[Bug 238163] Re: keyfile doesn't work in initramfs

n0PxN0p 238163 at bugs.launchpad.net
Wed Aug 7 18:46:29 UTC 2013


I have a similar issue with the same cryptsetup warning during update-initramfs stage in attempt to achieve key file authorization for root partition during boot process on 13.04.
cryptsetup Version: 2:1.4.3-4ubuntu2
Linux blackrouter 3.8.0-28-generic #41-Ubuntu SMP Fri Jul 26 16:26:01 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

root at blackrouter:~# cat /etc/crypttab 
sda1_crypt /dev/sda1 /dev/urandom cipher=aes-xts-plain64,size=256,swap
sda2_crypt UUID=bc4ff5ca-d27a-423b-9ab1-806b64556ace /boot/key luks
sdb1_crypt UUID=85baac75-dae4-4807-98dd-65d17d0c66f4 /boot/key luks

sda2_crypt has mount point at /
sdb1_crypt has mount point at /media/storage

Both have only slot 0 with key file, sdb1_crypt mounts automatically
during boot as expected, while at the step of updating initramfs image
in order to achieve the same procedure for sda2_crypt i get the
following warning:

update-initramfs: Generating /boot/initrd.img-3.8.0-28-generic
cryptsetup: WARNING: target sda2_crypt uses a key file, skipped

Which i suspect means that initiating reboot after this is a bad idea and will lead to "unusable" system. This conclusion comes due to another issue, according to which sdb1_crypt fails to mount with 2 active slots: slot #0 with passphrase and slot #1 with a key file (same crypttab), while cryptsetup should have even 10 (if i remember well) active slots that could be used to mount encrypted device on boot.
The described schemes worked perfect at 12.04 for example.

Should i expect it to work if it was working for me and for another
drives in system? I assume yes, why not.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/238163

Title:
  keyfile doesn't work in initramfs

Status in “cryptsetup” package in Ubuntu:
  Invalid

Bug description:
  Binary package hint: cryptsetup

  I am using an encrypted root and swap partition. As long as I enter
  the keys manually ("none" in /etc/crypttab), everything works fine.

  Now I wanted to save the key for the swap fs on the root fs as I did
  for other encrypted filesystems. However, for the swap partition, this
  results in update-initramfs complaining that:

  > cryptsetup: WARNING: target sda7_crypt uses a key file, skipped

  Probably as a result of this, I can no longer resume the system, it
  always performs an ordinary boot.

  I see no real reason why this should be a problem. If I enter both
  keys over the keyboard, I am first asked for the key of the root fs,
  so it seems to me that there should be no problem in retrieving the
  key for the swap fs from the just mounted root fs.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/238163/+subscriptions




More information about the foundations-bugs mailing list