[Feisty] crypted root doesnt mount on start (cryptsetup)

Bug #85640 reported by Carsten Schabacker
24
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cryptsetup (Ubuntu)
Fix Released
Medium
Stéphane Graber
initramfs-tools (Ubuntu)
Invalid
Undecided
Reinhard Tartler

Bug Description

After updating from edgy to feisty cryptsetup can not find device (see attached screenshot).

Mounting crypted device by hand "cryptsetup luksOpen /dev/hda5 root_c" works...

Tags: feisty
Revision history for this message
Carsten Schabacker (csc-web) wrote :

Screenshot attached.

Revision history for this message
Stéphane Graber (stgraber) wrote :

I may be wrong, but the new kernel (2.6.20) or 2.6.19 introduced a new harddisk management which now uses /dev/sdXY syntax for all harddisk/partition.
So your /dev/hda5 should now be /dev/sda5.

Apparently the update didn't change some files.

Revision history for this message
Stéphane Graber (stgraber) wrote :

Oops, sorry I didn't read your last line.
I just rechecked and Ubuntu doesn't have that option activated in the kernel so your partition is really /dev/hda5.

Looks like the system is trying to mount everything before the harddisks were detected and the corresponding modules loaded ...

Revision history for this message
Eduard Wulff (mail-eduard-wulff) wrote :

I can confirm this in feisty.

Workaround: see bug 21878 (https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/21878)

I also added:
setup_mapping()
{
+ # We need to wait for udev to do its stance
+ /sbin/udevsettle

I *think* it is redundant to the patch in 21878 but did not bother to test it after 6 hours in the night ...

Revision history for this message
Eduard Wulff (mail-eduard-wulff) wrote : udevsettle BAD in cryptsetup

For me the workaorund WITHOUT my patch works finally.

Be very careful when/from where/what to include in the initrd!

I wish (already on the list) there were a setup option to encrypt the filesystem like in Debian etch.

Notebooks without HD-encryption ( / is essential IMO ) are a desaster waiting to happen ...

Revision history for this message
Carsten Schabacker (csc-web) wrote :

thanks for the tip with udevsettle - i added it at 2 places:

--- /usr/share/initramfs-tools/scripts/local-top/cryptroot.orig 2007-02-25 20:26:04.057540831 +0100
+++ /usr/share/initramfs-tools/scripts/local-top/cryptroot 2007-02-25 20:56:21.484427131 +0100
@@ -171,6 +171,9 @@
                activate_evms $cryptsource
        fi

+ # wait for udev ready
+ /sbin/udevsettle --timeout=30
+
        if [ ! -e $cryptsource ]; then
                echo "cryptsetup: Source device $cryptsource not found"
                return 1
@@ -245,6 +248,8 @@
        done

        if [ $count -lt 3 ]; then
+ # wait for udev ready
+ /sbin/udevsettle --timeout=30
                return 0
        else
                echo "cryptsetup: maximum number of tries exceeded"

But I have had a second error: in /boot/grub/menu.lst the bootparameters root= and cryptoroot= where swapped (but it works with dapper before):

wrong

 root=/dev/hda5 cryptoroot=/dev/mapper/root_c

working:

 cryptoroot=/dev/hda5 root=/dev/mapper/root_c

Revision history for this message
uptimebox (uptimebox) wrote :

I can confirm, that this patch solved the same problem for me.

Revision history for this message
Jeremy Vies (jeremy.vies) wrote :

We have some similar problem on bug #83231.
I proposed them your solution based on udevsettle, and it works.
I also tried to add the "udevsettle --timeout XX" at the end of /usr/share/initramfs-tools/scripts/init-premount/udev.

May someone using cryptoroot try this ? if it works for you too, we have a global solution for both bugs.

Revision history for this message
Markus Brechtel (chaotika) wrote :

I can confirm that the patch from Carsten Schabacker worked for me. Now using crypted root. :-)

Changed in cryptsetup:
assignee: nobody → stgraber
Revision history for this message
jmc (launchpad-dodgeit) wrote :

I also confirm that the patch from Carsten Schabacker works, thanks a lot!
I really hope this is going to make it into Feisty! This was working on Edgy and it would be sad to have this kind of regression.
Like Eduard said notebooks without HD-encryption are really not a good idea...

Revision history for this message
jmc (launchpad-dodgeit) wrote :

This patch also works together with the patch from Gabriel Ambuehl to allow to resume from LUKS swap partition (see here: https://launchpad.net/bugs/91867)

Revision history for this message
Stéphane Graber (stgraber) wrote :

Here is a temporary fixed version of the package, please try it and give feed back.
If it's ok for everyone I'll attach the debdiff and ask for it to be uploaded.

Revision history for this message
Eduard Wulff (mail-eduard-wulff) wrote : Fixed package, please test

I did install the package - it did not break anything. Booting as before.

I can not confirm that it improved things since I patched my cryptsetup-scripts manually before and disabled splash.

Revision history for this message
Stéphane Graber (stgraber) wrote :
Changed in cryptsetup:
importance: Undecided → Medium
status: Confirmed → In Progress
Revision history for this message
jmc (launchpad-dodgeit) wrote :

I just installed the new package on a fresh installation of feisty and it works just fine.
Thanks a lot!

Revision history for this message
uptimebox (uptimebox) wrote :

Package works perfectly here.

Revision history for this message
golfbuf (golfbuf) wrote :

It works but takes a long time here. The boot hangs with the message about running early crypto disks and complains that it can't find /dev/mapper/cryptswap. After several minutes, the boot continues and once completed, everything (including cryptswap) is mounted. It's a painfully long boot time. Can it be sped up?

Revision history for this message
MichaelMattern (michael-visnu) wrote :

i had the same problem as you golfbuf, you can fix this by adding a directory "/dev/.static/dev/mapper", at least it worked for me :)

Revision history for this message
holst (henrik-holst-matmech) wrote :

I just tried your package Stéphane Graber, and it works great. =D
(I was wondering why I did not see it in repo already?)

Revision history for this message
Stéphane Graber (stgraber) wrote :

Because nobody uploaded it yet (I don't have the rights myself)

Revision history for this message
Stéphane Graber (stgraber) wrote :
Revision history for this message
Stéphane Graber (stgraber) wrote :
Changed in cryptsetup:
status: In Progress → Confirmed
Revision history for this message
holst (henrik-holst-matmech) wrote :

I noticed that you cant input wrong password. Then it will fail 3 times in a row without any more input tries.

Also, in previous versions anyways,
if you input wrong 2 times and correct the third time- you get the "number of tries exceed" error anyways.

Thanks for your time to help the community. (I just under who do we have to talk to around here to get you repo access? =D)

Revision history for this message
loko (arph) wrote :

Patch doesn't fix the whole problems at all.

My root is fine, encrypted /home still make some problems.

Booting up without "quite" and without "splash" i can see "Starting early crypto disks" and then nothing happens. The "Enter passphrase" never appear. If i bootup with splash and in quite mode, then it works.

Revision history for this message
loko (arph) wrote :

have forgot to mention, that this was working better in dapper. now at bootup, boot stops, i have to wait about 15-20 seconds, then it switches to console, where i can enter the passphrase. in dapper this was very quickly wihout waiting so long.

Also forgot, i use cryptsetup without luks.

Daniel T Chen (crimsun)
Changed in cryptsetup:
status: Confirmed → Fix Released
Revision history for this message
loko (arph) wrote :

after some testing i have to correct my posts above. for me it works (cryptsetup without luks) but mostly not. this means on boot - mostly the "Enter passphrase" message does not appear until i press some buttons. system seems to hang at "Starting early crypto disks". only a very few times the message "Enter passphrase" appear without pressing anything.

and also pressing is different from time to time. sometimes pressing only one key is enough, and sometimes, i had to press more than one (but not at the same time).

Changed in cryptsetup:
status: Fix Released → Confirmed
Revision history for this message
Markus Brechtel (chaotika) wrote :

For me cryptsetup with luks worked this way:

 * booting LiveCD feisty beta
 * installing cryptsetup in the lifesystem
 * partitioning the system in 4 partitions
 * formating and opening of luks encrypted devices for root home and swap (swap is onetimeencrypted)
 * starting graphical installer and installing the filesystems to the matching mapperdevices. boot unencrypted
 * chrooting in the rootfilesystem
 * mounting of /proc and /boot
 * updating the system
 * installation of cryptsetup
 * configuring of crypttab and the modules to be included in the initramfs
 * rebooting

It would be nice to have cryptofilesystem support in the ubuntu default installer. I think that it shouldn't be that much work anymore. debian supports cryptofilesystems in stable release, since etch was released.

Revision history for this message
Reinhard Tartler (siretart) wrote :

according to the response from Markus Brechtel and various other contributors to this bug it seems that we indeed have an interim solution for root for feisty.

Markus, regard the installer support: this warrants a spec on its own which I intend to write for sevilla. not scope of this bug.
regarding problems with mounting other filesystems than / at bootup, please file other bugs.

Changed in cryptsetup:
status: Confirmed → Fix Released
Revision history for this message
Luke R. Anderson BSc. (hons) (launchpad-lynysys) wrote :

Another issue with Cryptsetup on ubuntu Feisty is that when I try to open an existing device, cryptsetup freezes, however I get the following from an strace:

stat64("/dev/mapper/temporary-cryptsetup-19821", 0xafb323a8) = -1 ENOENT (No such file or directory)
nanosleep({0, 230000000}, NULL) = 0

Over and over again, I'm flummoxed :)

The full strace output is attached to this message.

Cryptsetup is version cryptsetup-luks 1.0.5

Revision history for this message
Emmet Hikory (persia) wrote :

I've unsubscribed ubuntu-universe-sponsors, as the all universe sponsorship is complete. Does this bug still require changes to initramfs-tools? If so, and sponsorship is required, please subscribe ubuntu-main-sponsors for upload. If not, please reject the initramfs-tools task. Thank you.

Revision history for this message
holst (henrik-holst-matmech) wrote :

I don't understand what this "sponsors" is but there is still the issue that I mentioned above:

"I noticed that you cant input wrong password. Then it will fail 3 times in a row without any more input tries."

Fails even with the latest cryptsetup package. Should be fixable pretty easy right?

Revision history for this message
Reinhard Tartler (siretart) wrote :

closing invalid task, fix is calling udevsettle in /sbin/cryptsetup.

please correct me if I'm wrong.

Changed in initramfs-tools:
assignee: nobody → siretart
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers