Encrypted swap does not work

Bug #1736072 reported by dino99
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cryptsetup (Ubuntu)
Expired
High
Unassigned
systemd (Ubuntu)
Expired
High
Unassigned
ubiquity (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

On a working system, i've added a new hdd, and decided to use it as the main device storage.
So after doing the formatage (classic: / as ext4, swap, /home as ext4), i've set a bionic iso installation.
Ubiquity then have proposed to set an encrypted swap dir, which i have accepted, and then smootly terminated the installation.

Booting with that new install, i hit a cryptswap1 timeout after beeing frozen around 1 minute.

oem@ubuntu:~$ journalctl | grep cryptswap
systemd[1]: Starting Cryptography Setup for cryptswap2...
systemd[1]: Started Cryptography Setup for cryptswap2.
systemd[1]: Found device /dev/mapper/cryptswap2.
systemd[1]: Activating swap /dev/mapper/cryptswap2...
kernel: Adding 10584572k swap on /dev/mapper/cryptswap2. Priority:-1 extents:1 across:10584572k FS
systemd[1]: Activated swap /dev/mapper/cryptswap2.
systemd[1]: Starting Cryptography Setup for cryptswap1...
systemd[1]: Started Cryptography Setup for cryptswap1.

oem@ubuntu:~$ journalctl | grep timeout
systemd[1]: dev-disk-by\x2duuid-4c8437f6\x2d677d\x2d4740\x2dbdda\x2d072efadb49f4.device: Job dev-disk-by\x2duuid-4c8437f6\x2d677d\x2d4740\x2dbdda\x2d072efadb49f4.device/start failed with result 'timeout'.

Note: cryptswap2 refer to the new hdd's swap partition, cryptswap1 refer to the old hdd's swap partition.
/etc/fstab have been tested with only the active (mounted) disk, and with both. In both cases the timeout happens.

oem@ubuntu:~$ swapon -s
Filename Type Size Used Priority
/dev/dm-0 partition 10584572 221184 -1

Conclusion:
-ubiquity is proposing a non working feature (at least with multiple storage devices/swap partitions
- the cryptsetup version is not well supporting the kernel/systemd settings/configs

As Debian has more recent versions: 1.7.5-1 (sid) and 2.0.0 (experimental) with some new features and cleanups, it should be a positive test to replace the actual not working version with one of these.
http://metadata.ftp-master.debian.org/changelogs/main/c/cryptsetup/cryptsetup_2.0.0~rc1-1_changelog

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: cryptsetup 2:1.7.3-4ubuntu1
ProcVersionSignature: Ubuntu 4.13.0-18.21-generic 4.13.13
Uname: Linux 4.13.0-18-generic x86_64
ApportVersion: 2.20.8-0ubuntu2
Architecture: amd64
CurrentDesktop: GNOME
Date: Mon Dec 4 07:26:17 2017
EcryptfsInUse: Yes
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: cryptsetup
UpgradeStatus: No upgrade log present (probably fresh install)
cmdline: BOOT_IMAGE=/boot/vmlinuz-4.13.0-18-generic root=UUID=2f22752a-ca0f-4cff-b5d7-9754e6154d56 ro

Revision history for this message
dino99 (9d9) wrote :
description: updated
dino99 (9d9)
tags: added: upgrade-software-version
tags: added: rls-bb-incoming
Revision history for this message
dino99 (9d9) wrote :

Bionic now have the 1.7.5 version which act better. Log now suggest rather a race issue as swap is well set, but later.

Revision history for this message
dino99 (9d9) wrote :

oem@ubuntu:~$ journalctl -b | grep swap
kernel: zswap: loaded using pool lzo/zbud
systemd[1]: Starting Cryptography Setup for cryptswap1...
systemd[1]: Starting Cryptography Setup for cryptswap2...
systemd[1]: Activating swap /dev/disk/by-uuid/edef4081-d956-4b55-891f-a5244c1af87a...
swapon[645]: swapon: /dev/sdb5: swapon failed: Device or resource busy
systemd[1]: dev-disk-by\x2duuid-edef4081\x2dd956\x2d4b55\x2d891f\x2da5244c1af87a.swap: Swap process exited, code=exited status=255
systemd[1]: dev-disk-by\x2duuid-edef4081\x2dd956\x2d4b55\x2d891f\x2da5244c1af87a.swap: Failed with result 'exit-code'.
systemd[1]: Failed to activate swap /dev/disk/by-uuid/edef4081-d956-4b55-891f-a5244c1af87a.
systemd[1]: swap.target: Job swap.target/start failed with result 'dependency'.
mkswap[670]: Setting up swapspace version 1, size = 10.3 GiB (11060899840 bytes)
mkswap[670]: no label, UUID=0990eab9-c134-497c-a6f9-9044ec2ce533
systemd[1]: Started Cryptography Setup for cryptswap1.
mkswap[673]: Setting up swapspace version 1, size = 10.1 GiB (10838601728 bytes)
mkswap[673]: no label, UUID=955383e0-3545-440d-b531-80e8c46e6112
systemd[1]: Started Cryptography Setup for cryptswap2.
systemd[1]: Found device /dev/mapper/cryptswap2.
systemd[1]: Activating swap /dev/mapper/cryptswap2...
systemd[1]: Activated swap /dev/mapper/cryptswap2.
kernel: Adding 10584572k swap on /dev/mapper/cryptswap2. Priority:-1 extents:1 across:10584572k FS

Steve Langasek (vorlon)
Changed in cryptsetup (Ubuntu Bionic):
importance: Undecided → High
Changed in systemd (Ubuntu Bionic):
importance: Undecided → High
tags: removed: rls-bb-incoming
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Cryptsetup has been upgraded to 2.0.1 & systemd has been rebuilt with cryptsetup v2 abi support.

Is everything awesome now?

Changed in systemd (Ubuntu Bionic):
status: New → Incomplete
Changed in cryptsetup (Ubuntu Bionic):
status: New → Incomplete
Revision history for this message
dino99 (9d9) wrote :

Still confusing

oem@ubuntu:~$ journalctl -b | grep swap
Mar 26 14:46:29 ubuntu kernel: zswap: loaded using pool lzo/zbud
Mar 26 14:46:34 ubuntu kernel: Adding 10584572k swap on /dev/mapper/cryptswap2. Priority:-2 extents:1 across:10584572k FS
Mar 26 14:46:34 ubuntu swapon[667]: swapon: /dev/sdb5: swapon failed: Device or resource busy
Mar 26 14:46:34 ubuntu mkswap[707]: Setting up swapspace version 1, size = 10.1 GiB (10838601728 bytes)
Mar 26 14:46:34 ubuntu mkswap[707]: no label, UUID=e04a6122-cd13-44fa-9684-abc4d0f2480c
Mar 26 14:46:31 ubuntu systemd[1]: Starting Cryptography Setup for cryptswap2...
Mar 26 14:46:31 ubuntu systemd[1]: Activating swap /dev/disk/by-uuid/3e46d88a-0a7d-4200-a7c7-727472cdef09...
Mar 26 14:46:31 ubuntu systemd[1]: dev-disk-by\x2duuid-3e46d88a\x2d0a7d\x2d4200\x2da7c7\x2d727472cdef09.swap: Swap process exited, code=exited status=255
Mar 26 14:46:31 ubuntu systemd[1]: dev-disk-by\x2duuid-3e46d88a\x2d0a7d\x2d4200\x2da7c7\x2d727472cdef09.swap: Failed with result 'exit-code'.
Mar 26 14:46:31 ubuntu systemd[1]: Failed to activate swap /dev/disk/by-uuid/3e46d88a-0a7d-4200-a7c7-727472cdef09.
Mar 26 14:46:31 ubuntu systemd[1]: swap.target: Job swap.target/start failed with result 'dependency'.
Mar 26 14:46:32 ubuntu systemd[1]: Started Cryptography Setup for cryptswap2.
Mar 26 14:46:32 ubuntu systemd[1]: Found device /dev/mapper/cryptswap2.
Mar 26 14:46:32 ubuntu systemd[1]: Activating swap /dev/mapper/cryptswap2...
Mar 26 14:46:32 ubuntu systemd[1]: Activated swap /dev/mapper/cryptswap2.

Revision history for this message
dino99 (9d9) wrote :

Looks like the 'crypt' processes are ok; so i am thinking to do a fresh bionic install when it will be released, as ubiquity seems the one to blame.

oem@ubuntu:~$ journalctl -b | grep crypt
Mar 26 14:46:29 ubuntu kernel: Key type encrypted registered
Mar 26 14:46:34 ubuntu kernel: Adding 10584572k swap on /dev/mapper/cryptswap2. Priority:-2 extents:1 across:10584572k FS
Mar 26 14:46:31 ubuntu systemd[1]: Starting Cryptography Setup for cryptswap2...
Mar 26 14:46:31 ubuntu systemd-cryptsetup[666]: Set cipher aes, mode xts-plain64, key size 256 bits for device /dev/sdb5.
Mar 26 14:46:32 ubuntu systemd[1]: Started Cryptography Setup for cryptswap2.
Mar 26 14:46:32 ubuntu systemd[1]: Reached target Local Encrypted Volumes.
Mar 26 14:46:32 ubuntu systemd[1]: Found device /dev/mapper/cryptswap2.
Mar 26 14:46:32 ubuntu systemd[1]: Activating swap /dev/mapper/cryptswap2...
Mar 26 14:46:32 ubuntu systemd[1]: Activated swap /dev/mapper/cryptswap2.
Mar 26 14:46:39 ubuntu systemd[1009]: Listening on GnuPG cryptographic agent and passphrase cache (restricted).
Mar 26 14:46:39 ubuntu systemd[1009]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Mar 26 14:46:39 ubuntu systemd[1009]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers).
Mar 26 14:46:39 ubuntu systemd[1009]: Listening on GnuPG cryptographic agent and passphrase cache.
Mar 26 14:46:54 ubuntu gdm-password][1204]: pam_ecryptfs: Passphrase file wrapped
Mar 26 14:46:54 ubuntu systemd[1206]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Mar 26 14:46:54 ubuntu systemd[1206]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers).
Mar 26 14:46:54 ubuntu systemd[1206]: Listening on GnuPG cryptographic agent and passphrase cache (restricted).
Mar 26 14:46:54 ubuntu systemd[1206]: Listening on GnuPG cryptographic agent and passphrase cache.
Mar 26 14:47:11 ubuntu polkit-agent-helper-1[1709]: pam_ecryptfs: pam_sm_authenticate: /home/oem is already mounted
Mar 26 15:35:53 ubuntu sudo[5902]: pam_ecryptfs: pam_sm_authenticate: /home/oem is already mounted

tags: added: id-5ab94d352fa6a78baa2fab1e
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

I am confused about the original statement "Ubiquity then have proposed to set an encrypted swap dir" because ubiquity does not propose to do such things at all.

By default we do not create swap partitions, in the full disk encryption case we use LVM and encrypt the whole VG which contains swap as an LVM volume, home directory encryption has been removed.

Please indicate the steps performed in ubiquity that yielded "an ecrypted swap dir"?

Changed in ubiquity (Ubuntu Bionic):
status: New → Incomplete
no longer affects: ubiquity (Ubuntu Bionic)
no longer affects: systemd (Ubuntu Bionic)
no longer affects: cryptsetup (Ubuntu Bionic)
Revision history for this message
dino99 (9d9) wrote :

That was some times ago, and i had chosen to reuse my separate swap and home partitions, via the 'something else' install choice.

I was aware that the install design was changed to : swap file & home dir, but was expecting that ubiquity was still understanding the user choice. That is the main problem.

Instead i ended with cryptswap1 & 2, and i had to tweak fstab to try booting with the good swap to avoid complaint. But that seems impossible.

So, if the user still want to use partitions instead of file/dir, the ubiquity proposal to encrypt is not able to follow the user choice. This is something i have not understood when the installation was made (first time encrypting experience).

Do you mind offering such proposal on partition ? or is only choice is to encrypt the full disk ? (which is not my wish for future)

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for cryptsetup (Ubuntu) because there has been no activity for 60 days.]

Changed in cryptsetup (Ubuntu):
status: Incomplete → Expired
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for ubiquity (Ubuntu) because there has been no activity for 60 days.]

Changed in ubiquity (Ubuntu):
status: Incomplete → Expired
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for systemd (Ubuntu) because there has been no activity for 60 days.]

Changed in systemd (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.