Ubuntu
cryptsetup package

Bug #532898
Comment #27

Comment 27 for bug 532898

Revision history for this message

TJ (tj) wrote on 2010-03-31: Re: [Bug 532898] Re: lucid: Failure to bring up cryptsetup devices by key files (when not using "splash")

#27

On Wed, 2010-03-31 at 02:37 +0000, TJ wrote:
> One thing I'll try is having the key-file on the root file-system just
> to see if that is the differentiator.

Confirming the easy bit: having the key-file in the encrypted root and
modifying /etc/crypttab allows an uninterrupted boot:

var /dev/mapper/Ubuntu-Lucid_var_encrypted /etc/keyfile luks
home /dev/mapper/Ubuntu-home /etc/keyfile luks

Thanks for that insight Steve - the new event-driven boot is certainly
throwing out some 'interesting' issues!

I'll follow through on the cryptsetup init jobs, especially -udev.

A quick test using:

$ sudo udevadm monitor --property > udevadm-monitor--property.log &
$ sudo udevadm trigger
$ fg
^C

and comparison to /etc/init/cryptdisks-udev.conf reveals that *none* of
the LUKS LVMs has the property ID_FS_USAGE=crypto:

$ grep -i crypt udevadm-monitor--property.log
KERNEL[1270004082.078366] add /devices/virtual/misc/ecryptfs (misc)
DEVPATH=/devices/virtual/misc/ecryptfs
DEVNAME=ecryptfs
UDEV [1270004082.368070] add /devices/virtual/misc/ecryptfs (misc)
DEVPATH=/devices/virtual/misc/ecryptfs
DEVNAME=/dev/ecryptfs
DM_UUID=CRYPT-LUKS1-5a1b276fe73543ff8d09d2c96f4bee42-var_unformatted
DM_NAME=Ubuntu-Lucid_encrypted
DM_UUID=CRYPT-LUKS1-702270f27c3948fb83020b119e29cb24-root
DM_NAME=Ubuntu-Lucid_var_encrypted
DM_UUID=CRYPT-LUKS1-16cb06fad6aa419cadeaac9e1c348fce-home_unformatted

and the actual device-mapper names do not contain the "_unformatted"
suffix (which I have seen remain in /dev/mapper/ in the past):

$ ls -1 /dev/mapper
control
home
root
Ubuntu-all
Ubuntu-home
Ubuntu-Karmic
Ubuntu-Karmic_var
Ubuntu-Lucid_encrypted
Ubuntu-Lucid_var_encrypted
Ubuntu-Media
Ubuntu-SourceCode
Ubuntu-swap
Ubuntu-usr_local
Ubuntu-VideoCapture
Ubuntu-VirtualMachines
var

The DM_UUID= properties match:

$ ls -l /dev/disk/by-uuid/ | egrep 'Ubuntu-.*(encrypted|home)'
16cb06fa-d6aa-419c-adea-ac9e1c348fce -> ../../mapper/Ubuntu-home
5a1b276f-e735-43ff-8d09-d2c96f4bee42 -> ../../mapper/Ubuntu-Lucid_var_encrypted
702270f2-7c39-48fb-8302-0b119e29cb24 -> ../../mapper/Ubuntu-Lucid_encrypted

The udev log only shows the USB key, the sda3 /boot partition, the two
Windows installations (sda1, sda2) and the LVM PV (sda4) having an
ID_FS_USAGE key:

$ grep -i -B 4 ID_FS_USAGE udevadm-monitor--property.log
ID_FS_UUID=D313-1D74
ID_FS_UUID_ENC=D313-1D74
ID_FS_VERSION=FAT32
ID_FS_TYPE=vfat
ID_FS_USAGE=filesystem
--
ID_FS_UUID=af296c2f-a6f5-4cdb-b74c-66310f169677
ID_FS_UUID_ENC=af296c2f-a6f5-4cdb-b74c-66310f169677
ID_FS_VERSION=1.0
ID_FS_TYPE=ext3
ID_FS_USAGE=filesystem
--
ID_FS_LABEL_ENC=Recovery
ID_FS_UUID=CCE61747E61730E6
ID_FS_UUID_ENC=CCE61747E61730E6
ID_FS_TYPE=ntfs
ID_FS_USAGE=filesystem
--
ID_FS_LABEL_ENC=Vista
ID_FS_UUID=E6E08581E0855927
ID_FS_UUID_ENC=E6E08581E0855927
ID_FS_TYPE=ntfs
ID_FS_USAGE=filesystem
--
ID_FS_UUID=ciBh6h-0yEr-7c3u-y3el-QUAc-i7tj-YyHD46
ID_FS_UUID_ENC=ciBh6h-0yEr-7c3u-y3el-QUAc-i7tj-YyHD46
ID_FS_VERSION=LVM2\x20001
ID_FS_TYPE=LVM2_member
ID_FS_USAGE=raid

Steve, do you know under what circumstances "ID_FS_USAGE=crypto" should
exist? Maybe it is only in raw disk partitions, not LVM volumes?

On Wed, 2010-03-31 at 02:37 +0000, TJ wrote:
> One thing I'll try is having the key-file on the root file-system just
> to see if that is the differentiator.

Confirming the easy bit: having the key-file in the encrypted root and
modifying /etc/crypttab allows an uninterrupted boot:

var /dev/mapper/Ubuntu-Lucid_var_encrypted /etc/keyfile luks
home /dev/mapper/Ubuntu-home /etc/keyfile luks

Thanks for that insight Steve - the new event-driven boot is certainly
throwing out some 'interesting' issues!

I'll follow through on the cryptsetup init jobs, especially -udev.

A quick test using:

$ sudo udevadm monitor --property > udevadm-monitor--property.log &
$ sudo udevadm trigger
$ fg
^C

and comparison to /etc/init/cryptdisks-udev.conf reveals that *none* of
the LUKS LVMs has the property ID_FS_USAGE=crypto:

$ grep -i crypt udevadm-monitor--property.log 
KERNEL[1270004082.078366] add      /devices/virtual/misc/ecryptfs (misc)
DEVPATH=/devices/virtual/misc/ecryptfs
DEVNAME=ecryptfs
UDEV  [1270004082.368070] add      /devices/virtual/misc/ecryptfs (misc)
DEVPATH=/devices/virtual/misc/ecryptfs
DEVNAME=/dev/ecryptfs
DM_UUID=CRYPT-LUKS1-5a1b276fe73543ff8d09d2c96f4bee42-var_unformatted
DM_NAME=Ubuntu-Lucid_encrypted
DM_UUID=CRYPT-LUKS1-702270f27c3948fb83020b119e29cb24-root
DM_NAME=Ubuntu-Lucid_var_encrypted
DM_UUID=CRYPT-LUKS1-16cb06fad6aa419cadeaac9e1c348fce-home_unformatted

and the actual device-mapper names do not contain the "_unformatted"
suffix (which I have seen remain in /dev/mapper/ in the past):

The DM_UUID= properties match:

The udev log only shows the USB key, the sda3 /boot partition, the two
Windows installations (sda1, sda2) and the LVM PV (sda4) having an
ID_FS_USAGE key:

$ grep -i -B 4 ID_FS_USAGE udevadm-monitor--property.log 
ID_FS_UUID=D313-1D74
ID_FS_UUID_ENC=D313-1D74
ID_FS_VERSION=FAT32
ID_FS_TYPE=vfat
ID_FS_USAGE=filesystem
--
ID_FS_UUID=af296c2f-a6f5-4cdb-b74c-66310f169677
ID_FS_UUID_ENC=af296c2f-a6f5-4cdb-b74c-66310f169677
ID_FS_VERSION=1.0
ID_FS_TYPE=ext3
ID_FS_USAGE=filesystem
--
ID_FS_LABEL_ENC=Recovery
ID_FS_UUID=CCE61747E61730E6
ID_FS_UUID_ENC=CCE61747E61730E6
ID_FS_TYPE=ntfs
ID_FS_USAGE=filesystem
--
ID_FS_LABEL_ENC=Vista
ID_FS_UUID=E6E08581E0855927
ID_FS_UUID_ENC=E6E08581E0855927
ID_FS_TYPE=ntfs
ID_FS_USAGE=filesystem
--
ID_FS_UUID=ciBh6h-0yEr-7c3u-y3el-QUAc-i7tj-YyHD46
ID_FS_UUID_ENC=ciBh6h-0yEr-7c3u-y3el-QUAc-i7tj-YyHD46
ID_FS_VERSION=LVM2\x20001
ID_FS_TYPE=LVM2_member
ID_FS_USAGE=raid

Steve, do you know under what circumstances "ID_FS_USAGE=crypto" should
exist? Maybe it is only in raw disk partitions, not LVM volumes?

Ubuntucryptsetup package

Comment 27 for bug 532898

Ubuntu
cryptsetup package