installer in LVM mode sets up broken encrypted swap, using duplicate unencrypted swap
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| eCryptfs |
Undecided
|
Unassigned | ||
| ecryptfs-utils (Ubuntu) |
High
|
Martin Pitt | ||
| Trusty |
Medium
|
Unassigned | ||
| Utopic |
High
|
Unassigned | ||
| Vivid |
High
|
Unassigned | ||
| Wily |
High
|
Martin Pitt |
Bug Description
When installing Ubuntu with "Use LVM" (but not encryption!), and "encrypt my home dir", the installer adds the original unencrypted swap to fstab. Then, ecryptfs-setup-swap keeps that, and additionally configures an encrypted swap via an UUID and without offset (which would trigger bug 953875 again!), so that you end up with *two* swap configs for one and the same partition, once unencrypted and once encrypted:
fstab:
/dev/mapper/
/dev/mapper/
crypttab:
cryptswap1 UUID=f636d7ef-
(UUID is for ubuntubuntu-
SRU TEST CASE:
--------------
- Install 15.04 with LVM (no encryption) and select "encrypt my home dir"
- Boot will ask you for a (nonexisting) passphrase for the swap partition; press Enter
- Install the update
- Reboot and verified that the bogus passphrase question is gone
- Verify that "swapon -s" has a swap partition (usually dm-2), and that /dev/mapper/
Denny (denny-klessens) wrote : | #2 |
Denny (denny-klessens) wrote : | #3 |
Denny (denny-klessens) wrote : | #4 |
Denny (denny-klessens) wrote : | #6 |
ls -lR /dev/mapper
/dev/mapper:
total 0
crw------- 1 root root 10, 236 mei 12 07:26 control
lrwxrwxrwx 1 root root 7 mei 12 07:26 ubuntu--vg-root -> ../dm-0
lrwxrwxrwx 1 root root 7 mei 12 07:26 ubuntu--vg-swap_1 -> ../dm-1
Denny (denny-klessens) wrote : | #7 |
Nobuto Murata (nobuto) wrote : | #8 |
I can confirm this issue with daily-live image Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20150512) using:
* UEFI
* GPT
* encrypted LVM(LUKS)
* encrypted home dir(ecryptfs)
Changed in ecryptfs-utils (Ubuntu): | |
status: | Incomplete → Confirmed |
Rowdy van der Veen (rowdy) wrote : | #9 |
I just registered to confirm this issue.
I just did a clean install of 15.04 and let Ubuntu use the entire drive. LVM was checked and encrypt home folder.
I did not select full disk encryption.
After setup completed, I was asked for the password of the swap partition, which just an (enter) bypassed.
After that, I am prompted for the password every time I install updates (just enter makes it go away again).
Do I need to post more info or are these details enough to reproduce the issue?
Rowdy van der Veen (rowdy) wrote : | #10 |
This is my fdisk -l output:
[sudo] password for rowdy:
Disk /dev/sda: 111,8 GiB, 120034123776 bytes, 234441648 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x6fb7e2e7
Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 499711 497664 243M 83 Linux
/dev/sda2 501758 234440703 233938946 111,6G 5 Extended
/dev/sda5 501760 234440703 233938944 111,6G 8e Linux LVM
Disk /dev/mapper/
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk /dev/mapper/
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Vindicator (vindicator) wrote : | #11 |
I too just did a fresh install in the same manner and am noticing this effect.
I did a search because it was getting annoying: eg. "$ sudo service ufw restart" resulted in "Please enter passphrase for disk ubuntu--vg-swap_1 (cryptswap1) on none! ****************"
It just didn't seem right and I'm glad to find out it is simply a bug.
Bruno Munoz (bruno-bmunoz) wrote : | #12 |
Same issue here.
Fresh ubuntu 15.04 install
choose encrypt disk (bug exist also without full disk encryption, I have also test it, same issue)
choose encrypt home dir
choose LVM
=> auth is requeted for disk encryption (normal), but after also for cryptswap
terminals command regulary prompt :
"Please enter passphrase for disk ubuntu--vg-swap_1 (cryptswap1) on none!"
annoying is that sometime, it prompt on background and "lock" the boot process, waiting to enter anything
to unlock =>hit ESC to show boot info, you can see the
"Please enter passphrase for disk ubuntu--vg-swap_1 (cryptswap1) on none!"
=> hit enter, the boot continue, and you arrive on login.
Bruno Munoz (bruno-bmunoz) wrote : | #13 |
Bruno Munoz (bruno-bmunoz) wrote : | #14 |
$ ls -lR /dev/mapper/
/dev/mapper/:
total 0
crw------- 1 root root 10, 236 mai 27 07:44 control
lrwxrwxrwx 1 root root 7 mai 27 07:44 sda5_crypt -> ../dm-0
lrwxrwxrwx 1 root root 7 mai 27 07:44 ubuntu--vg-root -> ../dm-1
lrwxrwxrwx 1 root root 7 mai 27 07:44 ubuntu--vg-swap_1 -> ../dm-2
Bruno Munoz (bruno-bmunoz) wrote : | #15 |
the important part in journal:
mai 27 07:44:51 user-VirtualBox systemd[1]: Starting Cryptography Setup for sda5_crypt...
mai 27 07:44:51 user-VirtualBox systemd-
mai 27 07:44:51 user-VirtualBox systemd[1]: Started Cryptography Setup for sda5_crypt.
mai 27 07:44:51 user-VirtualBox systemd[1]: Found device /dev/mapper/
mai 27 07:44:51 user-VirtualBox systemd[1]: Found device /dev/disk/
mai 27 07:44:51 user-VirtualBox systemd[1]: Activating swap /dev/mapper/
mai 27 07:44:51 user-VirtualBox kernel: Adding 1572860k swap on /dev/mapper/
mai 27 07:44:51 user-VirtualBox systemd[1]: Activated swap /dev/mapper/
...
mai 27 07:44:53 user-VirtualBox systemd[1]: Starting Cryptography Setup for cryptswap1...
mai 27 07:44:53 user-VirtualBox systemd-
mai 27 07:44:53 user-VirtualBox systemd-
Bruno Munoz (bruno-bmunoz) wrote : | #16 |
$ sudo swapon -a
swapon: stat failed /dev/mapper/
summary: |
- Keeps asking for cryptswap password when booting (GPT + LVM + encrypted - home dir) + Keeps asking for cryptswap password when booting (LVM + encrypted home + dir) |
Vindicator (vindicator) wrote : Re: Keeps asking for cryptswap password when booting (LVM + encrypted home dir) | #17 |
I've been doing some testing and am finding it isn't LVM related.
I'll be doing further filesystem related tests to see what ends up working.
Failed:
UEFI, GPT, LVM, Encrypted Disk, Encrypted Home
UEFI, GPT, LVM, Encrypted Home
UEFI, GPT, Encrypted Home
Results from UEFI, GPT:
*****
lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 1.4T 0 disk
├─sda1 8:1 0 512M 0 part /boot/efi
├─sda2 8:2 0 1.4T 0 part /
└─sda3 8:3 0 7.5G 0 part [SWAP]
$ journalctl | grep swap
May 30 23:35:17 - systemd[1]: Activating swap Swap Partition...
May 30 23:35:17 - systemd[1]: Activated swap Swap Partition.
May 30 23:35:17 - kernel: Adding 7813116k swap on /dev/sda3. Priority:-1 extents:1 across:7813116k FS
May 30 23:35:18 - systemd[1]: Starting Cryptography Setup for cryptswap1...
May 30 23:35:45 - systemd[1]: <email address hidden>: main process exited, code=exited, status=1/FAILURE
May 30 23:35:45 - systemd[1]: Failed to start Cryptography Setup for cryptswap1.
May 30 23:35:45 - systemd[1]: Dependency failed for dev-mapper-
May 30 23:35:45 - systemd[1]: Dependency failed for /dev/mapper/
May 30 23:35:45 - systemd[1]: Job swap.target/start failed with result 'dependency'.
May 30 23:35:45 - systemd[1]: Job dev-mapper-
May 30 23:35:45 - systemd[1]: Job dev-mapper-
May 30 23:35:45 - systemd[1]: Unit <email address hidden> entered failed state.
May 30 23:35:45 - systemd[1]: <email address hidden> failed.
May 30 23:35:46 - systemd[1]: Starting Cryptography Setup for cryptswap1...
$ swapon -s
Filename Type Size Used Priority
/dev/sda3 partition 7813116 0 -1
*****
Next I'm going to switch the 1.5TB to MBR instead of GPT and incrementally add options back in.
Vindicator (vindicator) wrote : | #18 |
Yuck, that's not working well at all.
Seems the installer wants to make the disk GPT.
To even change it to MBR, I'd have to "zap" the GPT info and reboot. Without zapping, using fdisk to change it to MSDOS, rebooting, and it would revert back to GPT with all of the partitions.
Then after zapping, setting up the partitions, selecting the custom install, GRUB-2 ends up popping up on reboot instead of going into Ubuntu, and I'm not familiar enough with GRUB to set it up from the shell.
So, knowing it DID install under MBR, I went back to reinstall and let the installer set it up in it's own way, hoping it would still use MBR... nope, it switched it to GPT.
I had looked at Ubuntu on a VM years back and thought it unfriendly, as well as a few other dists, but figured by now it would have been clean. Boy am I mistaken.
Vindicator (vindicator) wrote : | #19 |
Mmmm, ya, forget about MBR. Just wasn't going to get it without a good bit of effort I think.
Also noticed that I kept having to reboot because LiveCD was using the sda swap partition. Once I swapoff, I wouldn't have to reboot.
So going back to a fresh install with UEFI, GPT, LVM, Encrypted Drive and Home, I thought I'd post the pertinent journalctl output containing references to swap since I didn't see it already posted:
*****
$ journalctl | grep swap
May 31 03:46:40 ubuntu os-prober[7441]: debug: running /usr/lib/
May 31 03:46:40 ubuntu 50mounted-
May 31 03:46:40 ubuntu ubiquity[2983]: Device /dev/mapper/
May 31 03:47:21 ubuntu partman-lvm[8261]: Logical volume "swap_1" successfully removed
May 31 03:47:32 ubuntu partman-lvm[11536]: Logical volume "swap_1" created
May 31 03:47:58 ubuntu kernel: Adding 7815164k swap on /dev/mapper/
May 31 03:48:15 ubuntu ubiquity[16198]: INFO: Setting up swap: [/dev/dm-2]
May 31 03:48:15 ubuntu ubiquity[16198]: INFO: Successfully encrypted swap!
May 31 03:51:28 ubuntu ubiquity[15362]: * cryptswap1 (starting)..
May 31 03:51:34 ubuntu ubiquity[15362]: * cryptswap1 (started)...
May 31 03:51:34 ubuntu kernel: Adding 7814652k swap on /dev/mapper/
May 31 03:53:30 ubuntu ubiquity[20109]: cryptsetup: WARNING: target cryptswap1 has a random key, skipped
May 31 03:54:28 ubuntu os-prober[31264]: debug: running /usr/lib/
May 31 03:54:28 ubuntu 50mounted-
May 31 03:54:38 ubuntu os-prober[32462]: debug: running /usr/lib/
May 31 03:54:38 ubuntu 50mounted-
May 31 03:56:33 ubuntu ubiquity[16452]: cryptsetup: WARNING: target cryptswap1 has a random key, skipped
*****
tags: | added: systemd-boot |
Martin Pitt (pitti) wrote : | #20 |
@danny: thanks, so this confirms the issue. Please either drop /etc/crypttab if you want to keep the unencrypted swap, or drop /dev/mapper/
summary: |
- Keeps asking for cryptswap password when booting (LVM + encrypted home - dir) + Keeps asking for cryptswap password with using the same swap partition + encrypted and unencrypted |
Martin Pitt (pitti) wrote : Re: Keeps asking for cryptswap password with using the same swap partition encrypted and unencrypted | #21 |
Bruno's situation is very similar:
blkid:
/dev/mapper/
fstab:
/dev/mapper/
/dev/mapper/
crypttab:
cryptswap1 UUID=f636d7ef-
This just simply can't work.
Martin Pitt (pitti) wrote : | #22 |
I can reproduce this with comment 9. So the ecryptfs-setup-swap script fails to disable the original unencrypted swap, and it also needs to add offset= to avoid bug 953875 again. Right now we use unencrypted swap in this scenario, which isn't intended, and get this annoying effect.
Changed in ecryptfs-utils (Ubuntu): | |
importance: | Undecided → High |
status: | Confirmed → Triaged |
description: | updated |
information type: | Public → Public Security |
summary: |
- Keeps asking for cryptswap password with using the same swap partition - encrypted and unencrypted + installer in LVM mode sets up broken encrypted swap, using duplicate + unencrypted swap |
affects: | systemd → ecryptfs |
Changed in ecryptfs-utils (Ubuntu Wily): | |
milestone: | none → ubuntu-15.07 |
Changed in ecryptfs-utils (Ubuntu Trusty): | |
milestone: | none → ubuntu-14.04.3 |
importance: | Undecided → High |
Changed in ecryptfs-utils (Ubuntu Utopic): | |
importance: | Undecided → High |
Changed in ecryptfs-utils (Ubuntu Vivid): | |
importance: | Undecided → High |
Changed in ecryptfs-utils (Ubuntu Trusty): | |
status: | New → Triaged |
Changed in ecryptfs-utils (Ubuntu Utopic): | |
status: | New → Triaged |
Changed in ecryptfs-utils (Ubuntu Vivid): | |
status: | New → Triaged |
Martin Pitt (pitti) wrote : | #23 |
We need to fix existing stables at least, including trusty. Even though upstart doesn't give you a hint/error about the broken swap configuration, we are still using unencrypted swap there unintentionally. For an SRU we need to extend our horrible ecryptfs postinst hack to detect this situation, apply the "offset=" to crypttab, and comment out the unencrypted swap from /etc/fstab.
Given that we have shipped broken swap partitions in pretty much every scenario with ecryptfs (bug 953875, this bug, and to a lesser degree bug 1447282), and static swap partitions are also inflexible and unnecessary on most modern hardware, we should also consider (for wily and later) to entirely stop configuring them, and consider other solutions like "swapspace".
Dustin Kirkland (kirkland) wrote : | #24 |
Please, please, please disable swap entirely on Ubuntu (wily) or later, and instruct people to 'sudo apt-get install swapspace' if they simply can't live without swap.
I confirm symptoms using fresh install of curernt Ubuntu 15.04 desktop amd64 .iso installed using VirtualBox VMDK.
When I open a terminal and do "sudo apt-get update && sudo apt-get upgrade", then apt runs as expected, but it prompts for the swap password many times.
Daniel Convissor (convissor) wrote : | #26 |
Confirming problem and fix.
Installed Ubuntu 15.04 desktop amd64 from standard ISO downloaded about a week ago. Chose to encrypt whole drive and encrypt home directory. When running apt-get upgrade, was getting asked for the crypt drive password over and over.
Commented out the /dev/mapper/
A scripted way to comment out the offending fstab line is part of my Ubuntu install script at https:/
Eric Phetteplace (ericp-l) wrote : | #27 |
This is fixed on my machine. Thanks for your help!
Martin Pitt (pitti) wrote : | #28 |
Notes for myself, please ignore.
This resets what ecryptfs-setup-swap does and re-runs it, for testing a fixed version:
sudo sed -i '/cryptswap/d' /etc/fstab /etc/crypttab && sudo sh -ex /usr/bin/
The problem is in the loop that tries to comment out existing swap from /etc/fstab: It only checks for UUID= and the resolved name like /dev/dm-1, but it does not take any symlinks like "/dev/mapper/
This can be fixed with
--- /usr/bin/
+++ ecryptfs-setup-swap 2015-07-09 08:51:38.554860202 +0200
@@ -149,7 +149,9 @@
for swap in $swaps; do
info `gettext "Setting up swap:"` "[$swap]"
uuid=$(blkid -o value -s UUID $swap)
- for target in "UUID=$uuid" $swap; do
+ # /etc/fstab might use a symlink like /dev/mapper/
+ links=$(for d in $(udevadm info --query=symlink -n /dev/dm-1); do echo /dev/$d; done)
+ for target in "UUID=$uuid" $swap $links; do
if [ -n "$target" ] && grep -qs "^$target\s\+" /etc/fstab; then
sed -i "s:^$target\
warn "Commented out your unencrypted swap from /etc/fstab"
This then produces
---- fstab ---
#/dev/mapper/
/dev/mapper/
--- crypttab ----
cryptswap1 UUID=ddec94de-
which works fine:
lrwxrwxrwx 1 root root 7 Jul 9 08:55 /dev/mapper/
$ sudo swapon -s
Filename Type Size Used Priority
/dev/dm-2 partition 2096636 0 -1
Now we need to clean this up on upgrades. The trick there is to avoid reintroducing bug 953875, from installations which don't have the "offset=" in crypttab.
Changed in ecryptfs-utils (Ubuntu Wily): | |
status: | Triaged → In Progress |
assignee: | nobody → Martin Pitt (pitti) |
Martin Pitt (pitti) wrote : | #29 |
Utopic is EOL in two weeks, let's not bother.
Changed in ecryptfs-utils (Ubuntu Utopic): | |
status: | Triaged → Won't Fix |
Martin Pitt (pitti) wrote : | #30 |
I just did an LVM+ecryptfs installation on trusty, and it turns out that the even bigger breakage of bug 953875 trumps this bug -- i. e. in trusty you have a wiped /dev/mapper/
Changed in ecryptfs-utils (Ubuntu Trusty): | |
importance: | High → Medium |
description: | updated |
Martin Pitt (pitti) wrote : | #31 |
Wily fix uploaded.
Changed in ecryptfs-utils (Ubuntu Wily): | |
status: | In Progress → Fix Committed |
Martin Pitt (pitti) wrote : | #32 |
This is the debdiff for vivid which I just uploaded. I verified that it repairs /etc/fstab and leads to a correctly booting system with encrypted swap for a vivid LVM+ecryptfs installation. It also behaves sufficiently correctly for an upgrade where the swap partition has been wiped by ubiquity from bug 953875.
Changed in ecryptfs-utils (Ubuntu Vivid): | |
status: | Triaged → In Progress |
description: | updated |
tags: | added: patch |
Launchpad Janitor (janitor) wrote : | #33 |
This bug was fixed in the package ecryptfs-utils - 107-0ubuntu3
---------------
ecryptfs-utils (107-0ubuntu3) wily; urgency=medium
* Rename libecryptfs0 to libecryptfs1 and adjust the packaging. It has
actually shipped libecryptfs.so.1 since at least trusty. Add
C/R/P: libecryptfs0 for smoother upgrades, this needs to be kept until
after 16.04 LTS.
ecryptfs-utils (107-0ubuntu2) wily; urgency=medium
* Add setup-swap-
consider device symlinks like /dev/mapper/
/dev/
manual setups. (LP: #1453738)
* debian/
unencrypted swap partitions that are referred to by a device link when
crypttab and fstab have a "cryptswap*" device referring to them.
-- Martin Pitt <email address hidden> Thu, 09 Jul 2015 12:20:47 +0200
Changed in ecryptfs-utils (Ubuntu Wily): | |
status: | Fix Committed → Fix Released |
Hello Denny, or anyone else affected,
Accepted ecryptfs-utils into vivid-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-
Further information regarding the verification process can be found at https:/
Changed in ecryptfs-utils (Ubuntu Vivid): | |
status: | In Progress → Fix Committed |
tags: | added: verification-needed |
Vindicator (vindicator) wrote : | #35 |
How does one test this when it happens during installation? Does the 15.04 installer ISO get updated? Can we specify the Live Installer flash drive to apply the package via "dpkg" or "apt-get"?
Martin Pitt (pitti) wrote : | #36 |
For the SRU the step that should be tested most is upgrading an existing broken install. That should fix up /etc/fstab. I'm not sure how to teach the installers "install updates" option to also install from -proposed.
Tobias Birkefeld (whine) wrote : | #37 |
Tested the fix by upgrading an exisiting broken install. All good. Following message was shown:
Disabling unencrypted swap device /dev/mapper/
/etc/fstab was fixed.
tags: |
added: verification-done removed: verification-needed |
Tobias Birkefeld (whine) wrote : | #38 |
sorry, forgot some infos:
tested package ecryptfs-utils version 107-0ubuntu1.2
updated from ecryptfs-utils version 107-0ubuntu1.1
Bruno Munoz (bruno-bmunoz) wrote : | #39 |
# sudo apt-get install ecryptfs-
Reading package lists... Done
Building dependency tree
Reading state information... Done
Selected version '107-0ubuntu1.2' (Ubuntu:
Suggested packages:
opencryptoki zescrow-client
The following packages will be upgraded:
ecryptfs-utils
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/105 kB of archives.
After this operation, 4 096 B of additional disk space will be used.
(Reading database ... 271391 files and directories currently installed.)
Preparing to unpack .../ecryptfs-
Unpacking ecryptfs-utils (107-0ubuntu1.2) over (107-0ubuntu1.1) ...
Processing triggers for man-db (2.7.0.2-5) ...
Setting up ecryptfs-utils (107-0ubuntu1.2) ...
Disabling unencrypted swap device /dev/mapper/
=> entry has been removed from fstab
confirmed fix is ok
Launchpad Janitor (janitor) wrote : | #40 |
This bug was fixed in the package ecryptfs-utils - 107-0ubuntu1.2
---------------
ecryptfs-utils (107-0ubuntu1.2) vivid-proposed; urgency=medium
* Add setup-swap-
consider device symlinks like /dev/mapper/
/dev/
manual setups. (LP: #1453738)
* debian/
unencrypted swap partitions that are referred to by a device link when
crypttab and fstab have a "cryptswap*" device referring to them.
-- Martin Pitt <email address hidden> Thu, 09 Jul 2015 09:04:27 +0200
Changed in ecryptfs-utils (Ubuntu Vivid): | |
status: | Fix Committed → Fix Released |
Adam Conrad (adconrad) wrote : Update Released | #41 |
The verification of the Stable Release Update for ecryptfs-utils has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.
Gabriel Devenyi (ace-staticwave) wrote : | #42 |
Still broken on 15.04 GPT + encrypted home directory install.
Changed in ecryptfs-utils (Ubuntu Wily): | |
milestone: | ubuntu-15.07 → none |
Changed in ecryptfs-utils (Ubuntu Trusty): | |
milestone: | ubuntu-14.04.3 → ubuntu-14.04.4 |
Changed in ecryptfs-utils (Ubuntu Vivid): | |
milestone: | none → vivid-updates |
Bob Merhebi (bobmerhebi) wrote : | #43 |
Will this be fixed for 14.04?
CrazySky (makarovdenis11) wrote : | #44 |
Yea, when will be on 14.04?
Vincenzoml (vincenzoml) wrote : | #45 |
This bug is showing up again in 16.04.
Also showing for me in Ubuntu 16.06, in boot and update terminal
Martin Pitt (pitti) wrote : | #47 |
@Alexander: Please file a new bug report for 16.04, including your /etc/fstab, /etc/crypttab, and the output of "sudo blkid".
Jeremy Lansman (jeremy-lansman) wrote : | #48 |
I have had this for a long long while
So I will post here ...
**********
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
# / was on /dev/sda9 during installation
UUID=9516cab7-
# /boot was on /dev/sda8 during installation
UUID=52680116-
# /boot/efi was on /dev/sda1 during installation
UUID=DE4E-245D /boot/efi vfat umask=0077 0 1
# swap was on /dev/sda10 during installation
# uncomment below per askubuntu 616663?
#UUID=89d05b04-
*******
cryptswap1 UUID=89d05b04-
******
/dev/sda1: LABEL="SYSTEM_DRV" UUID="DE4E-245D" TYPE="vfat" PARTLABEL="EFI system partition" PARTUUID=
/dev/sda2: PARTLABEL=
/dev/sda3: LABEL="Windows" UUID="CCD45187D
/dev/sda4: LABEL="LENOVO" UUID="225C0D1F5
/dev/sda5: LABEL="WINRE_DRV" UUID="988E5EF48
/dev/sda6: LABEL="LENOVO_PART" UUID="22E662F4E
/dev/sda7: LABEL="LRS_ESP" UUID="1065-1475" TYPE="vfat" PARTLABEL="Basic data partition" PARTUUID=
/dev/sda8: UUID="52680116-
/dev/sda9: UUID="9516cab7-
/dev/sda10: UUID="89d05b04-
Vincenzoml (vincenzoml) wrote : | #49 |
I have this same bug in xenial. I see a line
/dev/mapper/
in /etc/fstab
I commented that line but I do not understand how to fix the issue and have a properly set-up encrypted swap.
Vincenzoml (vincenzoml) wrote : | #50 |
I forgot to mention that in /etc/crypttab I have
cryptswap1 UUID=405a067e-
Simao (xdvs23) wrote : | #51 |
I fixed/workarounded this by removing the cryptswap line from /etc/crypttab and instead adding swap to /etc/fstab (non-encrypted). Then I rebooted and the password prompt didn't come up anymore. This only started to come after I had some booting problems because I messed it up so I had to use boot-repair to get it to work somehow and fix the rest myself.
This might be considered unsafe, but it works for me and should be suitable for my needs.
OK, so you actually have one unencrypted swap partition on an LVM LV: ubuntu- -vg-swap_ 1: UUID="bfa46f63- 6942-4d4b- b1ce-b7c3df4f38 18" TYPE="swap"
/dev/mapper/
and your /etc/fstab configures just that. But your crypttab configures an encrypted swap device which isn't in fstab:
cryptswap1 /dev/dm-1 /dev/urandom swap,cipher= aes-cbc- essiv:sha256
That's presumably what's causing the password prompt. Let's check which LV dm-1 actually is, can you please get me the output of "ls -lR /dev/mapper"? I am 95% sure it's /dev/mapper/ ubuntu- -vg-swap_ 1 and thus this swap partition is used as *both* an encrypted and unencrypted one, and the former fails because of the latter:
mei 11 07:32:36 Denny-HP systemd- cryptsetup[ 748]: Set cipher aes, mode cbc-essiv:sha256, key size 256 bits for device /dev/dm-1. cryptsetup[ 748]: Failed to activate with key file '/dev/urandom': Device or resource busy
mei 11 07:32:36 Denny-HP systemd-
So this looks like an LVM variant of bug 953875, not of bug 1447282; this looks independent of GPT.
Thanks!