Bug#945208: "No such file or directory" when attempting to decrypt LUKS during init
Amit Agnani
amitagnani at protonmail.com
Thu Nov 21 08:35:10 GMT 2019
Package: systemd
Version: 241-7~deb10u2
When attempting to decrypt LUKS-encrypted volumes under systemd (through
dracut) during boot/init, I get the following failure message:
systemd-cryptsetup[410]: Failed to activate with key file
'/run/systemd/cryptsetup/keydev-deviceluks/device-disk.key': No such
file or directory
when using a keyfile and:
systemd-cryptsetup[449]: Failed to activate with specified
passphrase: No such file or directory
when attempting to activate with an interactive passphrase (note: the
prompt does show up, the error message occurs after typing in the
passphrase).
In the case of the keyfile, the key file drive (key file is located on
an external drive) is mounted and accessible through the dracut recovery
console (which runs after a failed boot). The keyfile itself is readable.
The logged messages (obtained via systemctl status
systemd-cryptsetup at deviceluks.service):
Nov 20 09:13:46 device systemd[1]: Starting Cryptography Setup for
deviceluks...
Nov 20 09:13:46 device systemd-cryptsetup[410]: Key file
/run/systemd/cryptsetup/keydev-deviceluks/device-disk.key is
world-readable. This is not a good idea!
Nov 20 09:13:46 device systemd-cryptsetup[410]: WARNING: Locking
directory /run/cryptsetup is missing!
Nov 20 09:13:46 device systemd-cryptsetup[410]: Set cipher aes, mode
xts-plain64, key size 512 bits for device
/dev/disk/by-uuid/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.
Nov 20 09:13:46 device systemd-cryptsetup[410]: Failed to activate
with key file
'/run/systemd/cryptsetup/keydev-deviceluks/device-disk.key': No such
file or directory
Nov 20 09:13:46 device systemd[1]:
systemd-cryptsetup at deviceluks.service: Main process exited, code=exited,
status=1/FAILURE
Nov 20 09:13:46 device systemd[1]:
systemd-cryptsetup at deviceluks.service: Failed with result 'exit-code'.
Nov 20 09:13:46 device systemd[1]: Failed to start Cryptography
Setup for deviceluks.
indicating readability of the key file by systemd. Supplying an invalid
keyfile path (i.e. path to a non-existent file) yields the error:
Failed to activate with key file
'/run/systemd/cryptsetup/keydev-deviceluks/device-disk.key.1': Invalid
argument
The system is booted with dracut as the initrd and grub2 as the
bootloader (under UEFI) with the bootline:
root=/dev/mapper/device--lvm-root ro
rd.luks.name=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX=deviceluks
rd.luks.key=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX=/device-disk.key:LABEL=keydisk
intel_iommu=on
The root partition, located on an LVM2 LV, resides on the LUKS partition
that is being decrypted by systemd during init.
Kernel version: Linux device 4.19.0-6-amd64 #1 SMP Debian
4.19.67-2+deb10u2 (2019-11-11) x86_64 GNU/Linux
libc6: libc-2.28.so
-------------- next part --------------
A non-text attachment was scrubbed...
Name: systemd-cryptsetup at deviceluks.service
Type: text/x-dbus-service
Size: 1011 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20191121/c445bc1c/attachment-0001.bin>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: systemctl-status.txt
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20191121/c445bc1c/attachment-0003.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: keyfile_stat.txt
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20191121/c445bc1c/attachment-0004.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: journalctl.txt
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20191121/c445bc1c/attachment-0005.txt>
More information about the Pkg-systemd-maintainers
mailing list