Arch Linux

deconstrained

Member

Registered: 2008-03-31

Posts: 49

[solved] Bootup: unlocking encrypted devices fails

EDIT: For the record, I solved this problem by commenting out my crypttab / fstab entries for the encrypted home partition, booting without mounting /home, then uncommenting the entries and upgrading the kernel/rebuilding the ramdisk (pacman -Sy kernel26, which of course ran mkinitcpio). Before trying this, however, I also tried changing my crypttab entry to "home /dev/sda3 ASK"; I realized that the "ASK" keyword is necessary instead of "none" as in other distros, because of how rc.sysinit parses /etc/crypttab. This didn't fix immediately, although it was necessary, so it was definitely a combination of this AND running mkinitcpio in the non-chrooted environment.

At boot time, just after the message "Unlocking encrypted volumes: home...failed" I'm seeing a bunch of text that looks like output from cryptsetup.static being improperly called; it includes a bunch of what looks like option flags enclosed in square brackets and separated by spaces (i.e. [--usage] [--vl-verbose] )

This is what I did before this started happening (In order to remove encryption on my root FS):

1. I made a backup clone of my hard drive, then made a new filesystem on the root partition.
2. I updated /etc/crypttab, /etc/fstab and /etc/mkinitcpio.conf accordingly:

UUID=[uuid-of-my-root]  / reiserfs defaults 0 1
UUID=[uuid-of-my-boot] /boot ext2 defaults 0 1
/dev/mapper/home /home jfs defaults,iocharset=utf8 0 1

home /dev/disk/by-uuid/[uuid-of-my-home-partition] none luks

(I want to enter my passphrase at boot time)
In mkinitcpio.conf I removed "encrypt" from the hooks, but left the modules dm-crypt, aes-x86_64 and jfs/reiserfs in the modules array.
3. I chrooted into the root partition (after mounting the proc and dev filesystems), mounted boot, and generated an interim ramdisk with mkinitcpio, then added an entry in /boot/grub/menu.lst for the image.

I have tried quite a number of things already, including removing the "luks" extension from the end of my /etc/crypttab entry, and enclosing none in double quotes. Should I perhaps move the filesystem and encryption modules in mkinitcpio.conf to rc.conf? Also, would it help if I removed the "filesystems" hook from mkinitcpio.conf, and regenerated the ramdisk?

Last edited by deconstrained (2010-01-30 03:18:15)

gile

Member

Registered: 2010-01-31

Posts: 6

Re: [solved] Bootup: unlocking encrypted devices fails

I confirm the same issue, but I found out that this was caused by initscripts-2010.01-1, so downgrading back to the old version fixed the issue.

wget http://www.schlunix.org/archlinux/core/ … pkg.tar.gz
pacman -U initscripts-2009.08-1-i686.pkg.tar.gz

Hope someone else will find this helpful.

brain0

Developer

From: Aachen - Germany

Registered: 2005-01-03

Posts: 1,382

Re: [solved] Bootup: unlocking encrypted devices fails

There have been no changes in the cryptsetup code of rc.sysinit between 2009.08-1 and 2010.01-1. Not a single line.

gile

Member

Registered: 2010-01-31

Posts: 6

Re: [solved] Bootup: unlocking encrypted devices fails

So I get this with the new initscripts package:

:: Unlocking encrypted volumes: home..failed swap..ok mand failed: Error opening device: No such file or directory       [FAIL]

The only difference (for the cryptsetup / lvm part) which I saw between the two versions is this line:

/sbin/lvm vgscan --ignorelockingfailure --mknodes >/dev/null

Which is missing in the latest package, but I am no expert in sysinit scripts, and I confirm that adding that line doesn't resolve the issue.

gile

Member

Registered: 2010-01-31

Posts: 6

Re: [solved] Bootup: unlocking encrypted devices fails

http://bugs.archlinux.org/task/18087

it works after updating the following: device-mapper 2.02.60-2 cryptsetup 1.1.0-1 lvm2 2.02.60-2 udev 151-2

brain0

Developer

From: Aachen - Germany

Registered: 2005-01-03

Posts: 1,382

Re: [solved] Bootup: unlocking encrypted devices fails

Good, thanks for the valuable information. I was hoping it was "just that".

Jonhoo

Member

Registered: 2009-05-23

Posts: 118

Re: [solved] Bootup: unlocking encrypted devices fails

Hey fellow archers,

Sorry to revive this old thread, but the issue seems to have come back up again..
I'm having the exact same problem as the OP, but his solution does not work for me..

Anything I can post to help debugging, because I'm completely stumped..?

bender02

Member

From: UK

Registered: 2007-02-04

Posts: 1,328

Re: [solved] Bootup: unlocking encrypted devices fails

Same problem here; things are working for me with lvm2-2.02.79 and not with the newer ones.

From the bugreport linked above it looks like that it also depends on some other packages being the same version (eg device-mapper) and there've been some updates of those today; I haven't tested with them yet.

If it continues not to work, either reopen that bug above or open a new one.

Last edited by bender02 (2011-01-26 16:36:43)

Jonhoo

Member

Registered: 2009-05-23

Posts: 118

Re: [solved] Bootup: unlocking encrypted devices fails

Still doesn't work after updates, reopen request filed.

Jonhoo

Member

Registered: 2009-05-23

Posts: 118

Re: [solved] Bootup: unlocking encrypted devices fails

Sorry, had to open a new bug.
New bug @ https://bugs.archlinux.org/task/22673

jordan.milne

Member

Registered: 2009-10-26

Posts: 4

Re: [solved] Bootup: unlocking encrypted devices fails

I had this issue yesterday while installing arch with an encrypted root and home partition. It's worth noting that a simple

home_crypt /dev/sda3 ASK luks

in crypttab won't work anymore. Change it to

home_crypt /dev/sda3 ASK "-c {cipher} -h {hash}"

You can get that info by running `cryptsetup status /dev/mapper/home_crypt` if you're able to get into maintenance mode to manually use luksOpen. Or, if you used the defaults, cryptsetup --help will tell you the cipher and hash.

cryptsetup should probably allow, but ignore the -s parameter for luksOpen in the next release so this doesn't happen again.

Unfortunately, in the meantime, half of the wiki's how-tos on setting up encrypted systems are broken.

Last edited by jordan.milne (2011-02-03 00:41:35)

treysis

Member

Registered: 2009-05-10

Posts: 23

Re: [solved] Bootup: unlocking encrypted devices fails

actually, with LUKS, you don't need to specify hash and cipher as it's stored in the metadata, one of the main advantages of the idea behind LUKS (it was needed for cryptsetup long time ago when LUKS wasn't used by cryptsetup as default).

Unfortunately, there seems to be a problem in the current release if you enter the password as plaintext in /etc/crypttab. This way at boot cryptsetup is not able to unlock the volume. A workaround is to use the feature of multiple keyslots and associate one slot with a keyfile. Reading the keyfile seems to be working without problems!

jalu

Member

Registered: 2009-04-05

Posts: 140

Re: [solved] Bootup: unlocking encrypted devices fails

Same problem here.

/etc/crypttab

swap /dev/sda2 SWAP -c aes-xts-plain -h whirlpool -s 512

/etc/fstab

/dev/mapper/swap swap swap defaults 0 0

During boot, I get the following message: "unlocking encrypted volumes: swap..failed"

edit: Looks like I needed quotes around the options I was using in /etc/crypttab. Changing that line to the following solved my problem.

swap /dev/sda2 SWAP "-c aes-xts-plain -h whirlpool -s 512"

Last edited by jalu (2011-11-22 19:42:42)

Wallsy

Member

Registered: 2010-07-28

Posts: 19

Re: [solved] Bootup: unlocking encrypted devices fails

I am having an issue with this at the moment, exactly the same problem as jalu, however mine are already quoted.

Any ideas?

jalu

Member

Registered: 2009-04-05

Posts: 140

Re: [solved] Bootup: unlocking encrypted devices fails

I am having an issue with this at the moment, exactly the same problem as jalu, however mine are already quoted.

Any ideas?

My problem eventually resurfaced, even with the quotes. I seem to remember hearing that it was due to a bug in some package. Not sure.