[Feisty] crypted root doesnt mount on start (cryptsetup)

Bug #85640 reported by Carsten Schabacker on 2007-02-16
24
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cryptsetup (Ubuntu)
Medium
Stéphane Graber
initramfs-tools (Ubuntu)
Undecided
Reinhard Tartler

Bug Description

After updating from edgy to feisty cryptsetup can not find device (see attached screenshot).

Mounting crypted device by hand "cryptsetup luksOpen /dev/hda5 root_c" works...

Carsten Schabacker (csc-web) wrote :

Screenshot attached.

Stéphane Graber (stgraber) wrote :

I may be wrong, but the new kernel (2.6.20) or 2.6.19 introduced a new harddisk management which now uses /dev/sdXY syntax for all harddisk/partition.
So your /dev/hda5 should now be /dev/sda5.

Apparently the update didn't change some files.

Stéphane Graber (stgraber) wrote :

Oops, sorry I didn't read your last line.
I just rechecked and Ubuntu doesn't have that option activated in the kernel so your partition is really /dev/hda5.

Looks like the system is trying to mount everything before the harddisks were detected and the corresponding modules loaded ...

I can confirm this in feisty.

Workaround: see bug 21878 (https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/21878)

I also added:
setup_mapping()
{
+ # We need to wait for udev to do its stance
+ /sbin/udevsettle

I *think* it is redundant to the patch in 21878 but did not bother to test it after 6 hours in the night ...

For me the workaorund WITHOUT my patch works finally.

Be very careful when/from where/what to include in the initrd!

I wish (already on the list) there were a setup option to encrypt the filesystem like in Debian etch.

Notebooks without HD-encryption ( / is essential IMO ) are a desaster waiting to happen ...

Carsten Schabacker (csc-web) wrote :

thanks for the tip with udevsettle - i added it at 2 places:

--- /usr/share/initramfs-tools/scripts/local-top/cryptroot.orig 2007-02-25 20:26:04.057540831 +0100
+++ /usr/share/initramfs-tools/scripts/local-top/cryptroot 2007-02-25 20:56:21.484427131 +0100
@@ -171,6 +171,9 @@
                activate_evms $cryptsource
        fi

+ # wait for udev ready
+ /sbin/udevsettle --timeout=30
+
        if [ ! -e $cryptsource ]; then
                echo "cryptsetup: Source device $cryptsource not found"
                return 1
@@ -245,6 +248,8 @@
        done

        if [ $count -lt 3 ]; then
+ # wait for udev ready
+ /sbin/udevsettle --timeout=30
                return 0
        else
                echo "cryptsetup: maximum number of tries exceeded"

But I have had a second error: in /boot/grub/menu.lst the bootparameters root= and cryptoroot= where swapped (but it works with dapper before):

wrong

 root=/dev/hda5 cryptoroot=/dev/mapper/root_c

working:

 cryptoroot=/dev/hda5 root=/dev/mapper/root_c

uptimebox (uptimebox) wrote :

I can confirm, that this patch solved the same problem for me.

Jeremy Vies (jeremy.vies) wrote :

We have some similar problem on bug #83231.
I proposed them your solution based on udevsettle, and it works.
I also tried to add the "udevsettle --timeout XX" at the end of /usr/share/initramfs-tools/scripts/init-premount/udev.

May someone using cryptoroot try this ? if it works for you too, we have a global solution for both bugs.

Markus Brechtel (chaotika) wrote :

I can confirm that the patch from Carsten Schabacker worked for me. Now using crypted root. :-)

Changed in cryptsetup:
assignee: nobody → stgraber
jmc (launchpad-dodgeit) wrote :

I also confirm that the patch from Carsten Schabacker works, thanks a lot!
I really hope this is going to make it into Feisty! This was working on Edgy and it would be sad to have this kind of regression.
Like Eduard said notebooks without HD-encryption are really not a good idea...

jmc (launchpad-dodgeit) wrote :

This patch also works together with the patch from Gabriel Ambuehl to allow to resume from LUKS swap partition (see here: https://launchpad.net/bugs/91867)

Stéphane Graber (stgraber) wrote :

Here is a temporary fixed version of the package, please try it and give feed back.
If it's ok for everyone I'll attach the debdiff and ask for it to be uploaded.

I did install the package - it did not break anything. Booting as before.

I can not confirm that it improved things since I patched my cryptsetup-scripts manually before and disabled splash.

Stéphane Graber (stgraber) wrote :
Changed in cryptsetup:
importance: Undecided → Medium
status: Confirmed → In Progress
jmc (launchpad-dodgeit) wrote :

I just installed the new package on a fresh installation of feisty and it works just fine.
Thanks a lot!

uptimebox (uptimebox) wrote :

Package works perfectly here.

golfbuf (golfbuf) wrote :

It works but takes a long time here. The boot hangs with the message about running early crypto disks and complains that it can't find /dev/mapper/cryptswap. After several minutes, the boot continues and once completed, everything (including cryptswap) is mounted. It's a painfully long boot time. Can it be sped up?

MichaelMattern (michael-visnu) wrote :

i had the same problem as you golfbuf, you can fix this by adding a directory "/dev/.static/dev/mapper", at least it worked for me :)

holst (henrik-holst-matmech) wrote :

I just tried your package Stéphane Graber, and it works great. =D
(I was wondering why I did not see it in repo already?)

Stéphane Graber (stgraber) wrote :

Because nobody uploaded it yet (I don't have the rights myself)

Stéphane Graber (stgraber) wrote :
Changed in cryptsetup:
status: In Progress → Confirmed
holst (henrik-holst-matmech) wrote :

I noticed that you cant input wrong password. Then it will fail 3 times in a row without any more input tries.

Also, in previous versions anyways,
if you input wrong 2 times and correct the third time- you get the "number of tries exceed" error anyways.

Thanks for your time to help the community. (I just under who do we have to talk to around here to get you repo access? =D)

loko (arph) wrote :

Patch doesn't fix the whole problems at all.

My root is fine, encrypted /home still make some problems.

Booting up without "quite" and without "splash" i can see "Starting early crypto disks" and then nothing happens. The "Enter passphrase" never appear. If i bootup with splash and in quite mode, then it works.

loko (arph) wrote :

have forgot to mention, that this was working better in dapper. now at bootup, boot stops, i have to wait about 15-20 seconds, then it switches to console, where i can enter the passphrase. in dapper this was very quickly wihout waiting so long.

Also forgot, i use cryptsetup without luks.

Daniel T Chen (crimsun) on 2007-04-15
Changed in cryptsetup:
status: Confirmed → Fix Released
loko (arph) wrote :

after some testing i have to correct my posts above. for me it works (cryptsetup without luks) but mostly not. this means on boot - mostly the "Enter passphrase" message does not appear until i press some buttons. system seems to hang at "Starting early crypto disks". only a very few times the message "Enter passphrase" appear without pressing anything.

and also pressing is different from time to time. sometimes pressing only one key is enough, and sometimes, i had to press more than one (but not at the same time).

Changed in cryptsetup:
status: Fix Released → Confirmed
Markus Brechtel (chaotika) wrote :

For me cryptsetup with luks worked this way:

 * booting LiveCD feisty beta
 * installing cryptsetup in the lifesystem
 * partitioning the system in 4 partitions
 * formating and opening of luks encrypted devices for root home and swap (swap is onetimeencrypted)
 * starting graphical installer and installing the filesystems to the matching mapperdevices. boot unencrypted
 * chrooting in the rootfilesystem
 * mounting of /proc and /boot
 * updating the system
 * installation of cryptsetup
 * configuring of crypttab and the modules to be included in the initramfs
 * rebooting

It would be nice to have cryptofilesystem support in the ubuntu default installer. I think that it shouldn't be that much work anymore. debian supports cryptofilesystems in stable release, since etch was released.

Reinhard Tartler (siretart) wrote :

according to the response from Markus Brechtel and various other contributors to this bug it seems that we indeed have an interim solution for root for feisty.

Markus, regard the installer support: this warrants a spec on its own which I intend to write for sevilla. not scope of this bug.
regarding problems with mounting other filesystems than / at bootup, please file other bugs.

Changed in cryptsetup:
status: Confirmed → Fix Released

Another issue with Cryptsetup on ubuntu Feisty is that when I try to open an existing device, cryptsetup freezes, however I get the following from an strace:

stat64("/dev/mapper/temporary-cryptsetup-19821", 0xafb323a8) = -1 ENOENT (No such file or directory)
nanosleep({0, 230000000}, NULL) = 0

Over and over again, I'm flummoxed :)

The full strace output is attached to this message.

Cryptsetup is version cryptsetup-luks 1.0.5

Emmet Hikory (persia) wrote :

I've unsubscribed ubuntu-universe-sponsors, as the all universe sponsorship is complete. Does this bug still require changes to initramfs-tools? If so, and sponsorship is required, please subscribe ubuntu-main-sponsors for upload. If not, please reject the initramfs-tools task. Thank you.

holst (henrik-holst-matmech) wrote :

I don't understand what this "sponsors" is but there is still the issue that I mentioned above:

"I noticed that you cant input wrong password. Then it will fail 3 times in a row without any more input tries."

Fails even with the latest cryptsetup package. Should be fixable pretty easy right?

Reinhard Tartler (siretart) wrote :

closing invalid task, fix is calling udevsettle in /sbin/cryptsetup.

please correct me if I'm wrong.

Changed in initramfs-tools:
assignee: nobody → siretart
status: New → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers