Bug #1419
[cryptsetup] race condition => doesn't find key, waits for rootfs, and timeouts
0%
Description
Before pacman -Syu everything was working.
After, at each boot, the initramfs drops me to a shell because it doesn't find the rootfs
Here's are my settings:
$ cat /proc/cmdline BOOT_IMAGE=/boot/vmlinuz-linux-libre-nand root=/dev/mapper/internal-rootfs cryptdevice=/dev/disk/by-uuid/12345678-1234-1234-abcd-012345abcdef:internal-cleartext rw systemd.show_status=false loglevel=8 console=tty0 cryptkey=rootfs:/etc/keys/internal.key nopat $ file /etc/crypttab /etc/crypttab: empty $ cat /etc/mkinitcpio.conf MODULES="i915" BINARIES="ext4magic extundelete" FILES="/etc/keys/internal.key" HOOKS="base udev autodetect modconf block encrypt lvm2 filesystems keyboard fsck" COMPRESSION="gzip"
Workaround:
Add "set -x" inside /usr/lib/initcpio/hooks/encrypt, on the line following "#!/usr/bin/ash"
Related issues
History
Updated by fablamar78 almost 7 years ago
You can read this : https://labs.parabola.nu/issues/1416
Other workaround :
"mkinitcpio-busybox 1.26 broke the encrypt hook somehow.
people have had success reverting to 1.25.1-2, or renaming the keyfile to /crypto_keyfile.bin while removing the cryptkey parameter alltogether:
https://lists.parabola.nu/pipermail/assist/2017-July/000865.html"
How I solved the issue on my setup :
1. Show keys
cryptsetup luksDump /dev/sda1
2. Remove old key in luks (in my case, the key was in Key Slot 1, make sure it is..)
cryptsetup luksKillSlot /dev/sda1 1
3. Remove old key in FS :
rm /etc/yourkey (mine was /etc/pass)
4. Create a new keyfile as /crypto_keyfile.bin
dd bs=512 count=4 if=/dev/urandom of=/crypto_keyfile.bin iflag=fullblock
5. Add it to luks :
cryptsetup luksAddKey /dev/sda1 /crypto_keyfile.bin
chmod 000 /crypto_keyfile.bin
6. Edit "FILES=" in mkinitcpio.conf so it reflects the location of the new key :
FILES="/crypto_keyfile.bin"
7. Create initramfs again
mkinitpcio -p linux-libre #Or other kernel..
8. Remove "cryptkey=rootfs:/path/to/key" arg from your linux cmd (not needed anymore as now using /crypto_keyfile.bin which is default path)
Reboot
Updated by Anonymous over 6 years ago
what should I do if I have no key in slot 1 but only in slot 0.
It keeps dropping me to a shell for the same reason...
Updated by isacdaavid over 6 years ago
- Related to Bug #1416: cryptkey=rootfs:/etc/pass issue | keyfile is not added to initramfs somehow added
Updated by GNUtoo over 6 years ago
- cryptsetup 1.7.5-1
- mkinitcpio 23-2
- mkinitcpio-busybox 1.27.2-1
I don't know what fixed it.
Denis.
Updated by isacdaavid over 6 years ago
- Status changed from open to fixed
overcome by circumstances that we never quite figured out S: