[cryptsetup] race condition => doesn't find key, waits for rootfs, and timeouts
Before pacman -Syu everything was working.
After, at each boot, the initramfs drops me to a shell because it doesn't find the rootfs
Here's are my settings:
$ cat /proc/cmdline BOOT_IMAGE=/boot/vmlinuz-linux-libre-nand root=/dev/mapper/internal-rootfs cryptdevice=/dev/disk/by-uuid/12345678-1234-1234-abcd-012345abcdef:internal-cleartext rw systemd.show_status=false loglevel=8 console=tty0 cryptkey=rootfs:/etc/keys/internal.key nopat $ file /etc/crypttab /etc/crypttab: empty $ cat /etc/mkinitcpio.conf MODULES="i915" BINARIES="ext4magic extundelete" FILES="/etc/keys/internal.key" HOOKS="base udev autodetect modconf block encrypt lvm2 filesystems keyboard fsck" COMPRESSION="gzip"
Add "set -x" inside /usr/lib/initcpio/hooks/encrypt, on the line following "#!/usr/bin/ash"
Updated by fablamar78 about 5 years ago
You can read this : https://labs.parabola.nu/issues/1416
Other workaround :
"mkinitcpio-busybox 1.26 broke the encrypt hook somehow.
people have had success reverting to 1.25.1-2, or renaming the keyfile to /crypto_keyfile.bin while removing the cryptkey parameter alltogether:
How I solved the issue on my setup :
1. Show keys
cryptsetup luksDump /dev/sda1
2. Remove old key in luks (in my case, the key was in Key Slot 1, make sure it is..)
cryptsetup luksKillSlot /dev/sda1 1
3. Remove old key in FS :
rm /etc/yourkey (mine was /etc/pass)
4. Create a new keyfile as /crypto_keyfile.bin
dd bs=512 count=4 if=/dev/urandom of=/crypto_keyfile.bin iflag=fullblock
5. Add it to luks :
cryptsetup luksAddKey /dev/sda1 /crypto_keyfile.bin
chmod 000 /crypto_keyfile.bin
6. Edit "FILES=" in mkinitcpio.conf so it reflects the location of the new key :
7. Create initramfs again
mkinitpcio -p linux-libre #Or other kernel..
8. Remove "cryptkey=rootfs:/path/to/key" arg from your linux cmd (not needed anymore as now using /crypto_keyfile.bin which is default path)