusb
btmtk 16384 1 btusb
mac80211 1159168 1 iwlmvm
bluetooth 954368 6 btrtl,btmtk,btintel,btbcm,btusb
snd_hda_codec_hdmi 81920 1
libarc4 16384 1 mac80211
snd_hda_intel 57344 0
edac_mce_amd 40960 0
snd_intel_dspcfg 36864 1 snd_hda_intel
jitterentropy_rng 16384 1
iwlwifi 356352 1 iwlmvm
snd_intel_sdw_acpi 20480 1 snd_intel_dspcfg
snd_hda_codec 184320 2 snd_hda_codec_hdmi,snd_hda_intel
gpu_sched 53248 1 amdgpu
sha512_ssse3 49152 1
kvm_amd 155648 4
sha512_generic 16384 1 sha512_ssse3
drm_buddy 20480 1 amdgpu
eeepc_wmi 16384 0
drm_display_helper 184320 1 amdgpu
evdev 28672 2
snd_hda_core 122880 3
snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec
drbg 45056 1
kvm 1122304 1 kvm_amd
asus_wmi 61440 1 eeepc_wmi
cec 61440 1 drm_display_helper
cfg80211 1118208 3 iwlmvm,iwlwifi,mac80211
rc_core 69632 1 cec
snd_hwdep 16384 1 snd_hda_codec
drm_ttm_helper 16384 1 amdgpu
ansi_cprng 16384 0
platform_profile 16384 1 asus_wmi
snd_pcm 159744 4
snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec,snd_hda_core
irqbypass 16384 25 kvm
ttm 90112 2 amdgpu,drm_ttm_helper
battery 28672 1 asus_wmi
ecdh_generic 16384 1 bluetooth
ecc 40960 1 ecdh_generic
sparse_keymap 16384 1 asus_wmi
rapl 20480 0
ledtrig_audio 16384 1 asus_wmi
snd_timer 49152 1 snd_pcm
wmi_bmof 16384 0
drm_kms_helper 204800 3 drm_display_helper,amdgpu
pcspkr 16384 0
snd 122880 6
snd_hda_codec_hdmi,snd_hwdep,snd_hda_intel,snd_hda_codec,snd_timer,snd_pcm
ccp 118784 1 kvm_amd
i2c_algo_bit 16384 1 amdgpu
rfkill 32768 7 iwlmvm,asus_wmi,bluetooth,cfg80211
soundcore 16384 1 snd
k10temp 16384 0
rng_core 20480 1 ccp
sp5100_tco 20480 0
watchdog 32768 1 sp5100_tco
sg 40960 0
button 24576 0
acpi_cpufreq 32768 0
drm 606208 8
gpu_sched,drm_kms_helper,drm_display_helper,drm_buddy,amdgpu,drm_ttm_helper,ttm
msr 16384 0
fuse 176128 1
efi_pstore 16384 0
configfs 57344 1
ip_tables 36864 0
x_tables 61440 1 ip_tables
autofs4 53248 2
ext4 970752 2
crc16 16384 2 bluetooth,ext4
mbcache 16384 1 ext4
jbd2 167936 1 ext4
dm_crypt 61440 3
dm_mod 184320 85 dm_raid,dm_crypt,dm_cache,dm_bufio
efivarfs 24576 1
raid10 65536 0
raid456 180224 1 dm_raid
async_raid6_recov 24576 1 raid456
async_memcpy 20480 2 raid456,async_raid6_recov
async_pq 20480 2 raid456,async_raid6_recov
async_xor 20480 3 async_pq,raid456,async_raid6_recov
async_tx 20480 5
async_pq,async_memcpy,async_xor,raid456,async_raid6_recov
xor 24576 1 async_xor
raid6_pq 122880 3 async_pq,raid456,async_raid6_recov
libcrc32c 16384 2 dm_persistent_data,raid456
crc32c_generic 16384 0
raid1 53248 3
raid0 24576 0
multipath 20480 0
linear 20480 0
md_mod 192512 7
raid1,dm_raid,raid10,raid0,linear,raid456,multipath
sd_mod 65536 5
t10_pi 16384 1 sd_mod
crc32_pclmul 16384 0
crc32c_intel 24576 5
crc64_rocksoft_generic 16384 1
crc64_rocksoft 20480 1 t10_pi
crc_t10dif 20480 1 t10_pi
crct10dif_generic 16384 0
crct10dif_pclmul 16384 1
crc64 20480 2 crc64_rocksoft,crc64_rocksoft_generic
crct10dif_common 16384 3
crct10dif_generic,crc_t10dif,crct10dif_pclmul
ghash_clmulni_intel 16384 0
ahci 49152 5
libahci 49152 1 ahci
xhci_pci 20480 0
xhci_hcd 315392 1 xhci_pci
libata 401408 2 libahci,ahci
r8169 98304 0
realtek 36864 1
aesni_intel 393216 10
mdio_devres 16384 1 r8169
usbcore 344064 3 xhci_hcd,btusb,xhci_pci
scsi_mod 282624 3 sd_mod,libata,sg
crypto_simd 16384 1 aesni_intel
libphy 176128 3 r8169,mdio_devres,realtek
cryptd 28672 5 crypto_simd,ghash_clmulni_intel
i2c_piix4 28672 0
usb_common 16384 2 xhci_hcd,usbcore
scsi_common 16384 3 scsi_mod,libata,sg
wmi 36864 2 asus_wmi,wmi_bmof
video 61440 1 asus_wmi
gpio_amdpt 20480 0
gpio_generic 16384 1 gpio_amdpt
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.0.0-2-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages cryptsetup depends on:
ii cryptsetup-bin 2:2.5.0-6
ii debconf [debconf-2.0] 1.5.79
ii dmsetup 2:1.02.185-2
ii libc6 2.36-4
cryptsetup recommends no packages.
Versions of packages cryptsetup suggests:
ii cryptsetup-initramfs 2:2.5.0-6
ii dosfstools 4.2-1
pn keyutils <none>
ii liblocale-gettext-perl 1.07-4+b3
-- debconf information:
cryptsetup/prerm_active_mappings: true
More information about the pkg-cryptsetup-devel
mailing list