Not possible to mount cryptsetup luks partitions at boot

Bug #1037703 reported by luislupe
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cryptsetup (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

I installed a fresh 12.04, after wiping 10.04 and encrypted a partition via cryptsetup luks...
I followed the same procedure as in 10.04 and it was working fine there.

After the boot process, I can manually open the encrypted partition as well as swapon on the swap partition.
The problem is that this doesn't work during the boot process as it should.
Ive been searching and this seems to be an 'old' problem now.

Here's my data:

Description: Ubuntu 12.04.1 LTS
Release: 12.04

# apt-cache policy cryptsetup
cryptsetup:
  Instalado: 2:1.4.1-2ubuntu4
  Candidato: 2:1.4.1-2ubuntu4
  Tabela de Versão:
 *** 2:1.4.1-2ubuntu4 0
        500 http://pt.archive.ubuntu.com/ubuntu/ precise/main i386 Packages
        100 /var/lib/dpkg/status

# apt-cache policy cryptmount
cryptmount:
  Instalado: 4.2.1-1
  Candidato: 4.2.1-1
  Tabela de Versão:
 *** 4.2.1-1 0
        500 http://pt.archive.ubuntu.com/ubuntu/ precise/universe i386 Packages
        100 /var/lib/dpkg/status

# apt-cache policy cryptsetup-bin
cryptsetup-bin:
  Instalado: 2:1.4.1-2ubuntu4
  Candidato: 2:1.4.1-2ubuntu4
  Tabela de Versão:
 *** 2:1.4.1-2ubuntu4 0
        500 http://pt.archive.ubuntu.com/ubuntu/ precise/main i386 Packages
        100 /var/lib/dpkg/status

# cat /etc/crypttab | grep -v '^#' | grep -v '^$'
encriptado /dev/sda6
cryptswap /dev/sda5 /dev/urandom swap

Although the process doesn't get to this point, there's my relevant lines of fstab
# grep -e 'cryptswap' -e 'encriptado' /etc/fstab
/dev/mapper/cryptswap swap swap defaults 0 0
/dev/mapper/encriptado /encriptado ext4 defaults 0 0

When I boot, I get these messages:
"""
The disk drive for /dev/mapper/encriptado is not ready yet or not present
Continue to wait; or press S to skip mounting or M for manual recovery

The disk drive for /dev/mapper/cryptswap is not ready yet or not present
Continue to wait; or press S to skip mounting or M for manual recovery
"""

If I wait, nothing happens.
If I press S (twice), none of the partitions are mapped:
# ls -l /dev/mapper/
total 0
crw------- 1 root root 10, 236 Ago 16 18:50 control

Thanks for any help, as this computer will not be used by me but by a non savvy person in this area.

Revision history for this message
luislupe (luislupe) wrote :

The line:
"The disk drive for /dev/mapper/encriptado is not ready yet or not present"

in fact is:
"The disk drive for /encriptado is not ready yet or not present"

Revision history for this message
Steve Langasek (vorlon) wrote :

> # cat /etc/crypttab | grep -v '^#' | grep -v '^$'
> encriptado /dev/sda6
> cryptswap /dev/sda5 /dev/urandom swap

This doesn't look like a well-formatted crypttab entry. The format of crypttab is <target name> <source device> <key file> <options>, and all fields are mandatory. So since cryptsetup can't parse the line, it never unlocks it (or prompts you for the key to unlock it), and mountall waits forever for the device.

Changed in cryptsetup (Ubuntu):
status: New → Invalid
Revision history for this message
luislupe (luislupe) wrote :

The crypttab I presented before was just one of many attempts I tried.

I've just tried with the four fields per line, like this:

# cat /etc/crypttab | grep -v '^#' | grep -v '^$'
encriptado /dev/sda6 none tries=4
cryptswap /dev/sda5 /dev/urandom swap

The result is the same.
I guess this is not a problem of incorrect configuration made by me, as I had this working in 10.04 and also in another distro.

Changed in cryptsetup (Ubuntu):
status: Invalid → New
Revision history for this message
Steve Langasek (vorlon) wrote :

ok, please attach any /var/log/upstart/cryptdisks-*.log files from the affected system.

Changed in cryptsetup (Ubuntu):
status: New → Incomplete
Revision history for this message
luislupe (luislupe) wrote :

Please consider the output of the requested files:

# cat cryptdisks-enable.log
* encriptado (starting)..
 * encriptado: the precheck for '/dev/sda6' failed: - The device /dev/sda6 contains a filesystem type crypto_LUKS.
 * encriptado (failed)... 
[fail]
 * cryptswap (starting)..
 * cryptswap: the precheck for '/dev/sda5' failed: - The device /dev/sda5 contains a filesystem type crypto_LUKS.
 * cryptswap (failed)... 
[fail]
   ...done.
 * encriptado (starting)..
 * encriptado: the precheck for '/dev/sda6' failed: - The device /dev/sda6 contains a filesystem type crypto_LUKS.
 * encriptado (failed)... 
[fail]
 * cryptswap (starting)..
 * cryptswap: the precheck for '/dev/sda5' failed: - The device /dev/sda5 contains a filesystem type crypto_LUKS.
 * cryptswap (failed)... 
[fail]
   ...done.
 * encriptado (starting)..
 * encriptado: the precheck for '/dev/sda6' failed: - The device /dev/sda6 contains a filesystem type crypto_LUKS.
 * encriptado (failed)... 
[fail]
   ...done.
 * encriptado (starting)..
 * encriptado: the precheck for '/dev/sda6' failed: - The device /dev/sda6 contains a filesystem type crypto_LUKS.
 * encriptado (failed)... 
[fail]
   ...done.
 * encriptado (starting)..
 * encriptado: the precheck for '/dev/sda6' failed: - The device /dev/sda6 contains a filesystem type crypto_LUKS.
 * encriptado (failed)... 
[fail]
   ...done.
 * encriptado (starting)..
 * encriptado: the precheck for '/dev/sda6' failed: - The device /dev/sda6 contains a filesystem type crypto_LUKS.
 * encriptado (failed)... 
[fail]
 * cryptswap (starting)..
 * cryptswap: the precheck for '/dev/sda5' failed: - The device /dev/sda5 contains a filesystem type crypto_LUKS.
 * cryptswap (failed)... 
[fail]
   ...done.

# cat cryptdisks-udev-_dev_sda5.log
 * cryptswap (starting)..
 * cryptswap: the precheck for '/dev/sda5' failed: - The device /dev/sda5 contains a filesystem type crypto_LUKS.
 * cryptswap (starting)..
 * cryptswap: the precheck for '/dev/sda5' failed: - The device /dev/sda5 contains a filesystem type crypto_LUKS.
 * cryptswap (starting)..
 * cryptswap: the precheck for '/dev/sda5' failed: - The device /dev/sda5 contains a filesystem type crypto_LUKS.

# cat cryptdisks-udev-_dev_sda5.log
 * cryptswap (starting)..
 * cryptswap: the precheck for '/dev/sda5' failed: - The device /dev/sda5 contains a filesystem type crypto_LUKS.
 * cryptswap (starting)..
 * cryptswap: the precheck for '/dev/sda5' failed: - The device /dev/sda5 contains a filesystem type crypto_LUKS.
 * cryptswap (starting)..
 * cryptswap: the precheck for '/dev/sda5' failed: - The device /dev/sda5 contains a filesystem type crypto_LUKS.

Revision history for this message
Steve Langasek (vorlon) wrote :

> * cryptswap: the precheck for '/dev/sda5' failed: - The device /dev/sda5 contains a filesystem type crypto_LUKS.

Ok, so this seems self-explanatory to me. The cryptsetup package has safety checks to avoid accidentally overwriting a real filesystem when creating a swap partition, and for whatever reason your existing /dev/sda5 is failing that check - i.e., whatever data is on that partition, it was not put there using your current crypttab '/dev/urandom' line.

This is an added safety feature in cryptsetup, added to address bug #474258. Try zeroing out /dev/sda5, to see if that fixes the problem for you?

Changed in cryptsetup (Ubuntu):
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers