[SOLVED] Cannot access my encrypted system

vaccaaa · 2011-11-08 17:48:13

Here is my encryption schema:
/sda1 mounted as /boot (not encrypted)
/sda2 encrypted, containing /root /home and swap in LVM

With the lastest updates, the result is that when at boot I try to insert my cryptsetup password, it is never recognized as a good one.
It simply checks the password and after a while pops out:

No key available with this passphrase
Enter passphrase for /dev/sda2:

again... No errors are listed during preboot...
First I thought that there was a failure in encryption, but with a live ubuntu I could easily decrypt everything...

So I chrooted and reinstalled the old cryptsetup (1.3...), but the result is the same...!

The question is: what other update do you think could be the reason of this strange behavior??

Thanks for your help guys!!

EDIT: please notice that is NOT an issue like the one listed a few threads ago (https://bbs.archlinux.org/viewtopic.php?id=129902) My system is a 32 bits and my repos have NOT testing packages (still kernel 3.0.7...)
I tried to downgrade (after downgrading cryptsetup, and of course regenerating boot image) even mkinitcpio and udev, with no luck
I even tried to check if there was some keymap issue, but the right one is loaded (italian, in my case....)

EDIT 2: I tried to execute cryptsetup command in ramfs environment...It comes out when the boot does not go properly, and the environment is the one inside the boot image... The result is the same, even loading every possible module....

Please, HELP I have no idea of what could cause this problem

Last edited by vaccaaa (2011-11-09 11:43:57)

brain0 · 2011-11-09 00:39:19

This might be a problem with the keyboard layout, try typing your passphrase in US layout. Otherwise, no idea.

/dev/zero · 2011-11-09 00:49:14

Hi Vaccaaa,

Can you please provide your grub.cfg menuentry and your mkinitcpio?

Also, I seem to recall running into problems with both LVM over LUKS and LUKS over LVM; amongst the numerous problems I encountered, yours sounds familiar. Having an extra layer with LVM over LUKS over LVM did the trick for me. Apparently, this is considered a bit weird, but I don't care :-)

vaccaaa · 2011-11-09 10:37:42

I tried to provide another password in a live system (in a second key slot...) that was extremely tied to italian layout (to be sure that the problem wasn't related to keyboard layout...) an incredibly it worked, I could decrypt with that key...!
Now, the problem could be:
1- my original key is damaged (but it can't be, I had to decrypt with that key in a live system to add the second key)
2- some kind of weird issue related to how a character is coded from the keyboard... I explain this idea: could it be that a change, for example from keyboard layout "utf8" to "iso8859-1", or even a little unwanted change in "iso8859-1", could modify how an "ò" is coded? (for example, from 0010001010 to 1101011010??)
3- if the second, what package and what change could be the cause of this all? I wonder if this:
http://www.archlinux.org/news/initscrip … -required/
could be the cause.... Maybe, the locales are a little bit different for some characters...

Thanks everybody!!

Last edited by vaccaaa (2011-11-09 10:51:03)

vaccaaa · 2011-11-09 10:49:20

By the way, here are mkinitcpio and menu.cfg... They always worked, I didn't modify them (at least, I think... Maybe some weird package did.......) , but if you find something useful it's well accepted

/etc/mkinitcpio.conf
# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run.  Advanced users may wish to specify all system modules
# in this array.  For instance:
#     MODULES="piix ide_disk reiserfs"
MODULES=""

# BINARIES
# This setting includes any additional binaries a given user may
# wish into the CPIO image.  This is run first, so it may be used to
# override the actual binaries used in a given hook.
# (Existing files are NOT overwritten if already added)
# BINARIES are dependency parsed, so you may safely ignore libraries
BINARIES=""

# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in any way.  This is useful for config files.
# Some users may wish to include modprobe.conf for custom module options
# like so:
#    FILES="/etc/modprobe.d/modprobe.conf"
FILES=""

# HOOKS
# This is the most important setting in this file.  The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added.  Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
##   This setup specifies all modules in the MODULES setting above.
##   No raid, lvm2, or encrypted root is needed.
#    HOOKS="base"
#
##   This setup will autodetect all modules for your system and should
##   work as a sane default
#    HOOKS="base udev autodetect pata scsi sata filesystems"
#
##   This is identical to the above, except the old ide subsystem is
##   used for IDE devices instead of the new pata subsystem.
#    HOOKS="base udev autodetect ide scsi sata filesystems"
#
##   This setup will generate a 'full' image which supports most systems.
##   No autodetection is done.
#    HOOKS="base udev pata scsi sata usb filesystems"
#
##   This setup assembles a pata mdadm array with an encrypted root FS.
##   Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
#    HOOKS="base udev pata mdadm encrypt filesystems"
#
##   This setup loads an lvm2 volume group on a usb device.
#    HOOKS="base udev usb lvm2 filesystems usbinput"
HOOKS="base udev autodetect pata scsi sata keymap encrypt lvm2 filesystems"

# COMPRESSION
# Use this to compress the initramfs image. With kernels earlier than
# 2.6.30, only gzip is supported, which is also the default. Newer kernels
# support gzip, bzip2 and lzma. Kernels 2.6.38 and later support xz
# compression.
COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
#COMPRESSION="xz"
#COMPRESSION="lzop"

# COMPRESSION_OPTIONS
# Additional options for the compressor
#COMPRESSION_OPTIONS=""

# Config file for GRUB - The GNU GRand Unified Bootloader
# /boot/grub/menu.lst

# DEVICE NAME CONVERSIONS 
#
#  Linux           Grub
# -------------------------
#  /dev/fd0        (fd0)
#  /dev/sda        (hd0)
#  /dev/sdb2       (hd1,1)
#  /dev/sda3       (hd0,2)
#

#  FRAMEBUFFER RESOLUTION SETTINGS
#     +-------------------------------------------------+
#          | 640x480    800x600    1024x768   1280x1024
#      ----+--------------------------------------------
#      256 | 0x301=769  0x303=771  0x305=773   0x307=775
#      32K | 0x310=784  0x313=787  0x316=790   0x319=793
#      64K | 0x311=785  0x314=788  0x317=791   0x31A=794
#      16M | 0x312=786  0x315=789  0x318=792   0x31B=795
#     +-------------------------------------------------+
#  for more details and different resolutions see
#  https://wiki.archlinux.org/index.php/GRUB#Framebuffer_resolution 

# general configuration:
timeout   5
default   0
color light-blue/black light-cyan/blue

# boot sections follow
# each is implicitly numbered from 0 in the order of appearance below
#
# TIP: If you want a 1024x768 framebuffer, add "vga=773" to your kernel line.
#
#-*

# (0) Arch Linux
title  Arch Linux
root   (hd0,0)
kernel /vmlinuz-linux root=/dev/mapper/xps-root cryptdevice=/dev/sda2:xps ro vga=864
initrd /initramfs-linux.img

# (1) Arch Linux
title  Arch Linux Fallback
root   (hd0,0)
kernel /vmlinuz-linux root=/dev/mapper/xps-root cryptdevice=/dev/sda2:xps ro vga=864
initrd /initramfs-linux-fallback.img

# (2) Arch Linux
title  Arch Linux Fallback 26
root   (hd0,0)
kernel /vmlinuz26 root=/dev/mapper/xps-root ro vga=864
initrd /kernel26-fallback.img

THANK YOU VERY MUCH!!!

Last edited by vaccaaa (2011-11-09 10:49:52)

vaccaaa · 2011-11-09 11:43:29

SOLVED SOLVED SOLVED HOORAY!!!!!
Regenerating the locales worked as a perfect solution... How naive not to try this at first.... XD

Please move this thread to some other place, as this is not related (at least, i think...) to update issues.
I'll add SOLVED tag!

Again, thanks everybody for helping me!!

Last edited by vaccaaa (2011-11-09 11:43:39)

Arch Linux

#1 2011-11-08 17:48:13

[SOLVED] Cannot access my encrypted system

#2 2011-11-09 00:39:19

Re: [SOLVED] Cannot access my encrypted system

#3 2011-11-09 00:49:14

Re: [SOLVED] Cannot access my encrypted system

#4 2011-11-09 10:37:42

Re: [SOLVED] Cannot access my encrypted system

#5 2011-11-09 10:49:20

Re: [SOLVED] Cannot access my encrypted system

#6 2011-11-09 11:43:29

Re: [SOLVED] Cannot access my encrypted system

Board footer