You are not logged in.

Pages: 1

#1 2021-09-04 18:16:11

Weg
Member
Registered: 2021-09-04
Posts: 3

Failed to open key files with encrypted swap during booting and resume

Hello,

I am sorry twice : at first for my English as it is not my native language, and secondly because of a small infringement to the forum rules: I am under Manjaro and not Arch linux. But as I couldn't find help on Manjaro's forum, I hoped people might be more “technical” here.

I installed Manjaro with /, /boot, and a 8Go swap on a SSD, and /home on a separate HD. My ram is 4Go.

The symptoms :
* When I what to resume from hibernation, the computer just reboot to a virgin session;
* When I boot or try to resume, I have a terminal with two lines after the grub menu:

Failed to open key files.
ERROR: resume: hibernation device ’dev/mapper/luks-fcec610d[…]

* The swap seems to work once booted.

The clues :

                                                      
# /etc/crypttab: mappings for encrypted partitions.
#
# Each mapped device will be created in /dev/mapper, so your /etc/fstab
# should use the /dev/mapper/<name> paths for encrypted devices.
#
# See crypttab(5) for the supported syntax.
#
# NOTE: Do not list your root (/) partition here, it must be set up
#       beforehand by the initramfs (/etc/mkinitcpio.conf). The same applies
#       to encrypted swap, which should be set up with mkinitcpio-openswap
#       for resume support.
#
# <name>               <device>                         <password> <options>
luks-bca40e75-a646-43ce-94bf-baa9e8465544 UUID=bca40e75-a646-43ce-94bf-baa9e8465544     /crypto_keyfile.bin luks
luks-0601a8bf-665e-43b5-a183-1a9cc8d83bc4 UUID=0601a8bf-665e-43b5-a183-1a9cc8d83bc4     /crypto_keyfile.bin luks
luks-fcec610d-0b7b-4609-9fe0-be9508822a57 UUID=fcec610d-0b7b-4609-9fe0-be9508822a57     /crypto_keyfile.bin luks
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a device; this may
# be used with UUID= as a more robust way to name devices that works even if
# disks are added and removed. See fstab(5).
#
# <file system>             <mount point>  <type>  <options>  <dump>  <pass>
/dev/mapper/luks-bca40e75-a646-43ce-94bf-baa9e8465544 /home          btrfs   defaults,noatime,space_cache 0 2
UUID=94E5-C199                            /boot/efi      vfat    umask=0077 0 2
/dev/mapper/luks-0601a8bf-665e-43b5-a183-1a9cc8d83bc4 /              btrfs   subvol=/@,defaults,noatime,space_cache,ssd,compress=zstd,commit=120 0 1
/dev/mapper/luks-0601a8bf-665e-43b5-a183-1a9cc8d83bc4 /var/cache     btrfs   subvol=/@cache,defaults,noatime,space_cache,ssd,compress=zstd,commit=120 0 2
/dev/mapper/luks-0601a8bf-665e-43b5-a183-1a9cc8d83bc4 /var/log       btrfs   subvol=/@log,defaults,noatime,space_cache,ssd,compress=zstd,commit=120 0 2
/dev/mapper/luks-fcec610d-0b7b-4609-9fe0-be9508822a57 swap           swap    defaults,noatime 0 0
tmpfs                                     /tmp           tmpfs   defaults,noatime,mode=1777 0 0

/etc/mkinitcpio.conf

# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run.  Advanced users may wish to specify all system modules
# in this array.  For instance:
#     MODULES=(piix ide_disk reiserfs)
MODULES="crc32c-intel"

# BINARIES
# This setting includes any additional binaries a given user may
# wish into the CPIO image.  This is run last, so it may be used to
# override the actual binaries included by a given hook
# BINARIES are dependency parsed, so you may safely ignore libraries
BINARIES=()

# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in any way.  This is useful for config files.
FILES="/crypto_keyfile.bin"

# HOOKS
# This is the most important setting in this file.  The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added.  Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
##   This setup specifies all modules in the MODULES setting above.
##   No raid, lvm2, or encrypted root is needed.
#    HOOKS=(base)
#
##   This setup will autodetect all modules for your system and should
##   work as a sane default
#    HOOKS=(base udev autodetect block filesystems)
#
##   This setup will generate a 'full' image which supports most systems.
##   No autodetection is done.
#    HOOKS=(base udev block filesystems)
#
##   This setup assembles a pata mdadm array with an encrypted root FS.
##   Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
#    HOOKS=(base udev block mdadm encrypt filesystems)
#
##   This setup loads an lvm2 volume group on a usb device.
#    HOOKS=(base udev block lvm2 filesystems)
#
##   NOTE: If you have /usr on a separate partition, you MUST include the
#    usr, fsck and shutdown hooks.
HOOKS="base udev autodetect modconf block keyboard keymap encrypt openswap resume filesystems"

# COMPRESSION
# Use this to compress the initramfs image. By default, gzip compression
# is used. Use 'cat' to create an uncompressed image.
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
#COMPRESSION="xz"
#COMPRESSION="lzop"
#COMPRESSION="lz4"
#COMPRESSION="zstd"

# COMPRESSION_OPTIONS
# Additional options for the compressor
#COMPRESSION_OPTIONS=()

/etc/openswap.conf:

## cryptsetup open $swap_device $crypt_swap_name
## get uuid using e.g. lsblk -f
swap_device=/dev/disk/by-uuid/fcec610d-0b7b-4609-9fe0-be9508822a57
crypt_swap_name=luks-fcec610d-0b7b-4609-9fe0-be9508822a57

## one can optionally provide a keyfile device and path on this device
## to the keyfile
keyfile_device=/dev/mapper/luks-0601a8bf-665e-43b5-a183-1a9cc8d83bc4
keyfile_filename=crypto_keyfile.bin

## additional arguments are given to mount for keyfile_device
## has to start with --options (if so desired)
#keyfile_device_mount_options="--options=subvol=__active/__"

## additional arguments are given to cryptsetup
## --allow-discards options is desired in case swap is on SSD partition
cryptsetup_options="--type luks"

What I already tried :
* comment the third volume in etc/crypttab => give the same message at booting plus two more line that I can try to take in photo if interesting and take longer to boot. Still no resume. And no swap at all after boot.
* change “crypto_keyfile.bin” to “/crypto_kefile.bin” in openswapp.conf => no effect
* add a /etc/initcpio/hooks/openswap file with

  GNU nano 5.8                                                                                /etc/initcpio/hooks/openswap                                                                                         
run_hook ()
{
    ## Optional: To avoid race conditions
    x=0;
    while [ ! -b /dev/mapper/luks-0601a8bf-665e-43b5-a183-1a9cc8d83bc4 ] && [ $x -le 10 ]; do
       x=$((x+1))
       sleep .2
    done
    ## End of optional

    mkdir crypto_key_device
    mount /dev/mapper/luks-0601a8bf-665e-43b5-a183-1a9cc8d83bc4 crypto_key_device
    cryptsetup open --key-file crypto_key_device/crypto_keyfile.bin /dev/sdb3 luks-fcec610d-0b7b-4609-9fe0-be9508822a57
    umount crypto_key_device
}

build ()
{
   add_runscript
}
help ()
{
cat<<HELPEOF
  This opens the swap encrypted partition /dev/sdb3 in /dev/mapper/luks-fcec610d-0b7b-4609-9fe0-be9508822a57
HELPEOF
}

like in the wiki => no effect.
* I verified with Gparted if I could unmount and remount swap. The password works well.

So, where is the problem ?

Many thanks

Last edited by Weg (2021-09-05 09:02:32)

Offline

#2 2021-09-04 18:49:01

Raynman
Member
Registered: 2011-10-22
Posts: 1,539

Re: Failed to open key files with encrypted swap during booting and resume

One problem I see (besides Manjaro) is that you've turned multiple arrays in mkinitcpio.conf into strings.

Also many files seem to have a line with "gnu nano" at the top and long lines cut off roll

Offline

#3 2021-09-05 09:06:42

Weg
Member
Registered: 2021-09-04
Posts: 3

Re: Failed to open key files with encrypted swap during booting and resume

Are you talking about replacing quote by parenthesis in mkinitcpio.conf ? If yes, I just tried => No difference. If not, could you explain what do you mean ?

I didn't see for the cut off. that's corrected. “gnu nano" is just the header displayed by nano. It is not written in the file.

Offline

#4 2021-09-24 16:39:48

Weg
Member
Registered: 2021-09-04
Posts: 3

Re: Failed to open key files with encrypted swap during booting and resume

Solution : https://github.com/calamares/calamares/ … -920155121

Offline

Pages: 1

Board footer

Powered by FluxBB