Ubuntu
cryptsetup package

cant mount 2nd crypted partition within cryptroot

Bug #105266 reported by golfbuf
6
Affects Status Importance Assigned to Milestone
cryptsetup (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Using feisty. I'm within an encrypted root (/dev/sda10 mounted on /dev/mapper/sda10) and trying to open and mount another encrypted partition (/dev/sda8). device mapper fails, as follows:

root@localhost:~# ls -la /dev/mapper/
total 0
drwxr-xr-x 2 root root 100 2007-04-10 13:53 .
drwxr-xr-x 14 root root 14240 2007-04-10 13:54 ..
crw-rw---- 1 root root 10, 63 2007-04-10 09:52 control
brw-rw---- 1 root disk 254, 1 2007-04-10 13:53 cryptswap
brw-rw---- 1 root disk 254, 0 2007-04-10 13:52 sda10

root@localhost:~# cryptsetup luksOpen /dev/sda8 crypt8
Enter LUKS passphrase:
Unable to make device node for 'temporary-cryptsetup-6293'
Failed to read from key storage
Command failed.
root@localhost:~# ls -la /dev/mapper/
total 0
drwxr-xr-x 2 root root 120 2007-04-10 14:00 .
drwxr-xr-x 14 root root 14240 2007-04-10 14:00 ..
crw-rw---- 1 root root 10, 63 2007-04-10 09:52 control
brw-rw---- 1 root disk 254, 1 2007-04-10 13:53 cryptswap
brw-rw---- 1 root disk 254, 0 2007-04-10 13:52 sda10
brw-rw---- 1 root disk 254, 2 2007-04-10 14:00 temporary-cryptsetup-6293

gives this kern.log:

Apr 10 14:00:16 localhost kernel: [ 465.380000] device-mapper: ioctl: unable to remove open device temporary-cryptsetup-6293

I'm using ii cryptsetup 1.0.4+svn26-1ubuntu1, and had to apply the udevsettle patch meantioned in bug 85640 to be able to get a password prompt during boot.

golfbuf :~$ cryptsetup --version
cryptsetup-luks 1.0.5

Revision history for this message
golfbuf (golfbuf) wrote :

Some additional puzzling information. I have an exact copy of feisty on sda13, which I used to copy to sda10. The only difference is that sda13 is unencrypted, while sda10 is encrypted. So, I have just tried the same commands in sda13 that failed inside the encrypted partition.

The results are completely different. On sda13, cryptsetup luksOpen works as it should.

golfbuf :~$ ls -la /dev/mapper/
total 0
drwxr-xr-x 2 root root 100 2007-04-10 17:59 .
drwxr-xr-x 14 root root 14280 2007-04-10 18:00 ..
crw-rw---- 1 root root 10, 63 2007-04-10 13:51 control
brw-rw---- 1 root disk 254, 1 2007-04-10 17:59 cryptswap
brw-rw---- 1 root disk 254, 0 2007-04-10 17:56 sda10
golfbuf :~$ cat /proc/swaps
Filename Type Size Used Priority
/dev/mapper/cryptswap partition 1951856 0 -1
golfbuf :~$ sudo cryptsetup luksOpen /dev/sda8 crypt8
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.
golfbuf :~$ ls -la /dev/mapper/
total 0
drwxr-xr-x 2 root root 120 2007-04-10 18:02 .
drwxr-xr-x 14 root root 14280 2007-04-10 18:02 ..
crw-rw---- 1 root root 10, 63 2007-04-10 13:51 control
brw-rw---- 1 root disk 254, 2 2007-04-10 18:02 crypt8
brw-rw---- 1 root disk 254, 1 2007-04-10 17:59 cryptswap
brw-rw---- 1 root disk 254, 0 2007-04-10 17:56 sda10

So, I think the bug indicated that cryptsetup behaves differencly from within an encrypted partition than it does when outside an encrypted partition.

Weird!

Revision history for this message
golfbuf (golfbuf) wrote :

This is fixed by the release of kernel-2.6.20-15 and cryptsetup 1.0.4+svn26-1ubuntu2.

Changed in cryptsetup:
status: Unconfirmed → Fix Released
Revision history for this message
28dmx3939sjwhgrz (28dmx3939sjwhgrz-deactivatedaccount) wrote :

This issue doesn't seem to be fixed on the above versions as far as I can tell - I'm using 1.0.4+svn26-1ubuntu2 and linux-image-2.6.20-15.271.0.4+svn26-1ubuntu2 and I get the following error:

Creating enc partition (as root)

cryptsetup --verbose --hash=sha256 --cipher=aes-cbc-essiv:sha256 --key-size=256 luksFormat /dev/sda13

WARNING!
========
This will overwrite data on /dev/sda13 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Unable to make device node for 'temporary-cryptsetup-8858'
Failed to write to key storage.
Command failed.

So using the live cd I created the partition. Then tried to access it:

cryptsetup luksOpen /dev/sda13 home
Enter LUKS passphrase:
Unable to make device node for 'temporary-cryptsetup-8766'
Failed to read from key storage
Command failed.

Is there something I've missed??

Revision history for this message
Matej Kovacic (matej-kovacic) wrote :

The same problem here. I am using Feisty server and did dist-upgrade.

Booted from 2.6 .20-16-server, and the same problem remains.

However, you need to create /dev/.static/dev/mapper directory by:
sudo mkdir /dev/.static/dev/mapper

Then you can luksformat and cryptsetup luksOpen your partition. It works also after reboot.

This bug could be easily repaired, please do so.

Revision history for this message
Reinhard Tartler (siretart) wrote :

Antony, can you please check the existance and contents of /dev/.static/dev/mapper?

Revision history for this message
dannyswebb (d-webb) wrote :

just thought I would add my 2 pence here. I have the same problem but when attempting to luksformat at drive:

# cryptsetup luksFormat --hash=sha512 --cipher=aes-cbc-essiv:sha256 --key-size=256 /dev/hda5

WARNING!
========
This will overwrite data on /dev/hda5 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Rendezvous with udev timed out for 'temporary-cryptsetup-6838'; stat failed: No such file or directory
Failed to setup dm-crypt key mapping.
Check kernel for support for the aes-cbc-essiv:sha256 cipher spec and verify that /dev/hda5 contains at least 258 sectors.
Failed to write to key storage.
Command failed.

# ls -al /dev/.static/dev/|grep mapper
drwxr-xr-x 2 root root 4096 2007-08-14 21:25 mapper

strace provides;

stat64("/dev/mapper/temporary-cryptsetup-6838", 0xbfdbbe88) = -1 ENOENT (No such file or directory)
nanosleep({1, 870000000}, NULL) = 0
stat64("/dev/mapper/temporary-cryptsetup-6838", 0xbfdbbe88) = -1 ENOENT (No such file or directory)
nanosleep({1, 880000000}, NULL) = 0
stat64("/dev/mapper/temporary-cryptsetup-6838", 0xbfdbbe88) = -1 ENOENT (No such file or directory)
nanosleep({1, 890000000}, NULL) = 0
stat64("/dev/mapper/temporary-cryptsetup-6838", 0xbfdbbe88) = -1 ENOENT (No such file or directory)
nanosleep({1, 900000000}, NULL) = 0
stat64("/dev/mapper/temporary-cryptsetup-6838", 0xbfdbbe88) = -1 ENOENT (No such file or directory)
write(2, "Rendezvous with udev timed out f"..., 102) = 102
write(2, "\n", 1) = 1
stat64("/dev/.static/dev/mapper/temporary-cryptsetup-6838", 0xbfdbbe88) = -1 ENOENT (No such file or directory)
umask(0) = 022
mknod("/dev/.static/dev/mapper/temporary-cryptsetup-6838", S_IFBLK|0660, makedev(254, 0)) = 0
umask(022) = 0
chown32("/dev/.static/dev/mapper/temporary-cryptsetup-6838", 0, 6) = 0
stat64("/dev/.static/dev/mapper/temporary-cryptsetup-6838", {st_mode=S_IFBLK|0660, st_rdev=makedev(254, 0), ...}) = 0
unlink("/dev/.static/dev/mapper/temporary-cryptsetup-6838") = 0
write(2, "Failed to setup dm-crypt key map"..., 161) = 161
write(2, "Failed to write to key storage.\n", 32) = 32
write(2, "Command failed", 14) = 14
write(2, ".\n", 2) = 2
exit_group(-5) = ?

Revision history for this message
dannyswebb (d-webb) wrote :

oh, and I am running this kernel:
Linux desktop 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686 GNU/Linux

Revision history for this message
manuel (manuel-soto) wrote :

I've the same problem

$ sudo luksformat -t ext3 /dev/sdb
Creating encrypted device on /dev/sdb...

WARNING!
========
This will overwrite data on /dev/sdb irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Failed to setup dm-crypt key mapping.
Check kernel for support for the aes-cbc-essiv:sha256 cipher spec and verify that /dev/sdb contains at least 133 sectors.
Failed to write to key storage.
Command failed.
Could not create LUKS device /dev/sdb at /usr/sbin/luksformat line 58, <MOUNTS> line 20.

$ apt-cache policy cryptsetup
cryptsetup:
  Instalados: 2:1.0.5-2ubuntu2.1
  Candidato: 2:1.0.5-2ubuntu2.1
  Tabla de versión:
 *** 2:1.0.5-2ubuntu2.1 0
        500 http://mirrors.kernel.org gutsy-updates/main Packages
        100 /var/lib/dpkg/status
     2:1.0.5-2ubuntu2 0
        500 http://mirrors.kernel.org gutsy/main Packages

$ uname -a
Linux mrsoto-laptop 2.6.22-14-generic #1 SMP Tue Feb 12 07:42:25 UTC 2008 i686 GNU/Linux

$ cat /etc/issue
Ubuntu 7.10

Revision history for this message
manuel (manuel-soto) wrote :

Works after OS Restart

Revision history for this message
Imre Péntek (pentek-imre) wrote :

I have this output. Seems like it's the same bug:
# luksformat -t ext3 /dev/loop0
Creating encrypted device on /dev/loop0...

WARNING!
========
This will overwrite data on /dev/loop0 irrevocably.

Are you sure? (Type uppercase yes):
Could not create LUKS device /dev/loop0 at /usr/sbin/luksformat line 63, <MOUNTS> line 16.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.