Discussion:
Encrypted partitions not decrypted at boot time when using key-file.
(too old to reply)
Arbiel (gmx)
2018-03-27 14:41:42 UTC
Permalink
Raw Message
Hi

I am not quite sure to post at the right place. I do so because I got
the following lines when running "journalctl -xb" in a Ubuntu xenial
system, and more precisely

"Support:http://lists.freedesktop.org/mailman/listinfo/systemd-devel".

I added lines on # to border output from command lines and lines of +
to help locate relevant information.

Here are the lines:
#######################################################
mars 26 15:00:56 remi-Vostro-3550 systemd[1]:
dev-disk-by\x2duuid-4146dfad\x2d26f0\x2d4aec\x2d99c3\x2d8ab00c3e4297:-.ckf-victor\x2droot:1.device:
Job
dev-disk-by\x2duuid-4146dfad\x2d26f0\x2d4aec\x2d99c3\x2d8ab00c3e4297:-.ckf-victor\x2droot:1.device/start
timed out.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
mars 26 15:00:56 remi-Vostro-3550 systemd[1]: Timed out waiting for
device
dev-disk-by\x2duuid-4146dfad\x2d26f0\x2d4aec\x2d99c3\x2d8ab00c3e4297:-.ckf-victor\x2droot:1.device.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Subject: L'unité (unit)
dev-disk-by\x2duuid-4146dfad\x2d26f0\x2d4aec\x2d99c3\x2d8ab00c3e4297:-.ckf-victor\x2droot:1.device
a échoué
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
####################################################

"L'unité (unit)
dev-disk-by\x2duuid-4146dfad\x2d26f0\x2d4aec\x2d99c3\x2d8ab00c3e4297:-.ckf-victor\x2droot:1.device
a échoué"
means
"Unit
dev-disk-by\x2duuid-4146dfad\x2d26f0\x2d4aec\x2d99c3\x2d8ab00c3e4297:-.ckf-victor\x2droot:1.device
failed"

The corresponding device, a USB key, was perfectly connected. No doubt
about that because it also holds grub, and booting a GNU system requires
it to be connected, as shown in the following lines taken from
bootinfoscript output:

#####################################################
============================= Boot Info Summary:
===============================
++++++++++++++++++++++++++++++++++++++++++++
=> Windows 7/8/2012 is installed in the MBR of /dev/sda.
=> Grub2 (v2.00) is installed in the MBR of /dev/sdb and looks at
+++++++++++++++++++++++++++++++++++++++++++++
sector 1 of
the same hard drive for core.img. core.img is at this location and
looks
for (,msdos1)/grub.

and, further down

"blkid" output:
________________________________________________________________

Device UUID TYPE LABEL

/dev/mapper/victor-archos 0b1a0ad3-a97d-43c9-adbb-cd4b86474670 ext2
/dev/mapper/victor-boot 728d4e9f-3015-4571-b226-73a7155164af
ext2 victor-boot
/dev/mapper/victor-boot_alt 70c6be90-0e8d-4bae-85c2-e4493abfce8e
ext2 victor-boot_alt
/dev/mapper/victor-gumnon 473aaf37-8b79-4bd5-8b04-1ede572a8481
ext2 victor-gumnon
/dev/mapper/victor-home 767bbb95-4b40-4321-8394-2636e06b87a0
ext4 victor-home_alt
/dev/mapper/victor-home_alt c5faba25-bb99-4afd-84cc-575657c03fa5
ext4 victor-home
/dev/mapper/victor-home_jetable_l 37447a61-f946-4d38-a398-5a886c4e3f22
crypto_LUKS
/dev/mapper/victor-home_l 3d6502a4-ee71-4291-a17e-304e3027ca59
crypto_LUKS
/dev/mapper/victor-odos 763ceb54-0166-4266-a684-bbc7545f9861 ext4
/dev/mapper/victor-odos_l fd6afe40-b9c5-40af-a48f-d397bb57382f
crypto_LUKS
/dev/mapper/victor-oikia 5b96a110-0c7d-4ffa-acd8-7665bc84e18a ext4
/dev/mapper/victor-oikia_l 97aca676-26ee-4745-8d9f-336257426db3
crypto_LUKS
/dev/mapper/victor-ouranos 2f32f2a6-d8d5-485f-8a68-769ca1671bbe
ext2 victor-ouranos
/dev/mapper/victor-psilos 6d247bdb-0bad-4562-b8bb-0a69c06e85fd
ext4 victor-psilos
/dev/mapper/victor-root 4e0b8f16-2c9a-491f-8e13-d780893f65a4
ext4 victor-root
/dev/mapper/victor-root_alt_l bcc1027f-6078-449f-a26c-99706b5b59b4
crypto_LUKS
/dev/mapper/victor-root_l 78576555-f0c2-4c80-af4f-d763cc7ae71d
crypto_LUKS
/dev/mapper/victor-trophe 6412a23a-703e-4eea-bb34-2d9b973e4943 ext4
/dev/mapper/victor-usr c438ab5d-636a-4e87-bdbc-25700b1ebdad ext2
victor-usr
/dev/mapper/victor-usr_alt 07a8dd93-820b-40c1-a73b-2e71f6914167
ext2 victor-usr_alt
/dev/mapper/victor-xenial f0091524-8a6e-4980-9664-7863a2d8ce78 ext4
/dev/sda1 367C9BBD7C9B75F9 ntfs
multi_amorces
/dev/sda2 5A549F42549F1FB5 ntfs win7pro
/dev/sda3 6FA7-9CC9 vfat TRANSIT
/dev/sda4 mLCqaA-7Su3-x2BK-RMJZ-4Qzi-xfY1-IEnZv9 LVM2_member
/dev/sdb1 40FD37A875ADF030 ntfs Ibead
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
/dev/sdb2 4146dfad-26f0-4aec-99c3-8ab00c3e4297 ext2 .ibead
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
/dev/sdb3 7a9556f8-fdac-484d-8263-804bec042cf1 ext2 ..ibead
#########################################################


The fstab and crypttab of the running system were as follows :

########################################################
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/victor-xenial / ext4 errors=remount-ro
0 1


victor-root UUID=78576555-f0c2-4c80-af4f-d763cc7ae71d
/dev/disk/by-uuid/4146dfad-26f0-4aec-99c3-8ab00c3e4297:/.ckf/victor-root:1
++++++++++++++++++++++++++++++++++++++++++++++++++++
luks,keyscript=/lib/cryptsetup/scripts/passdev
+++++++++++++++++++++++++++++++++++++++++++++++++++++
victor-home UUID=3d6502a4-ee71-4291-a17e-304e3027ca59
/dev/disk/by-uuid/4146dfad-26f0-4aec-99c3-8ab00c3e4297:/.ckf/victor-home:1
luks,noauto,keyscript=/lib/cryptsetup/scripts/passdev
victor-odos UUID=fd6afe40-b9c5-40af-a48f-d397bb57382f
/dev/disk/by-uuid/4146dfad-26f0-4aec-99c3-8ab00c3e4297:/.ckf/victor-odos:1
luks,noauto,keyscript=/lib/cryptsetup/scripts/m_passdev
victor-oikia UUID=97aca676-26ee-4745-8d9f-336257426db3
/dev/disk/by-uuid/4146dfad-26f0-4aec-99c3-8ab00c3e4297:/.ckf/victor-oikia:1
luks,noauto,keyscript=/lib/cryptsetup/scripts/m_passdev
xavier-root UUID=2e167b67-6ac7-4ede-94bd-bafebcb3491c
/dev/disk/by-uuid/4146dfad-26f0-4aec-99c3-8ab00c3e4297:/.ckf/xavier-root:5
luks,noauto,keyscript=/lib/cryptsetup/scripts/passdev
xavier-home UUID=46889e2d-aac8-4869-8f6b-1d4f4deda420
/dev/disk/by-uuid/4146dfad-26f0-4aec-99c3-8ab00c3e4297:/.ckf/xavier-home:5
luks,noauto,keyscript=/lib/cryptsetup/scripts/passdev
soter-logisthen UUID=e400e0fa-e232-450c-97df-8625a93cc669
/dev/disk/by-uuid/4146dfad-26f0-4aec-99c3-8ab00c3e4297:/.ckf/soter-logisthen
luks,noauto,keyscript=/lib/cryptsetup/scripts/passdev
#########################################################


As can be deduced from these files, victor-xenial is a clear partition.
The system booted correctly. And the error message concerning
victor-root to time out stems for the fact that the "noauto" is absent
for the victor-root list of options.

As can also be seen in the crypttab file, I used a m_passdev module,
only to output messages as proof of the invocation on not invocation of
the module in charge of outputing the key

##############################################################
***@remi-Vostro-3550:~$ sudo cryptdisks_start victor-odos
* Starting crypto
disk... *
victor-odos (starting)..
declare --
param="/dev/disk/by-uuid/4146dfad-26f0-4aec-99c3-8ab00c3e4297:/.ckf/victor-odos:1"
declare -x CRYPTTAB_NAME="victor-odos"
declare -x
CRYPTTAB_SOURCE="/dev/disk/by-uuid/fd6afe40-b9c5-40af-a48f-d397bb57382f"
declare -x
CRYPTTAB_KEY="/dev/disk/by-uuid/4146dfad-26f0-4aec-99c3-8ab00c3e4297:/.ckf/victor-odos:1"
declare -x CRYPTTAB_TRIED="0"
declare -x CRYPTTAB_OPTIONS=" luks keyscript"
declare -- src="/dev/disk/by-uuid/4146dfad-26f0-4aec-99c3-8ab00c3e4297"
declare -- fic_cle="/.ckf/victor-odos"
declare -- delai="1"
declare -- dev="/dev/sdb2"
* victor-odos (started)...
[ OK ]
##########################################################

However, Ubuntu xenial fails at booting when victor-odos is root and
victor-oikia is /home, as specified in the following fstab, that is when
the crypted partitions are to be used to boot the system.

#######################################################
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/victor-odos / ext4 errors=remount-ro 0 1
/dev/mapper/victor-archos /boot ext2 defaults 0 2
/dev/mapper/victor-oikia /home ext4 defaults 0 2
/dev/mapper/victor-trophe /usr ext4 defaults 0 2
##########################################################

In that case, I obviously rub out the "noauto" option from the option
list. No messages are produced. m_passdev is not invoqued.

This bug does not occur with kernel 3.13.0-106-generic (Ubuntu Trusty)
xenial kernel is 4.13.0-36-generic.

Arbiel
Colin Guthrie
2018-03-27 15:36:20 UTC
Permalink
Raw Message
Hi,

Yeah, unfortunately that log line is very misleading (and has actually
been removed in more recent versions of systemd for this reason!)

Ultimately this is something which you should debug via your distro
support channels as disk encryption is ultimately implemented quite
differently in various distros.

Someone here might know the answer and be able to help out but I suspect
you may get more progress going via an Ubuntu specific support channel
of some kind - especially of folk there know what to look out for
specifically).

Col

Arbiel (gmx) wrote on 27/03/18 15:41:
> Hi
>
> I am not quite sure to post at the right place. I do so because I got
> the following lines when running "journalctl -xb" in a Ubuntu xenial
> system, and more precisely
>
> "Support:http://lists.freedesktop.org/mailman/listinfo/systemd-devel".
>
> I added lines on # to border output from command lines and lines of +
> to help locate relevant information.
>
> Here are the lines:
> #######################################################
> mars 26 15:00:56 remi-Vostro-3550 systemd[1]:
> dev-disk-by\x2duuid-4146dfad\x2d26f0\x2d4aec\x2d99c3\x2d8ab00c3e4297:-.ckf-victor\x2droot:1.device:
> Job
> dev-disk-by\x2duuid-4146dfad\x2d26f0\x2d4aec\x2d99c3\x2d8ab00c3e4297:-.ckf-victor\x2droot:1.device/start
> timed out.
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> mars 26 15:00:56 remi-Vostro-3550 systemd[1]: Timed out waiting for
> device
> dev-disk-by\x2duuid-4146dfad\x2d26f0\x2d4aec\x2d99c3\x2d8ab00c3e4297:-.ckf-victor\x2droot:1.device.
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> -- Subject: L'unité (unit)
> dev-disk-by\x2duuid-4146dfad\x2d26f0\x2d4aec\x2d99c3\x2d8ab00c3e4297:-.ckf-victor\x2droot:1.device
> a échoué
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> ####################################################
>
> "L'unité (unit)
> dev-disk-by\x2duuid-4146dfad\x2d26f0\x2d4aec\x2d99c3\x2d8ab00c3e4297:-.ckf-victor\x2droot:1.device
> a échoué"
> means
> "Unit
> dev-disk-by\x2duuid-4146dfad\x2d26f0\x2d4aec\x2d99c3\x2d8ab00c3e4297:-.ckf-victor\x2droot:1.device
> failed"
>
> The corresponding device, a USB key, was perfectly connected. No doubt
> about that because it also holds grub, and booting a GNU system requires
> it to be connected, as shown in the following lines taken from
> bootinfoscript output:
>
> #####################################################
> ============================= Boot Info Summary:
> ===============================
> ++++++++++++++++++++++++++++++++++++++++++++
> => Windows 7/8/2012 is installed in the MBR of /dev/sda.
> => Grub2 (v2.00) is installed in the MBR of /dev/sdb and looks at
> +++++++++++++++++++++++++++++++++++++++++++++
> sector 1 of
> the same hard drive for core.img. core.img is at this location and
> looks
> for (,msdos1)/grub.
>
> and, further down
>
> "blkid" output:
> ________________________________________________________________
>
> Device UUID TYPE LABEL
>
> /dev/mapper/victor-archos 0b1a0ad3-a97d-43c9-adbb-cd4b86474670 ext2
> /dev/mapper/victor-boot 728d4e9f-3015-4571-b226-73a7155164af
> ext2 victor-boot
> /dev/mapper/victor-boot_alt 70c6be90-0e8d-4bae-85c2-e4493abfce8e
> ext2 victor-boot_alt
> /dev/mapper/victor-gumnon 473aaf37-8b79-4bd5-8b04-1ede572a8481
> ext2 victor-gumnon
> /dev/mapper/victor-home 767bbb95-4b40-4321-8394-2636e06b87a0
> ext4 victor-home_alt
> /dev/mapper/victor-home_alt c5faba25-bb99-4afd-84cc-575657c03fa5
> ext4 victor-home
> /dev/mapper/victor-home_jetable_l 37447a61-f946-4d38-a398-5a886c4e3f22
> crypto_LUKS
> /dev/mapper/victor-home_l 3d6502a4-ee71-4291-a17e-304e3027ca59
> crypto_LUKS
> /dev/mapper/victor-odos 763ceb54-0166-4266-a684-bbc7545f9861 ext4
> /dev/mapper/victor-odos_l fd6afe40-b9c5-40af-a48f-d397bb57382f
> crypto_LUKS
> /dev/mapper/victor-oikia 5b96a110-0c7d-4ffa-acd8-7665bc84e18a ext4
> /dev/mapper/victor-oikia_l 97aca676-26ee-4745-8d9f-336257426db3
> crypto_LUKS
> /dev/mapper/victor-ouranos 2f32f2a6-d8d5-485f-8a68-769ca1671bbe
> ext2 victor-ouranos
> /dev/mapper/victor-psilos 6d247bdb-0bad-4562-b8bb-0a69c06e85fd
> ext4 victor-psilos
> /dev/mapper/victor-root 4e0b8f16-2c9a-491f-8e13-d780893f65a4
> ext4 victor-root
> /dev/mapper/victor-root_alt_l bcc1027f-6078-449f-a26c-99706b5b59b4
> crypto_LUKS
> /dev/mapper/victor-root_l 78576555-f0c2-4c80-af4f-d763cc7ae71d
> crypto_LUKS
> /dev/mapper/victor-trophe 6412a23a-703e-4eea-bb34-2d9b973e4943 ext4
> /dev/mapper/victor-usr c438ab5d-636a-4e87-bdbc-25700b1ebdad ext2
> victor-usr
> /dev/mapper/victor-usr_alt 07a8dd93-820b-40c1-a73b-2e71f6914167
> ext2 victor-usr_alt
> /dev/mapper/victor-xenial f0091524-8a6e-4980-9664-7863a2d8ce78 ext4
> /dev/sda1 367C9BBD7C9B75F9 ntfs
> multi_amorces
> /dev/sda2 5A549F42549F1FB5 ntfs win7pro
> /dev/sda3 6FA7-9CC9 vfat TRANSIT
> /dev/sda4 mLCqaA-7Su3-x2BK-RMJZ-4Qzi-xfY1-IEnZv9 LVM2_member
> /dev/sdb1 40FD37A875ADF030 ntfs Ibead
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> /dev/sdb2 4146dfad-26f0-4aec-99c3-8ab00c3e4297 ext2 .ibead
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> /dev/sdb3 7a9556f8-fdac-484d-8263-804bec042cf1 ext2 ..ibead
> #########################################################
>
>
> The fstab and crypttab of the running system were as follows :
>
> ########################################################
> # /etc/fstab: static file system information.
> #
> # Use 'blkid' to print the universally unique identifier for a
> # device; this may be used with UUID= as a more robust way to name devices
> # that works even if disks are added and removed. See fstab(5).
> #
> # <file system> <mount point> <type> <options> <dump> <pass>
> /dev/mapper/victor-xenial / ext4 errors=remount-ro
> 0 1
>
>
> victor-root UUID=78576555-f0c2-4c80-af4f-d763cc7ae71d
> /dev/disk/by-uuid/4146dfad-26f0-4aec-99c3-8ab00c3e4297:/.ckf/victor-root:1
> ++++++++++++++++++++++++++++++++++++++++++++++++++++
> luks,keyscript=/lib/cryptsetup/scripts/passdev
> +++++++++++++++++++++++++++++++++++++++++++++++++++++
> victor-home UUID=3d6502a4-ee71-4291-a17e-304e3027ca59
> /dev/disk/by-uuid/4146dfad-26f0-4aec-99c3-8ab00c3e4297:/.ckf/victor-home:1
> luks,noauto,keyscript=/lib/cryptsetup/scripts/passdev
> victor-odos UUID=fd6afe40-b9c5-40af-a48f-d397bb57382f
> /dev/disk/by-uuid/4146dfad-26f0-4aec-99c3-8ab00c3e4297:/.ckf/victor-odos:1
> luks,noauto,keyscript=/lib/cryptsetup/scripts/m_passdev
> victor-oikia UUID=97aca676-26ee-4745-8d9f-336257426db3
> /dev/disk/by-uuid/4146dfad-26f0-4aec-99c3-8ab00c3e4297:/.ckf/victor-oikia:1
> luks,noauto,keyscript=/lib/cryptsetup/scripts/m_passdev
> xavier-root UUID=2e167b67-6ac7-4ede-94bd-bafebcb3491c
> /dev/disk/by-uuid/4146dfad-26f0-4aec-99c3-8ab00c3e4297:/.ckf/xavier-root:5
> luks,noauto,keyscript=/lib/cryptsetup/scripts/passdev
> xavier-home UUID=46889e2d-aac8-4869-8f6b-1d4f4deda420
> /dev/disk/by-uuid/4146dfad-26f0-4aec-99c3-8ab00c3e4297:/.ckf/xavier-home:5
> luks,noauto,keyscript=/lib/cryptsetup/scripts/passdev
> soter-logisthen UUID=e400e0fa-e232-450c-97df-8625a93cc669
> /dev/disk/by-uuid/4146dfad-26f0-4aec-99c3-8ab00c3e4297:/.ckf/soter-logisthen
> luks,noauto,keyscript=/lib/cryptsetup/scripts/passdev
> #########################################################
>
>
> As can be deduced from these files, victor-xenial is a clear partition.
> The system booted correctly. And the error message concerning
> victor-root to time out stems for the fact that the "noauto" is absent
> for the victor-root list of options.
>
> As can also be seen in the crypttab file, I used a m_passdev module,
> only to output messages as proof of the invocation on not invocation of
> the module in charge of outputing the key
>
> ##############################################################
> ***@remi-Vostro-3550:~$ sudo cryptdisks_start victor-odos
> * Starting crypto
> disk... *
> victor-odos (starting)..
> declare --
> param="/dev/disk/by-uuid/4146dfad-26f0-4aec-99c3-8ab00c3e4297:/.ckf/victor-odos:1"
> declare -x CRYPTTAB_NAME="victor-odos"
> declare -x
> CRYPTTAB_SOURCE="/dev/disk/by-uuid/fd6afe40-b9c5-40af-a48f-d397bb57382f"
> declare -x
> CRYPTTAB_KEY="/dev/disk/by-uuid/4146dfad-26f0-4aec-99c3-8ab00c3e4297:/.ckf/victor-odos:1"
> declare -x CRYPTTAB_TRIED="0"
> declare -x CRYPTTAB_OPTIONS=" luks keyscript"
> declare -- src="/dev/disk/by-uuid/4146dfad-26f0-4aec-99c3-8ab00c3e4297"
> declare -- fic_cle="/.ckf/victor-odos"
> declare -- delai="1"
> declare -- dev="/dev/sdb2"
> * victor-odos (started)...
> [ OK ]
> ##########################################################
>
> However, Ubuntu xenial fails at booting when victor-odos is root and
> victor-oikia is /home, as specified in the following fstab, that is when
> the crypted partitions are to be used to boot the system.
>
> #######################################################
> # /etc/fstab: static file system information.
> #
> # Use 'blkid' to print the universally unique identifier for a
> # device; this may be used with UUID= as a more robust way to name devices
> # that works even if disks are added and removed. See fstab(5).
> #
> # <file system> <mount point> <type> <options> <dump> <pass>
> /dev/mapper/victor-odos / ext4 errors=remount-ro 0 1
> /dev/mapper/victor-archos /boot ext2 defaults 0 2
> /dev/mapper/victor-oikia /home ext4 defaults 0 2
> /dev/mapper/victor-trophe /usr ext4 defaults 0 2
> ##########################################################
>
> In that case, I obviously rub out the "noauto" option from the option
> list. No messages are produced. m_passdev is not invoqued.
>
> This bug does not occur with kernel 3.13.0-106-generic (Ubuntu Trusty)
> xenial kernel is 4.13.0-36-generic.
>
> Arbiel
> _______________________________________________
> systemd-devel mailing list
> systemd-***@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>


--

Colin Guthrie
colin(at)mageia.org
http://colin.guthr.ie/

Day Job:
Tribalogic Limited http://www.tribalogic.net/
Open Source:
Mageia Contributor http://www.mageia.org/
PulseAudio Hacker http://www.pulseaudio.org/
Trac Hacker http://trac.edgewall.org/
Loading...