You are not logged in.
- Topics: Active | Unanswered
#1 2014-02-09 13:20:34
- midixinga
- Member
- Registered: 2014-01-18
- Posts: 193
[Solved] encryption of swap with cryptsetup doesn't work
Hi,
I reinstalled my because of new hardware with EFI and GPT, and now I can't get work my swap partition encrypted.
/etc/cryptsetup:
cryptswap /dev/sda1 /dev/urandom swapAlso with more options (key-length, etc) doesn't change the behavior.
/etc/fstab:
ABEL=system / ext4 rw,relatime,data=ordered 0 1
/dev/sda128 /boot vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro 0 2
/dev/mapper/cryptswap none swap sw 0 0I tried also without any swap-entry in the /etc/fstab, because my pam_mounted LUKS-encrypted Partitions are working well, without a fstab-entry
Here is the journald-output that might be relevant:
Feb 09 01:25:41 dixi-arch systemd[1]: Found device Hitachi_HDP725025GLA380.
Feb 09 01:25:41 dixi-arch systemd[1]: Activating swap /dev/sda1...
Feb 09 01:25:41 dixi-arch systemd[1]: Starting Cryptography Setup for cryptswap...
Feb 09 01:25:41 dixi-arch kernel: tda829x 0-004b: type set to tda8290+75a
Feb 09 01:25:41 dixi-arch systemd[1]: Activated swap /dev/sda1.
Feb 09 01:25:41 dixi-arch kernel: Adding 2097148k swap on /dev/sda1. Priority:-1 extents:1 across:2097148k FS
...
Feb 09 01:25:42 dixi-arch kernel: device-mapper: uevent: version 1.0.3
Feb 09 01:25:42 dixi-arch kernel: device-mapper: ioctl: 4.26.0-ioctl (2013-08-15) initialised: dm-devel@redhat.com
Feb 09 01:25:42 dixi-arch systemd-cryptsetup[251]: Set cipher aes, mode cbc-essiv:sha256, key size 256 bits for device /dev/sda1.
Feb 09 01:25:42 dixi-arch systemd-cryptsetup[251]: Failed to activate with key file '/dev/urandom': Device or resource busy
...
Feb 09 01:26:16 dixi-arch systemd-cryptsetup[251]: Loading of cryptographic parameters failed: Invalid argument
Feb 09 01:26:16 dixi-arch systemd-cryptsetup[251]: Failed to activate: Invalid argument
Feb 09 01:26:16 dixi-arch systemd[1]: systemd-cryptsetup@cryptswap.service: main process exited, code=exited, status=1/FAILURE
Feb 09 01:26:16 dixi-arch systemd[1]: Failed to start Cryptography Setup for cryptswap.
Feb 09 01:26:16 dixi-arch systemd[1]: Dependency failed for Encrypted Volumes.
Feb 09 01:26:16 dixi-arch systemd[1]: Dependency failed for dev-mapper-cryptswap.device.
Feb 09 01:26:16 dixi-arch systemd[1]: Dependency failed for /dev/mapper/cryptswap.
Feb 09 01:26:16 dixi-arch systemd[1]: Dependency failed for Swap.
Feb 09 01:26:16 dixi-arch systemd[1]: Unit systemd-cryptsetup@cryptswap.service entered failed state.
Feb 09 01:26:16 dixi-arch systemd[1]: Starting System Initialization.
...
Feb 09 01:26:35 dixi-arch systemd-cryptsetup[602]: Key file /dev/urandom is world-readable. This is not a good idea!
Feb 09 01:26:35 dixi-arch systemd-cryptsetup[602]: Set cipher aes, mode cbc-essiv:sha256, key size 256 bits for device /dev/sda1.
Feb 09 01:26:35 dixi-arch systemd-cryptsetup[602]: Failed to activate with key file '/dev/urandom': Device or resource busyDuring the boot sequence the PC stops working and I have to press enter to keep going. Finally i have these errors and a non-encrypted Swap-Device.
blkid:
/dev/sda1: LABEL="swap" UUID="6013541f-7809-4b5f-9702-e630e25fd144" TYPE="swap" PARTLABEL="Linux swap" PARTUUID="9849ee0b-e0d7-4d28-866c-fb7d0134a182"
/dev/sda2: LABEL="system" UUID="4bf8a95c-bf43-4980-92dd-b0eb6dc07093" TYPE="ext4" PARTLABEL="Linux filesystem" PARTUUID="6fc2bd3d-7241-4a88-8137-9985a333e3de"
/dev/sda3: UUID="445eba44-3536-4b99-a0a6-e3629cf90654" TYPE="crypto_LUKS" PARTLABEL="Linux filesystem" PARTUUID="6b84a546-9873-496c-a7e1-721824023d07"
/dev/sda4: UUID="466b5d04-7b81-4914-b5af-7e2426b801bf" TYPE="crypto_LUKS" PARTLABEL="Linux filesystem" PARTUUID="dfdf5217-7028-4a10-ae18-3a63450c3231"
/dev/sda128: UUID="9D36-7245" TYPE="vfat" PARTLABEL="EFI System" PARTUUID="9df97a9a-3f5e-487b-a3d1-60825031b537"
/dev/mapper/_dev_sda3: LABEL="dixi-home" UUID="23548045-1c6f-4640-8c62-0f3c48c05f38" TYPE="ext4"
/dev/mapper/_dev_sda4: LABEL="backup" UUID="cbed9ef3-db0b-4750-bf6c-8c42a67ad080" TYPE="ext4"and theres is no /dev/mapper/cryptswab, what I had expexted
swapon:
NAME TYPE SIZE USED PRIO
/dev/sda1 partition 2G 0B -1fdisk -l:
Gerät Start Ende Größe Typ
/dev/sda1 2048 4196351 2G Linux swap
/dev/sda2 4196352 109053951 50G Linux filesystem
/dev/sda3 109053952 381683711 130G Linux filesystem
/dev/sda4 381683712 486299982 49,9G Linux filesystem
/dev/sda128 486301696 488397134 1023,2M EFI SystemThere are some Bug-Reports for fedora, I don't understand, but maybe the problem is, that cryptsetup can't read /dev/urandom.
But this works with my old mbr-partition; therefore I hope for a configuration error
Thanks
Last edited by midixinga (2014-02-09 23:46:06)
Offline
#2 2014-02-09 15:07:43
- falconindy
- Developer
- From: New York, USA
- Registered: 2009-10-22
- Posts: 4,111
- Website
Re: [Solved] encryption of swap with cryptsetup doesn't work
Looks to me like /dev/sda1 is already a swap device. Since the underlying disk is GPT formatted, systemd finds this and activates it. Your logs and swapon show exactly this.
Feb 09 01:25:41 dixi-arch systemd[1]: Activating swap /dev/sda1...So, of course, systemd-cryptsetup is going to fail when it tries to encrypt a device which is already in use. Get rid of the swap signature on /dev/sda1.
Offline
#3 2014-02-09 16:25:56
- midixinga
- Member
- Registered: 2014-01-18
- Posts: 193
Re: [Solved] encryption of swap with cryptsetup doesn't work
Looks to me like /dev/sda1 is already a swap device. Since the underlying disk is GPT formatted, systemd finds this and activates it. Your logs and swapon show exactly this.
Feb 09 01:25:41 dixi-arch systemd[1]: Activating swap /dev/sda1...So, of course, systemd-cryptsetup is going to fail when it tries to encrypt a device which is already in use. Get rid of the swap signature on /dev/sda1.
Wow, thank you very much !
I formatted the partition /dev/sda1 with gparted as "deleted", it's now code 0700 in gdisk
fdisk -l
Disk /dev/sda: 232.9 GiB, 250059350016 bytes, 488397168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 27980DF8-22E1-4F25-9388-711D1EDE11A9
Device Start End Size Type
/dev/sda1 2048 4196351 2G Microsoft basic data
/dev/sda2 4196352 109053951 50G Linux filesystem
/dev/sda3 109053952 381683711 130G Linux filesystem
/dev/sda4 381683712 486299982 49.9G Linux filesystem
/dev/sda128 486301696 488397134 1023.2M EFI System
Disk /dev/mapper/cryptswap: 2 GiB, 2147483648 bytes, 4194304 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytesswapon -s
Filename Type Size Used Priority
/dev/dm-0 partition 2097148 0 -1journalctl:
Feb 09 16:54:09 dixi-arch systemd[1]: Starting Cryptography Setup for cryptswap...
...
Feb 09 16:54:09 dixi-arch systemd-cryptsetup[271]: Key file /dev/urandom is world-readable. This is not a good idea!
...
Feb 09 16:54:09 dixi-arch systemd-cryptsetup[271]: Set cipher aes, mode cbc-essiv:sha256, key size 256 bits for device /dev/sda1.
...
Feb 09 16:54:10 dixi-arch systemd[1]: Started Cryptography Setup for cryptswap.
Feb 09 16:54:10 dixi-arch systemd[1]: Starting Encrypted Volumes.
Feb 09 16:54:10 dixi-arch systemd[1]: Reached target Encrypted Volumes.
Feb 09 16:54:10 dixi-arch systemd[1]: Found device /dev/mapper/cryptswap.
Feb 09 16:54:10 dixi-arch systemd[1]: Activating swap /dev/mapper/cryptswap...
Feb 09 16:54:10 dixi-arch systemd[1]: Activated swap /dev/mapper/cryptswap.
Feb 09 16:54:10 dixi-arch systemd[1]: Starting Swap.
Feb 09 16:54:10 dixi-arch systemd[1]: Reached target Swap.I think everything is fine now
Thanks again
Offline