Encrypted home folder breaks swap

Bug #1367392 reported by ofb on 2014-09-09
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Linux Mint
New
Undecided
Unassigned

Bug Description

This report it to narrow down what is apparently a pretty common bug.

I've done eight installs to cover the four normal variations with and without encrypting the home folder.

Every time the home folder is encrypted the new install has a broken swap. Each of the installs with a broken swap has a boot that includes the common error 'keys:Continue to wait, or press S to skip mounting, or M for manual recovery'.

1. LVM with encrypted home
- error on boot
2. LVM without encryption
- no error
3. LVM with LUKS with encrypted home
- error on boot
4. LVM with LUKS only
- no error
5. Standard install with encrypted home
- error on boot
6. Standard install without encryption
- no error
7. 'Something Else' with encrypted home
- error on boot
8. 'Something Else' without encryption
- no error

1 LVM with encrypted home

n@n-desktop ~ $ cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/mint--vg-root / ext4 errors=remount-ro 0 1
# /boot was on /dev/sda1 during installation
UUID=1987f084-5db1-4531-a1c3-609b9247aa5b /boot ext2 defaults 0 2
/dev/mapper/mint--vg-swap_1 none swap sw 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0
/dev/mapper/cryptswap1 none swap sw 0 0
n@n-desktop ~ $ free
             total used free shared buffers cached
Mem: 1025252 814636 210616 10564 32356 476840
-/+ buffers/cache: 305440 719812
Swap: 0 0 0
n@n-desktop ~ $ cat /etc/crypttab
cryptswap1 UUID=8e2ff08e-8601-403e-bef9-6e940753e82a /dev/urandom swap,cipher=aes-cbc-essiv:sha256

2 LVM without encryption

n@n-desktop ~ $ cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/mint--vg-root / ext4 errors=remount-ro 0 1
# /boot was on /dev/sda1 during installation
UUID=17161e4d-6f23-4e05-a51c-68fa5189f9a7 /boot ext2 defaults 0 2
/dev/mapper/mint--vg-swap_1 none swap sw 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0
n@n-desktop ~ $ free
             total used free shared buffers cached
Mem: 1025252 682220 343032 10016 31856 350576
-/+ buffers/cache: 299788 725464
Swap: 1044476 0 1044476

3 LVM with LUKS with encrypted home

n@n-desktop ~ $ cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/mint--vg-root / ext4 errors=remount-ro 0 1
# /boot was on /dev/sda1 during installation
UUID=6a2484bd-c28b-49e0-8a77-4b2b8a36eacf /boot ext2 defaults 0 2
/dev/mapper/mint--vg-swap_1 none swap sw 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0
/dev/mapper/cryptswap1 none swap sw 0 0
n@n-desktop ~ $ free
             total used free shared buffers cached
Mem: 1025252 772580 252672 8140 32932 473532
-/+ buffers/cache: 266116 759136
Swap: 0 0 0
n@n-desktop ~ $ cat /etc/crypttab
sda5_crypt UUID=13341fad-a650-45cb-8a8d-cd2049d5026c none luks,discard
cryptswap1 UUID=e6dd2a2c-72fd-4f1f-9e69-fa7d9e4d9a28 /dev/urandom swap,cipher=aes-cbc-essiv:sha256

4 LVM with LUKS only

n@n-desktop ~ $ cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/mint--vg-root / ext4 errors=remount-ro 0 1
# /boot was on /dev/sda1 during installation
UUID=48f71c64-3fe0-4357-8573-ba25ac257e54 /boot ext2 defaults 0 2
/dev/mapper/mint--vg-swap_1 none swap sw 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0
n@n-desktop ~ $ free
             total used free shared buffers cached
Mem: 1025252 636268 388984 7996 31404 348388
-/+ buffers/cache: 256476 768776
Swap: 1044476 0 1044476
n@n-desktop ~ $ cat /etc/crypttab
sda5_crypt UUID=fd926976-223b-4c39-9924-7b96aa82acad none luks,discard

5 Standard install with encrypted home

n@n-desktop ~ $ cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
# / was on /dev/sda1 during installation
UUID=a8c2c969-3112-45b4-96db-2e7c5ecd73c3 / ext4 errors=remount-ro 0 1
# swap was on /dev/sda5 during installation
#UUID=903f17bc-93ec-4c4c-94c5-3410742db37d none swap sw 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0
/dev/mapper/cryptswap1 none swap sw 0 0
n@n-desktop ~ $ free
             total used free shared buffers cached
Mem: 1025252 772048 253204 8060 32700 471568
-/+ buffers/cache: 267780 757472
Swap: 0 0 0
n@n-desktop ~ $ cat /etc/crypttab
cryptswap1 UUID=903f17bc-93ec-4c4c-94c5-3410742db37d /dev/urandom swap,cipher=aes-cbc-essiv:sha256

6 Standard install without encryption

n@n-desktop ~ $ cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
# / was on /dev/sda1 during installation
UUID=7e48d3f1-f4e2-451d-bebe-ec9427754825 / ext4 errors=remount-ro 0 1
# swap was on /dev/sda5 during installation
UUID=8f807608-f74a-4ff4-9372-0332b09bcb88 none swap sw 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0
n@n-desktop ~ $ free
             total used free shared buffers cached
Mem: 1025252 677036 348216 11048 31156 349308
-/+ buffers/cache: 296572 728680
Swap: 1045500 0 1045500

7 'Something Else' with encrypted home

n@n-desktop ~ $ cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
# / was on /dev/sda1 during installation
UUID=96b7d12c-c8d5-4e9c-bdf6-2c69a5cd472e / ext4 errors=remount-ro 0 1
# /home was on /dev/sda6 during installation
UUID=d38974b2-03ea-44c3-aa7b-4edde30380dd /home ext4 defaults 0 2
# swap was on /dev/sda5 during installation
#UUID=7c285bea-fad2-4dff-b3c7-19e58d507841 none swap sw 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0
/dev/mapper/cryptswap1 none swap sw 0 0
n@n-desktop ~ $ free
             total used free shared buffers cached
Mem: 1025252 779732 245520 8164 35496 474924
-/+ buffers/cache: 269312 755940
Swap: 0 0 0
n@n-desktop ~ $ cat /etc/crypttab
cryptswap1 UUID=7c285bea-fad2-4dff-b3c7-19e58d507841 /dev/urandom swap,cipher=aes-cbc-essiv:sha256

8 'Something Else' without encryption

n@n-desktop ~ $ cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
# / was on /dev/sda1 during installation
UUID=76f4c186-e41b-4b2e-87c9-2eb60afdfbbc / ext4 errors=remount-ro 0 1
# /home was on /dev/sda6 during installation
UUID=f4e54f84-ea76-4abd-9174-31c776a0b6b3 /home ext4 defaults 0 2
# swap was on /dev/sda5 during installation
UUID=afed53bc-3035-460e-bdfd-d30be23b66c6 none swap sw 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0
n@n-desktop ~ $ free
             total used free shared buffers cached
Mem: 1025252 676904 348348 8924 31572 347468
-/+ buffers/cache: 297864 727388
Swap: 975868 0 975868

Test box was
System: Host: gundam Kernel: 3.13.0-24-generic i686 (32 bit) Desktop: N/A Distro: Linux Mint 17 Qiana
Machine: Mobo: ASUSTeK model: P4R800-VM version: 1.02 Bios: American Megatrends version: 1007.003 date: 09/05/2005
CPU: Single core Intel Pentium 4 CPU (-HT-) cache: 1024 KB flags: (sse sse2 sse3)
           Clock Speeds: 1: 2793.498 MHz 2: 2793.498 MHz

ofb (cottlestonpie) on 2014-09-09
tags: added: encryption home istaller swap
tags: added: installer
removed: istaller
description: updated
ofb (cottlestonpie) wrote :
Download full text (10.3 KiB)

Okay, I've now done the same eight installs on a different box, and using the 64bit Mate instead of 32bit. I got the same result:

Every time the home folder is encrypted the new install has a broken swap. Each of those boots includes the common error 'keys:Continue to wait, or press S to skip mounting, or M for manual recovery'.

1. LVM with encrypted home
- error on boot
2. LVM without encryption
- no error
3. LVM with LUKS with encrypted home
- error on boot
4. LVM with LUKS only
- no error
5. Standard install with encrypted home
- error on boot
6. Standard install without encryption
- no error
7. 'Something Else' with encrypted home
- error on boot
8. 'Something Else' without encryption
- no error

mint@mint ~ $ inxi -Fxz
System: Host: mint Kernel: 3.13.0-24-generic x86_64 (64 bit, gcc: 4.8.2) Desktop: N/A Distro: Linux Mint 17 Qiana
Machine: System: HP Pavilion 061 product: EL448AA-ABA a1310n version: 0nx1114RE101AMBEM00
           Mobo: ASUSTek model: Amberine M version: 1.03 Bios: Phoenix version: 3.13 date: 11/15/2005
CPU: Single core AMD Athlon 64 3700+ (-UP-) cache: 1024 KB flags: (lm nx sse sse2 sse3) bmips: 1989.89 clocked at 1000.00 MHz

1. LVM with encrypted home

n@n-EL448AA-ABA-a1310n ~ $ cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/mint--vg-root / ext4 errors=remount-ro 0 1
# /boot was on /dev/sda1 during installation
UUID=cad4fe16-d10c-4ebd-93f1-440b3292d3b4 /boot ext2 defaults 0 2
/dev/mapper/mint--vg-swap_1 none swap sw 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0
/dev/mapper/cryptswap1 none swap sw 0 0
n@n-EL448AA-ABA-a1310n ~ $ free
             total used free shared buffers cached
Mem: 1983396 1024332 959064 8324 34152 551408
-/+ buffers/cache: 438772 1544624
Swap: 0 0 0
n@n-EL448AA-ABA-a1310n ~ $ cat /etc/crypttab
cryptswap1 UUID=b0ba351e-06f4-48ef-b814-060c3c2d0a69 /dev/urandom swap,cipher=aes-cbc-essiv:sha256

2. LVM without encryption

n@n-EL448AA-ABA-a1310n ~ $ cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/mint--vg-root / ext4 errors=remount-ro 0 1
# /boot was on /dev/sda1 during installation
UUID=6693c900-7cc6-4793-bc7d-3e619ddd196e /boot ext2 defaults 0 2
/dev/mapper/mint--vg-swap_1 none swap sw 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0
n@n-EL448AA-ABA-a1310n ~ $ free
            ...

Hi,

Thanks for troubleshooting the installation so much. I think it's clear now the issue has to do with encryption setup in ubiquity.

You can stick to one installation type from now on (in the scope of troubleshooting this issue): i.e. standard installation with encrypted home directory.

Now, a few questions, after a standard installation with encrypted home dir, followed by a reboot, what do these commands return?

- swapon -s
- cat /proc/meminfo

Last but not least, please try to install Ubuntu 14.04 LTS (do not upgrade the installer) with a standard installation and encrypted home dir, and tell us if the problem happens over there as well.

ofb (cottlestonpie) wrote :

n@n-EL448AA-ABA-a1310n ~ $ swapon -s
Filename Type Size Used Priority

n@n-EL448AA-ABA-a1310n ~ $ cat /proc/meminfo
MemTotal: 1983328 kB
MemFree: 1003124 kB
Buffers: 63588 kB
Cached: 577580 kB
SwapCached: 0 kB
Active: 468952 kB
Inactive: 422560 kB
Active(anon): 251220 kB
Inactive(anon): 7456 kB
Active(file): 217732 kB
Inactive(file): 415104 kB
Unevictable: 0 kB
Mlocked: 0 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Dirty: 4 kB
Writeback: 0 kB
AnonPages: 250384 kB
Mapped: 76888 kB
Shmem: 8336 kB
Slab: 42676 kB
SReclaimable: 26020 kB
SUnreclaim: 16656 kB
KernelStack: 2504 kB
PageTables: 17576 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 991664 kB
Committed_AS: 1315196 kB
VmallocTotal: 34359738367 kB
VmallocUsed: 284092 kB
VmallocChunk: 34359447628 kB
HardwareCorrupted: 0 kB
AnonHugePages: 22528 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 2048 kB
DirectMap4k: 48064 kB
DirectMap2M: 1982464 kB

And for Ubuntu 14.04 LTS 32bit default install with encrypted home & not connected to the internet, we get the same broken swap.

>I think it's clear now the issue has to do with encryption setup in ubiquity.

Yup. What's mostly interesting is how something so widespread manages to go unreported.

I'll add the issue in our release notes.

ofb (cottlestonpie) wrote :

Good stuff. Thanks.

ofb (cottlestonpie) wrote :

Sorry, but I should say the addition to the Release Notes isn't quite clear. It makes it sound like the any encryption causes a misconfigured swap. In fact using LVM with LUKS alone works fine. The swap issue only occurs when 'encrypt my home folder' is selected during install.

(At least as far I could tell from my test set above.)

Thanks, I'll rephrase the issue.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers