You are not logged in.

#1 2022-03-17 16:51:57

aqua123
Member
Registered: 2013-03-05
Posts: 7

[SOLVED] swap encryption -- /dev/urandom "no such device"

I'm having some issues setting up encrypted swap. I've followed the wiki guide outlined here, but I'm having some issues upon bootup:

Mar 17 10:20:00 HOSTNAME systemd-cryptsetup[320]: Set cipher aes, mode cbc-essiv:sha256, key size 512 bits for device /dev/disk/by-uuid/c7af8dd7-0837-4573-a8d7-e07b20c63c10.
Mar 17 10:20:00 HOSTNAME systemd-cryptsetup[320]: device-mapper: reload ioctl on swap (254:1) failed: Invalid argument
Mar 17 10:20:00 HOSTNAME systemd-cryptsetup[320]: Failed to activate with key file '/dev/urandom': No such device

Here is some information that I think is helpful -- I'm trying to use the 16G partition nvme0n1p2:

$ lsblk -f
NAME        FSTYPE      FSVER LABEL     UUID                                 FSAVAIL FSUSE% MOUNTPOINTS
nvme0n1                                                                                     
├─nvme0n1p1 vfat        FAT32           3980-8239                             421.3M    16% /boot
├─nvme0n1p2 ext2        1.0   cryptswap c7af8dd7-0837-4573-a8d7-e07b20c63c10                
└─nvme0n1p3 crypto_LUKS 2               8914d804-5da0-4cca-98bb-844c11cd4e4f                
  └─root    ext4        1.0             a1ce055f-1570-402a-9d61-d266d70b01c7  417.7G     3% /
Disk /dev/nvme0n1: 1000215216 sectors, 476.9 GiB
Model: MTFDHBA512QFD-1AX1AABHA                 
Sector size (logical/physical): 512/512 bytes
Disk identifier (GUID): DE1A05D4-77AC-4511-B7C2-773560A82A1E
Partition table holds up to 128 entries
Main partition table begins at sector 2 and ends at sector 33
First usable sector is 34, last usable sector is 1000215182
Partitions will be aligned on 2048-sector boundaries
Total free space is 2014 sectors (1007.0 KiB)

Number  Start (sector)    End (sector)  Size       Code  Name
   1            2048         1026047   500.0 MiB   EF00  EFI system partition
   2         1026048        34580479   16.0 GiB    8300  Linux filesystem
   3        34580480      1000215182   460.5 GiB   8300  Linux filesystem

Thanks!

Last edited by aqua123 (2022-03-17 17:53:46)

Offline

#2 2022-03-17 17:16:32

frostschutz
Member
Registered: 2013-11-15
Posts: 1,409

Re: [SOLVED] swap encryption -- /dev/urandom "no such device"

hm, this method still works for me... also show your /etc/crypttab, /etc/fstab?

which kernel are you using?

Last edited by frostschutz (2022-03-17 17:18:22)

Offline

#3 2022-03-17 17:21:26

aqua123
Member
Registered: 2013-03-05
Posts: 7

Re: [SOLVED] swap encryption -- /dev/urandom "no such device"

sudo cat /etc/crypttab
# Configuration for encrypted block devices.
# See crypttab(5) for details.

# NOTE: Do not list your root (/) partition here, it must be set up
#       beforehand by the initramfs (/etc/mkinitcpio.conf).

# <name>       <device>                                     <password>              <options>
swap         UUID=c7af8dd7-0837-4573-a8d7-e07b20c63c10     /dev/urandom            swap,offset=2048,cipher=aes-cbc-essiv:sha256,size=512
sudo cat /etc/fstab   
# Static information about the filesystems.
# See fstab(5) for details.

# <file system> <dir> <type> <options> <dump> <pass>
# /dev/mapper/root
UUID=a1ce055f-1570-402a-9d61-d266d70b01c7       /               ext4            rw,relatime     0 1

# /dev/nvme0n1p1
UUID=3980-8239          /boot           vfat            rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro   0 2

and I am using the latest default linux -- 5.16.14.

Offline

#4 2022-03-17 17:47:30

frostschutz
Member
Registered: 2013-11-15
Posts: 1,409

Re: [SOLVED] swap encryption -- /dev/urandom "no such device"

The wiki uses aes-xts-plain64, why did you change it to aes-cbc-essiv:sha256?

If I change mine to aes-cbc-essiv:sha256 it also stops working, might have to remove the size=512 as well, maybe size=256 instead.

You have to provide a working cipherspec. If in doubt, just stick with aes-xts-plain64.

Offline

#5 2022-03-17 17:53:03

aqua123
Member
Registered: 2013-03-05
Posts: 7

Re: [SOLVED] swap encryption -- /dev/urandom "no such device"

That seems to have worked. I think the default in crypttab was the aes-cbc-essiv:sha256 - I don't know where else I got that.

But anyway, thank you!

Offline

Board footer

Powered by FluxBB