You are not logged in.
Hello,
I am not really sure if this falls under the newbie category but I need some help troubleshooting this problem as I am rather stuck. Thank you for bearing with me in advance.
I am running Archlinux on my laptop and I use LUKS encryption as described in this post I made a few years ago.
It's basically a LUKS encrypted filesystem with an extra step of having yet another LUKS encrypted key in a USB stick. At boot there is a custom initramfs hook that reads the USB stick, prompts you for the password to unlock it and then uses the unlocked key as the key to the actual encrypted root filesystem. It's all described in the blog post.
The hook consists of /usr/lib/initcpio/install/lefcrypt:
#!/bin/bash
build() {
# Copied from the encrypt hook install script
local mod
add_module loop
add_module dm-crypt
if [[ $CRYPTO_MODULES ]]; then
for mod in $CRYPTO_MODULES; do
add_module "$mod"
done
else
add_all_modules '/crypto/'
fi
add_binary "cryptsetup"
add_binary "dmsetup"
add_file "/usr/lib/udev/rules.d/10-dm.rules"
add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
add_runscript
}
help() {
cat <<HELPEOF
This is our custom hook for decrypting a keyfile from a USB stick.
HELPEOF
}
and /usr/lib/initcpio/hooks/lefcrypt
run_hook() {
modprobe -a -q dm-crypt >/dev/null 2>&1
modprobe loop
[ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
cat << "EOF"
Provide the code for the USB stick:
EOF
#obtain the key
mkdir -p /mnt/usbstick
resolved=$(resolve_device /dev/disk/by-uuid/1193c881-267f-134f-123a-12b34as56357)
mount -t ext4 "$resolved" /mnt/usbstick
cryptsetup -T 5 luksOpen /mnt/usbstick/key.luks OurKey
#unlock the root partition
cryptsetup --key-file /dev/mapper/OurKey luksOpen /dev/disk/by-uuid/8197c881-160c-465c-a15c-96b59as26157 lvm
#clean up the key
cryptsetup luksClose OurKey
}
EDIT: My /etc/mkinitcpio.conf
has the following values for MODULES and HOOKS
MODULES="vfat"
HOOKS="base udev autodetect modconf block lefcrypt lvm2 filesystems keyboard fsck"
The above all used to work fine for 2+ years until this morning. Something in the latest upgrade by pacman must have changed something and botched the above process.
The error I am getting can be simply narrowed down to the USB stick not appearing in /dev/disk/by-uuid/. Somehow the init process is missing something and the USB stick is no longer recognized. Could udev
be missing? In the rescue shell that I am dropped at if I do
modprobe udev
I get the error that Module udev not found in directory /lib/module/4.18.12-arch1-1-ARCH
I can use a live USB stick and follow the hook's steps manually (since the USB stick appears in /dev/disk/by-uuid/ and then mount my decrypted root file system successfully. Then I upgrade packages and rebuilt mkinitcpio -p but the problem persists. I can confirm the initcpio was sucessfull since I tried to change the text of the prompt for the USB stick and it does indeed change.
Any ideas what I am missing? Any pointers? All help will be really appreciated.
Last edited by lefteris (2018-10-09 13:39:41)
Offline
The kernel now comes with some builtin usb modules, and mkinitcpio doesn't like that yet. You can add usb_storage to your modules array and it will probably work again. Using the fallback image should work as well.
https://bugs.archlinux.org/task/60272
Last edited by progandy (2018-10-09 13:36:29)
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
Hey progandy. That is indeed the right solution! Thank you so much. It works again.
Small question: The bug you link also mentions the "uas" module. I did not add it and it still works. Is it a good to have or should I just ignore it.
Offline
No idea.
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline