Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
dm-crypt hangs at boot [SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
ExecutorElassus
Veteran
Veteran


Joined: 11 Mar 2004
Posts: 1192
Location: Stuttgart, Germany

PostPosted: Fri Mar 10, 2017 6:18 am    Post subject: dm-crypt hangs at boot [SOLVED] Reply with quote

I have a laptop that has been running gentoo for over a year. My /home is on an encrypted partition. In the middle of an "emerge world" update I had to shut down. Now, on boot, I get an error thatmy password doesn't work for the encrypted volume. Later in the boot prcess, however, I am adked fir my password afain, and now it works. However, /home is also occasionally not mounted, and I have to do so manually.

What might be causing this behavior? Might updating some package have caused dm-crypt to break?

Cheers,

EE


Last edited by ExecutorElassus on Fri Mar 17, 2017 5:23 am; edited 1 time in total
Back to top
View user's profile Send private message
tberger2
n00b
n00b


Joined: 05 Feb 2013
Posts: 69

PostPosted: Fri Mar 10, 2017 12:22 pm    Post subject: Reply with quote

Could be the same problem as here.
Check your /etc/init.d/dmcrypt config file.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Fri Mar 10, 2017 1:05 pm    Post subject: Re: dm-crypt hangs at boot Reply with quote

ExecutorElassus wrote:
I have a laptop that has been running gentoo for over a year. My /home is on an encrypted partition. In the middle of an "emerge world" update I had to shut down. Now, on boot, I get an error thatmy password doesn't work for the encrypted volume. Later in the boot prcess, however, I am adked fir my password afain, and now it works. However, /home is also occasionally not mounted, and I have to do so manually.

ExecutorElassus ... when you say "password doesn't work for the encrypted volume" you mean in the initramfs? I ask because then "later in the boot process" makes sense (as you have dmcrypt in a runlevel). The symptoms don't really point to anything, because if the luksHeader were corrupted the decryption happening "later in the boot process" would fail similarly. If the filesystem is corrupted (which might explain the filesystem not being mounted, perhaps due to failing fsck) then that doesn't explain the issue providing the password. Did you make a backup of the luksHeader? If so does replacing the existing header with the backup resolve this issue, or if you provide another password with luksAddKey does this password fail similarly?

For the mount ro I think this is an issue with openrc's fsck, something I think I may have encountered (but had attributed to the fact that I'm using the now depreciated =sys-apps/openrc-0.12.4), does your filesystem (I'm assuming ext4) show as being clean?

Code:
# tune2fs -l /dev/mapper/<volume_name> | grep 'Filesystem.state'

Have you run fsck on it since the crash, does the fsck service return success when run on /home? In my case it would show the filesystem was clean, and fsck would return success, but re-making the filesystem and replacing the filesystem contents from a backup, resolved the issue (which is what leads me to suspect the fsck service isn't working correctly).

ExecutorElassus wrote:
What might be causing this behavior? Might updating some package have caused dm-crypt to break?

The crash may have corrupted something, and the PM has nothing to do with it.

best ... khay
Back to top
View user's profile Send private message
ExecutorElassus
Veteran
Veteran


Joined: 11 Mar 2004
Posts: 1192
Location: Stuttgart, Germany

PostPosted: Thu Mar 16, 2017 10:08 am    Post subject: Reply with quote

Well, the exact message I get is:

Code:
*Setting system clock using the hardware clock [UTZ]
*Setting up dm-crypt mappings
*   swap using: -c aes-xts-plain -s 512 -d /dev/urandom create swap /dev/sdb3
*      pre_mount: mkswap /dev/mapper/swap
*   home using: open /dev/sda1 home
Enter passphrase for /dev/sda1:
No key available with this passphrase
it then fails out, continues with boot, enters runlevel 3, and then comes back to starting dm-crypt. This time, when I enter the exact same password, it succeeds, but does not mount /home

So, what might be doing this?

Cheers,

EE
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2971
Location: Germany

PostPosted: Thu Mar 16, 2017 10:48 am    Post subject: Reply with quote

keyboard layout?

http://unix.stackexchange.com/a/174657/30851

otherwise some missing module...
Back to top
View user's profile Send private message
ExecutorElassus
Veteran
Veteran


Joined: 11 Mar 2004
Posts: 1192
Location: Stuttgart, Germany

PostPosted: Thu Mar 16, 2017 11:14 am    Post subject: Reply with quote

I thought it might be a layout issue (my keyboard it QWERTZ), but trying it assuming swapped Y-Z keys still didn't work. So, probably a missing module?

I did reboot it in the middle of an 'emerge -uD world' process (not a hard reboot: properly terminated the emerge, then shut down in an orderly fashion) so it's possible that a module got updated without a necessary dependency.

I'm finishing the emerge now, so I'll reboot again and report back.

Cheers,

EE
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Thu Mar 16, 2017 12:07 pm    Post subject: Reply with quote

ExecutorElassus ...

the output of the following might help us debug the issue:

Code:
# if [[ -e /proc/config.gz ]] ; then zgrep -Ei '(_dm_|crypt)' /proc/config.gz ; else egrep -i '(_dm_|crypt)' /usr/src/linux-$(uname -r)/.config ; fi
# cryptsetup luksDump /dev/sda1
# egrep -v '^(#|$)' /etc/conf.d/dmcrypt
# egrep -v '^(#|$)' /etc/conf.d/modules
# rc-status boot |tr -s ' '

best ... khay
Back to top
View user's profile Send private message
ExecutorElassus
Veteran
Veteran


Joined: 11 Mar 2004
Posts: 1192
Location: Stuttgart, Germany

PostPosted: Thu Mar 16, 2017 12:18 pm    Post subject: Reply with quote

Code:
 # if [[ -e /proc/config.gz ]] ; then zgrep -Ei '(_dm_|crypt)' /proc/config.gz ; else egrep -i '(_dm_|crypt)' /usr/src/linux-$(uname -r)/.config ; fi
# CONFIG_BLK_DEV_CRYPTOLOOP is not set
CONFIG_BLK_DEV_DM_BUILTIN=y
# CONFIG_DM_MQ_DEFAULT is not set
# CONFIG_DM_DEBUG is not set
CONFIG_DM_CRYPT=y
# CONFIG_DM_SNAPSHOT is not set
# CONFIG_DM_THIN_PROVISIONING is not set
# CONFIG_DM_CACHE is not set
# CONFIG_DM_ERA is not set
# CONFIG_DM_MIRROR is not set
CONFIG_DM_RAID=m
# CONFIG_DM_ZERO is not set
# CONFIG_DM_MULTIPATH is not set
# CONFIG_DM_DELAY is not set
# CONFIG_DM_UEVENT is not set
# CONFIG_DM_FLAKEY is not set
# CONFIG_DM_VERITY is not set
# CONFIG_DM_SWITCH is not set
# CONFIG_DM_LOG_WRITES is not set
# CONFIG_EXT4_ENCRYPTION is not set
# CONFIG_FS_ENCRYPTION is not set
# CONFIG_ECRYPT_FS is not set
# CONFIG_ENCRYPTED_KEYS is not set
CONFIG_CRYPTO=y
# Crypto core or helper
CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_ALGAPI2=y
CONFIG_CRYPTO_AEAD=y
CONFIG_CRYPTO_AEAD2=y
CONFIG_CRYPTO_BLKCIPHER=y
CONFIG_CRYPTO_BLKCIPHER2=y
CONFIG_CRYPTO_HASH=y
CONFIG_CRYPTO_HASH2=y
CONFIG_CRYPTO_RNG=y
CONFIG_CRYPTO_RNG2=y
CONFIG_CRYPTO_RNG_DEFAULT=y
CONFIG_CRYPTO_AKCIPHER2=y
CONFIG_CRYPTO_KPP2=y
CONFIG_CRYPTO_ACOMP2=y
# CONFIG_CRYPTO_RSA is not set
# CONFIG_CRYPTO_DH is not set
# CONFIG_CRYPTO_ECDH is not set
CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MANAGER2=y
# CONFIG_CRYPTO_USER is not set
CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
CONFIG_CRYPTO_GF128MUL=y
CONFIG_CRYPTO_NULL=y
CONFIG_CRYPTO_NULL2=y
# CONFIG_CRYPTO_PCRYPT is not set
CONFIG_CRYPTO_WORKQUEUE=y
# CONFIG_CRYPTO_CRYPTD is not set
# CONFIG_CRYPTO_MCRYPTD is not set
# CONFIG_CRYPTO_AUTHENC is not set
# CONFIG_CRYPTO_TEST is not set
# Authenticated Encryption with Associated Data
CONFIG_CRYPTO_CCM=y
CONFIG_CRYPTO_GCM=y
# CONFIG_CRYPTO_CHACHA20POLY1305 is not set
CONFIG_CRYPTO_SEQIV=y
CONFIG_CRYPTO_ECHAINIV=m
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_CTR=y
# CONFIG_CRYPTO_CTS is not set
CONFIG_CRYPTO_ECB=y
# CONFIG_CRYPTO_LRW is not set
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=y
# CONFIG_CRYPTO_KEYWRAP is not set
# CONFIG_CRYPTO_CMAC is not set
CONFIG_CRYPTO_HMAC=y
# CONFIG_CRYPTO_XCBC is not set
# CONFIG_CRYPTO_VMAC is not set
CONFIG_CRYPTO_CRC32C=y
# CONFIG_CRYPTO_CRC32C_INTEL is not set
# CONFIG_CRYPTO_CRC32 is not set
# CONFIG_CRYPTO_CRC32_PCLMUL is not set
# CONFIG_CRYPTO_CRCT10DIF is not set
CONFIG_CRYPTO_GHASH=y
# CONFIG_CRYPTO_POLY1305 is not set
# CONFIG_CRYPTO_POLY1305_X86_64 is not set
# CONFIG_CRYPTO_MD4 is not set
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_MICHAEL_MIC=y
# CONFIG_CRYPTO_RMD128 is not set
# CONFIG_CRYPTO_RMD160 is not set
# CONFIG_CRYPTO_RMD256 is not set
# CONFIG_CRYPTO_RMD320 is not set
CONFIG_CRYPTO_SHA1=y
# CONFIG_CRYPTO_SHA1_SSSE3 is not set
# CONFIG_CRYPTO_SHA256_SSSE3 is not set
# CONFIG_CRYPTO_SHA512_SSSE3 is not set
# CONFIG_CRYPTO_SHA1_MB is not set
# CONFIG_CRYPTO_SHA256_MB is not set
# CONFIG_CRYPTO_SHA512_MB is not set
CONFIG_CRYPTO_SHA256=y
# CONFIG_CRYPTO_SHA512 is not set
# CONFIG_CRYPTO_SHA3 is not set
# CONFIG_CRYPTO_TGR192 is not set
# CONFIG_CRYPTO_WP512 is not set
# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_AES_X86_64=y
# CONFIG_CRYPTO_AES_NI_INTEL is not set
# CONFIG_CRYPTO_ANUBIS is not set
CONFIG_CRYPTO_ARC4=y
CONFIG_CRYPTO_BLOWFISH=y
CONFIG_CRYPTO_BLOWFISH_COMMON=y
# CONFIG_CRYPTO_BLOWFISH_X86_64 is not set
# CONFIG_CRYPTO_CAMELLIA is not set
# CONFIG_CRYPTO_CAMELLIA_X86_64 is not set
# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set
# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 is not set
# CONFIG_CRYPTO_CAST5 is not set
# CONFIG_CRYPTO_CAST5_AVX_X86_64 is not set
# CONFIG_CRYPTO_CAST6 is not set
# CONFIG_CRYPTO_CAST6_AVX_X86_64 is not set
# CONFIG_CRYPTO_DES is not set
# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set
# CONFIG_CRYPTO_FCRYPT is not set
# CONFIG_CRYPTO_KHAZAD is not set
# CONFIG_CRYPTO_SALSA20 is not set
# CONFIG_CRYPTO_SALSA20_X86_64 is not set
# CONFIG_CRYPTO_CHACHA20 is not set
# CONFIG_CRYPTO_CHACHA20_X86_64 is not set
# CONFIG_CRYPTO_SEED is not set
# CONFIG_CRYPTO_SERPENT is not set
# CONFIG_CRYPTO_SERPENT_SSE2_X86_64 is not set
# CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set
# CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set
# CONFIG_CRYPTO_TEA is not set
# CONFIG_CRYPTO_TWOFISH is not set
CONFIG_CRYPTO_TWOFISH_COMMON=y
CONFIG_CRYPTO_TWOFISH_X86_64=y
# CONFIG_CRYPTO_TWOFISH_X86_64_3WAY is not set
# CONFIG_CRYPTO_TWOFISH_AVX_X86_64 is not set
# CONFIG_CRYPTO_DEFLATE is not set
# CONFIG_CRYPTO_LZO is not set
# CONFIG_CRYPTO_842 is not set
# CONFIG_CRYPTO_LZ4 is not set
# CONFIG_CRYPTO_LZ4HC is not set
# CONFIG_CRYPTO_ANSI_CPRNG is not set
CONFIG_CRYPTO_DRBG_MENU=y
CONFIG_CRYPTO_DRBG_HMAC=y
# CONFIG_CRYPTO_DRBG_HASH is not set
# CONFIG_CRYPTO_DRBG_CTR is not set
CONFIG_CRYPTO_DRBG=y
CONFIG_CRYPTO_JITTERENTROPY=y
# CONFIG_CRYPTO_USER_API_HASH is not set
# CONFIG_CRYPTO_USER_API_SKCIPHER is not set
# CONFIG_CRYPTO_USER_API_RNG is not set
# CONFIG_CRYPTO_USER_API_AEAD is not set
CONFIG_CRYPTO_HW=y
# CONFIG_CRYPTO_DEV_PADLOCK is not set
# CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_DESC is not set
# CONFIG_CRYPTO_DEV_CCP is not set
# CONFIG_CRYPTO_DEV_QAT_DH895xCC is not set
# CONFIG_CRYPTO_DEV_QAT_C3XXX is not set
# CONFIG_CRYPTO_DEV_QAT_C62X is not set
# CONFIG_CRYPTO_DEV_QAT_DH895xCCVF is not set
# CONFIG_CRYPTO_DEV_QAT_C3XXXVF is not set
# CONFIG_CRYPTO_DEV_QAT_C62XVF is not set

then
Code:
 # cryptsetup luksDump /dev/sda1
LUKS header information for /dev/sda1

Version:          1
Cipher name:      aes
Cipher mode:      xts-plain
Hash spec:        sha256
Payload offset:   4096
MK bits:          512
MK digest:        bb cd 2b 95 99 e6 7e 67 ae 46 34 03 74 2d 3d 27 9e c9 19 59
MK salt:          7d ab 74 0f 25 00 76 3c ae a4 84 bb 86 1c 0d 31
                  a6 62 bc c0 35 c9 3d d8 7b 11 ad a6 05 70 f6 47
MK iterations:    180750
UUID:             c3523f4e-5a95-4363-a74b-ae283df93941

Key Slot 0: ENABLED
   Iterations:            1438201
   Salt:                  7c 6e 23 19 c1 fc f2 fa 09 53 e3 fb 19 bb 40 d1
                            0d b2 be 7b b5 4a 9c eb bc a9 3b 91 a6 6d c6 f4
   Key material offset:   8
   AF stripes:               4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

and
Code:
 # egrep -v '^(#|$)' /etc/conf.d/dmcrypt
dmcrypt_key_timeout=1
dmcrypt_retries=5
swap=swap
source='/dev/sdb3'
options='-c aes-xts-plain -s 512 -d /dev/urandom'
target=home
source='/dev/sda1'

and
Code:
# egrep -v '^(#|$)' /etc/conf.d/modules
(ie, no output)
lastly:
Code:
# rc-status boot |tr -s ' '
 * Caching service dependencies ... [ ok ]
Runlevel: boot
 hwclock [ started ]
 sysctl [ started ]
 modules [ started ]
 dmcrypt [ started ]
 fsck [ started ]
 root [ started ]
 mtab [ started ]
 swap [ started ]
 localmount [ started ]
 opentmpfiles-setup [ started ]
 bootmisc [ started ]
 termencoding [ started ]
 keymaps [ started ]
 procfs [ started ]
 alsasound [ started ]
 hostname [ started ]
 loopback [ started ]
 binfmt [ started ]
 urandom [ started ]


Anything useful there?

Cheers,

EE
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2971
Location: Germany

PostPosted: Thu Mar 16, 2017 1:33 pm    Post subject: Reply with quote

ExecutorElassus wrote:
but trying it assuming swapped Y-Z keys still didn't work.


You have no special characters in your phrase? Otherwise it's not just y z.
Back to top
View user's profile Send private message
ExecutorElassus
Veteran
Veteran


Joined: 11 Mar 2004
Posts: 1192
Location: Stuttgart, Germany

PostPosted: Thu Mar 16, 2017 1:51 pm    Post subject: Reply with quote

no special characters. As per this XKCD, it is a long string of regular characters (and no, it isn't "correct horse battery staple").

UPDATE: I finished emerging everything and rebooted. Same problem.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Thu Mar 16, 2017 10:42 pm    Post subject: Reply with quote

ExecutorElassus wrote:
Anything useful there?

ExecutorElassus ... no, nothing at all. I was half expecting something the encrypted partition required to be a module (and so perhaps not loaded before dmcrypt was run in 'boot'), but no.

I think frostschutz may be right, it's an input/kbd issue, please try the following:

/etc/conf.d/dmcrypt:
rc_after="keymaps"

HTH & best ... khay
Back to top
View user's profile Send private message
ExecutorElassus
Veteran
Veteran


Joined: 11 Mar 2004
Posts: 1192
Location: Stuttgart, Germany

PostPosted: Fri Mar 17, 2017 5:14 am    Post subject: Reply with quote

huh. far out: it turns out that it was a keyboard layout problem: I tried my password again, this time with z-y swapping, and this time it worked. I must have made some other typo when I tried the first time.

Anyway, now, adding that line in /etc/conf.d/dmcrypt did not help (except that now the boot sequence complains about fsck on root failing because it isn't mounted). Is there some other way to set the layout?

Cheers,

EE

UPDATE: nvm, that solution linked on stackexchange worked for me. setting to [SOLVED]
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum