LUKS encrypted partition does not mount during boot

I have the same problem on both x86_64 and x86

I confirm the behavior.
My crypttab: chome /dev/sda5 none luks

During boot:
2 seconds with "Unlocking the disk /dev/sda5 (chome) Enter passphrase:"
then : Waiting for /home [SM]

Does not matter if I write my passwd during the first 2 seconds or after. It just "doing nothing after"

If I write a wrong passord the "input box" pops up again and again unntil correct password is written...
Then it "does nothing" again.

If I after a CORRECT entered passphrase starts a maintenance shell, and then do a "mount -a" my /home/disk is mounted correct.

I have also tried to have my luks key in a file (My crypttab: chome /dev/sda5 /etc/metno.key luks )
This works ok. ( But of courceI then am not asked for passphrase )

Please install mountall 2.10 and see if this fixes the problem.

Er, sorry - mountall 2.10 isn't built yet. So please wait until mountall 2.10 is built, /then/ install it and see if it fixes the problem. (It should be built in the next 24 hours)

For me it works after the mentioned update.

Fresh update from this morning ( April 6th , - including mountall 2.10:
Looks i little bit better, but:

I am running a system with crypted /home and /disk1
From my crypttab:
# <target name> <source device> <key file> <options>
chome /dev/sda5 none luks
cswap /dev/sda2 /dev/urandom swap
cdisk1 /dev/sda6 /home/metno.key luks
1. I expect to be asked for passphrase for the chome-disk.
2. Then the luks key for the cdisk1 should be found on the crypted home-disk.

With my luks key in a file (My crypttab: chome /dev/sda5 /etc/metno.key luks )
works ok.

With no luks-key in file (My crypttab: chome /dev/sda5 none luks )
" Unlocking the disk /dev/sda5 (chome)"
" Enter passphrase"

Then after a second:
" The disk drive for /home is not ready yet or not present "

Entering fail passphrase:
" Continue to wait; or press S to skip mounting or M for manual recovery", - then back to Enter passphrase. ( New question of passhprase 6 times , then just " Continue to wait; or press..........."
This is OK.

Entering correct passphrase:
"Continue to wait; or press S to skip mounting or M for manual recovery"
Then it unlocks the chome-disk next message comes:
"The disk drive for /disk1 is not ready yet or not present"
Then pressing S to skip /disk1.
When doing a mountall:
"swapon: /dev/mapper/cswap: swapon failed: Device or resource busy
mountall: swapon /dev/mapper/cswap [2662] terminated with status 255
mountall: Problem activating swap: /dev/mapper/cswap
mountall: Skipping mounting /disk1 since Plymouth is not available
"

which plymouth:
/bin/plymouth

dpkg -l plymouth:
0.8.1-4ubuntu1

 /etc/init.d/plymouth start
Rather than invoking init scripts through /etc/init.d, use the service(8)
utility, e.g. service plymouth start

Since the script you are attempting to invoke has been converted to an
Upstart job, you may also use the start(8) utility, e.g. start plymouth
plymouth start/running, process 2702

 ps -ef |grep ply
root 2702 1 0 10:14 ? 00:00:00 /sbin/plymouthd --mode=boot --attach-to-session
root 2712 2588 0 10:15 pts/1 00:00:00 grep --color=auto ply

mountall:
hangs with
"swapon: /dev/mapper/cswap: swapon failed: Device or resource busy
mountall: swapon /dev/mapper/cswap [2768] terminated with status 255
mountall: Problem activating swap: /dev/mapper/cswap"

Final: I am quite sure that i saw all working ok during one boot !

> From my crypttab:
> # <target name> <source device> <key file> <options>
> chome /dev/sda5 none luks
> cswap /dev/sda2 /dev/urandom swap
> cdisk1 /dev/sda6 /home/metno.key luks
> 1. I expect to be asked for passphrase for the chome-disk.
> 2. Then the luks key for the cdisk1 should be found on the crypted home-disk.

That's not going to work, you have nothing in your configuration to tell the cryptsetup upstart job that unlocking cdisk1 needs to wait until /home is mounted before trying to decrypt the disk. I think you're going to need to use a key script for this (see crypttab(5) for details).

> "swapon: /dev/mapper/cswap: swapon failed: Device or resource busy
> mountall: swapon /dev/mapper/cswap [2662] terminated with status 255

That looks like a valid, but unrelated bug; please open a new bug report for this.

> Final: I am quite sure that i saw all working ok during one boot !

Without a keyscript, the order in which the cryptsetup operations are handled is arbitrary, so that's possible if you typed your passphrase really fast that time.

jmcantrell, would appreciate your confirmation of whether the current mountall fixes this for you.

Ok. Thanks.
 I will try to make a key-script. I was just a bit confused because this works in 8.04, and the man crypttab says:
The order of records in crypttab is important because the /etc/init.d/cryptdisks script sequentially iterates through crypttab doing its thing.

A fresh install of Lucid (as of this morning), and I've got the same issue. My first drive ( / ) is unlocked and set up properly, but as I'm typing my password for /home drive, a message pops up saying that the drive is no ready: "the disk drive for /home is not ready yet or not present".

Also, ubuntu logo has weird green highlight around it while this message is on.

Славиша,

It's reasonable for the message to pop up that the drive is not ready yet. Does this message prevent you from finishing to type your passphrase and decrypt the device? Does it prevent the disk from being mounted after the device has been decrypted?

Steve,

The message does not prevent me from typing my password, however, upon finishing typing it, I am faced with a blank screen so I guess /home never gets mounted.

My HD is partitioned into 3 volumes: /boot, / and /home. /boot is not encrypted, / mounts fine, and /home never does. Also, I tried setting up a key file to decrypt /home when / is decrypted, but that didn't work either. It reported that there was an error mounting /home.

Thanks,

Slav.

Anything on this? It's D-3 days, and people that have encrypted drives are locked out. Will I have to format my drive and use only 1 partition for both / and /home?

Thanks,

Slav.

Please check whether this is fixed by installing version 2.02.54-1ubuntu4 of the dmsetup package. This is likely to be a duplicate of bug #561390, fixed today.

Hi Steve,

No dice. Tried that, and it didn't work. There were no changes to the behavior whatsoever.

Thanks,

Slav.

Well, unfortunately this means you're the only user reporting this problem, whereas everyone else who's commented on the bug says it's already fixed for them. And I can't reproduce the problem either, despite having set up test devices in /etc/crypttab and /etc/fstab for the purpose. So it's too late to fix this before the release when we don't even understand it - and fixing it at all /after/ release is still going to require us to understand what's happening here.

Can you attach /var/log/udev.log from the affected system?

I'm in the process of upgrading from Karmic to Lucid and / is a LUKS encrypted LVM that mounts at boot after unlocking the partition. I came across this looking to see if there were any current bugs with unlocking/mounting LUKS partitions at boot.

I'm posting before I run into any problems. If I do, I'll document them here. Otherwise, I'll report success. *fingers crossed*

Steve,

I did a fresh install. I still get the same error message that /home is not ready, but it gets mounted.

Thanks,

Slav.

Did not have any problems upgrading from Karmic.

Hi, I'm using Lucid and it also happens in my case.

Distro: Ubuntu Lucid
Kernel: Linux 2.6.32-22-generic #33-Ubuntu SMP Wed Apr 28 13:28:05 UTC 2010 x86_64 GNU/Linux
Mountall version: 2.15

Using LVM: no
Using RAID: yes (software RAID level 5 with 3 drives – dm_raid45)

Using encrypted root: no
Using encrypted partitions: yes (LUKS partition – dm_crypt)

--------------------------------------------------------
Startup messages:

fsck from util-linux-ng 2.17.2
fsck from util-linux-ng 2.17.2
/dev/md0: clean, 3847/62336 files, 22540/248976 blocks
/dev/md1: clean, 742910/13189120 files, 7232618/52733312 blocks
fsck from util-linux-ng 2.17.2
/dev/mapper/cryptarchive: clean, 4253477/48832512 files, 39146035/195313671 blocks (check in 2 mounts)

  (and then the system hangs until I press 'S')
  (after pressing 'S' it seems to redo some of the operations or just reports them again):

Starting cryptmount early targets (hit shift/ctrl if short of entropy):
fsck from util-linux-ng 2.17.2
fsck from util-linux-ng 2.17.2
/dev/md0: clean, 3847/62336 files, 22540/248976 blocks
/dev/md1: clean, 742910/13189120 files, 7232618/52733312 blocks
fsck from util-linux-ng 2.17.2
/dev/mapper/cryptarchive: clean, 4253477/48832512 files, 39146035/195313671 blocks (check in 2 mounts)
Starting cryptmount early targets (hit shift/ctrl if short of entropy):
 * Setting sensors limits [ OK ]

--------------------------------------------------------
my /etc/fstab:

proc /proc proc nodev,noexec,nosuid 0 0

# md1
UUID=14830471-35be-4ab6-9cb7-7af7b7807e3c / ext4 relatime,user_xattr,errors=remount-ro 0 1

# md0
UUID=3731fcef-4750-418f-ab74-f66d3520972b /boot ext2 defaults 0 2

# /dev/mapper/cryptarchive using md4
/dev/mapper/cryptarchive /mnt/archive ext4 nodev,nosuid,noexec,relatime,user_xattr,data=writeback 1 2

# I also tried the last entry with 0 1 parameters instead of 1 2 at the end – same problem

------------------------------------------------
my /etc/crypttab:

# i also added "noearly" but it did not help

cryptarchive UUID=8c55702e-49ab-4599-948b-73a1e276f75a /mnt/sux/a_key luks,noearly

------------------------------------------------
my /var/log/boot.log:

fsck from util-linux-ng 2.17.2
fsck from util-linux-ng 2.17.2
/dev/md0: clean, 3847/62336 files, 22540/248976 blocks
/dev/md1: clean, 742910/13189120 files, 7232618/52733312 blocks
fsck from util-linux-ng 2.17.2
/dev/mapper/cryptarchive: clean, 4253477/48832512 files, 39146035/195313671 blocks (check in 2 mounts)
Starting cryptmount early targets (hit shift/ctrl if short of entropy):
 * Setting sensors limits ESC[80G ^MESC[74G[ OK ]

Pawel,

What is /mnt/sux? You don't mention it being in your /etc/fstab, but I don't see what you would hope to accomplish by using LUKS if your decryption key is sitting on your unencrypted root partition.

What do you get on the screen if you boot with the 'splash' option?

Steve,

/mnt/sux is an USB drive with a key.
I removed it from other places since I didn't want to publicly spread some semi-sensitive information about my computer.
I'm sending you copy of the private message that I sent to Scott, it also contains real data logs.

Regards,
Pawel

PS: I'll try splash but first I have to bring some monitor to the room since I'm using serial console to manage that machine.