Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 451964 - crypttab + fstab mounting of non-lvm luks partitions fails
Summary: crypttab + fstab mounting of non-lvm luks partitions fails
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: initscripts
Version: 11
Hardware: All
OS: Linux
high
urgent
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-06-18 13:26 UTC by Michael J. Chudobiak
Modified: 2014-03-17 03:15 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-03-12 13:21:16 UTC


Attachments (Terms of Use)
debugging output from mkinitrd (deleted)
2009-07-02 15:13 UTC, Michael J. Chudobiak
no flags Details

Description Michael J. Chudobiak 2008-06-18 13:26:20 UTC
I can no longer get fedora to mount encrypted drives using crypttab/fstab. It
worked fine in FC6.

For example, /etc/cryptab =

enc-fileserver /dev/sdb1
enc-home /dev/sdc1

and /etc/fstab =

UUID=0b6fdb76-3864-4f0a-8a94-a755fb86454c / ext3 defaults,noatime 1 1
UUID=05fc3b33-5f57-4aca-86ab-d91995d406a4 /boot ext3 defaults,noatime 1 2
tmpfs   /dev/shm    tmpfs   defaults        0 0
devpts  /dev/pts    devpts  gid=5,mode=620  0 0
sysfs   /sys        sysfs   defaults        0 0
proc    /proc       proc    defaults        0 0
UUID=051fa71e-7741-46cb-8214-4847388e3ae8 swap swap defaults 0 0
/dev/mapper/enc-home        /home        ext3    defaults,noatime 1 2
/dev/mapper/enc-fileserver  /fileserver  ext3    defaults,noatime 1 2

These luks-encrypted volumes are NOT successfully loaded at boot time. Instead,
I get errors about missing superblocks from fsck, and the boot sequence drops
into the file-maintenance shell. 

If I comment out the crypttab/fstab entries and opening the luks volume manually
and mount them manually, they work fine.

Someone reported something similar here:
http://lists.linuxcoding.com/rhl/2007q3/msg01370.html

selinux is disabled.

Note the "classic" device names in crypttab (like "/dev/sdc1").

I have a different F9 machine which successfully uses luks + crypttab + fstab on
an lvm volume, as configured by the anaconda installer. Perhaps crypttab is
friendlier to lvm volumes.

- Mike

Comment 1 Michael J. Chudobiak 2008-06-18 14:48:25 UTC
Just to clarify: the expected behavior is that the boot sequence should ask for
the luks passphrases for the two encrypted drives. This doesn't happen, the "bad
superblock" errors happen before that.

And I misspelled "crypttab" above. It is OK on the actual computer.

- Mike


Comment 2 Till Maas 2008-07-31 20:25:22 UTC
It sounds to me like a problem in initscripts and not cryptsetup, therefore I
changed the component, but maybe it is a bug that the lvm-team will handle,
therefore I keep them in CC.

Comment 3 Chris Hubick 2008-10-06 20:36:37 UTC
I think I am seeing this on my fresh Fedora 10 beta install attempt.

I manually partitioned my single drive into two partitions during the install, no LVM, one regular ext3 partition on '/', and second encrypted one on '/home'.  The system then refused to boot with superblock errors and dumped me to the shell :(

Comment 4 Christian 2008-11-30 13:52:59 UTC
I am facing the same problem after having upgraded to f10 release. Also using keyfiles instead of passphrase-query to unlock luks-crypted home does not solve the problem.

Comment 5 Bug Zapper 2009-06-10 01:41:21 UTC
This message is a reminder that Fedora 9 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 9.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '9'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 9's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 9 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 6 Michael J. Chudobiak 2009-06-30 19:37:18 UTC
This is an issue again in F11. It was working in F10. Sigh.

In /etc/fstab:
/dev/mapper/enc-fileserver  /fileserver  ext3  defaults,noatime  1 2

In /etc/crypttab:
enc-fileserver /dev/sdb1 cipher=aes-cbc-plain

This does not work; it complains about superblock errors. I tried generating an initrd file like so:
mkinitrd --preload=dm-crypt --preload=aes-i586 -v /boot/initrd-2.6.29.5-191.fc11.i586.img 2.6.29.5-191.fc11.i586

This failed, because it says it can't find a passphrase file. It does not prompt for a manual passphrase. Perhaps I'm missing another module in as a preload argument?

If I comment out these fstab/crypttab lines and mount them manually after boot, and try to generate a new initrd file, this is the verbose output:


[root@server2 ~]# mkinitrd -v /boot/initrd-2.6.29.5-191.fc11.i586.test.img 2.6.29.5-191.fc11.i586
Creating initramfs
Looking for driver for /dev/mapper/VolGroup00-LogVol00 in /sys/block/dm-0
Found DeviceMapper component dm-0
Looking for deps of module scsi:t-0x00
Looking for deps of module pci:v00008086d00002820sv0000103Csd00002802bc01sc01i8a: pata_acpi ata_generic 
Looking for driver for /dev/mapper/VolGroup00-LogVol01 in /sys/block/dm-1
Found DeviceMapper component dm-1
Using modules:  pata_acpi ata_generic
Building initrd in /tmp/initrd.9dynSu
/sbin/nash -> /tmp/initrd.9dynSu/bin/nash
  /usr/lib/libnash.so.6.0.86 -> /tmp/initrd.9dynSu/usr/lib/libnash.so.6.0.86
  /usr/lib/libbdevid.so.6.0.86 -> /tmp/initrd.9dynSu/usr/lib/libbdevid.so.6.0.86
  /lib/libdevmapper.so.1.02 -> /tmp/initrd.9dynSu/lib/libdevmapper.so.1.02
  /lib/libparted-1.8.so.8 -> /tmp/initrd.9dynSu/lib/libparted-1.8.so.8
    /lib//libparted-1.8.so.8.0.0 -> /tmp/initrd.9dynSu/lib//libparted-1.8.so.8.0.0
  /lib/libblkid.so.1 -> /tmp/initrd.9dynSu/lib/libblkid.so.1
    /lib//libblkid.so.1.0 -> /tmp/initrd.9dynSu/lib//libblkid.so.1.0
  /lib/libselinux.so.1 -> /tmp/initrd.9dynSu/lib/libselinux.so.1
  /lib/libsepol.so.1 -> /tmp/initrd.9dynSu/lib/libsepol.so.1
  /lib/libuuid.so.1 -> /tmp/initrd.9dynSu/lib/libuuid.so.1
    /lib//libuuid.so.1.2 -> /tmp/initrd.9dynSu/lib//libuuid.so.1.2
  /lib/libpopt.so.0 -> /tmp/initrd.9dynSu/lib/libpopt.so.0
    /lib//libpopt.so.0.0.0 -> /tmp/initrd.9dynSu/lib//libpopt.so.0.0.0
  /lib/libresolv.so.2 -> /tmp/initrd.9dynSu/lib/libresolv.so.2
    /lib//libresolv-2.10.1.so -> /tmp/initrd.9dynSu/lib//libresolv-2.10.1.so
      /lib/i686/nosegneg/libc.so.6 -> /tmp/initrd.9dynSu/lib/libc.so.6
        /lib/i686/nosegneg//libc-2.10.1.so -> /tmp/initrd.9dynSu/lib//libc-2.10.1.so
          /lib/ld-linux.so.2 -> /tmp/initrd.9dynSu/lib/ld-linux.so.2
            /lib//ld-2.10.1.so -> /tmp/initrd.9dynSu/lib//ld-2.10.1.so
  /lib/libdl.so.2 -> /tmp/initrd.9dynSu/lib/libdl.so.2
    /lib//libdl-2.10.1.so -> /tmp/initrd.9dynSu/lib//libdl-2.10.1.so
  /usr/lib/libelf.so.1 -> /tmp/initrd.9dynSu/usr/lib/libelf.so.1
    /usr/lib//libelf-0.141.so -> /tmp/initrd.9dynSu/usr/lib//libelf-0.141.so
  /usr/lib/libnl.so.1 -> /tmp/initrd.9dynSu/usr/lib/libnl.so.1
    /usr/lib//libnl.so.1.1 -> /tmp/initrd.9dynSu/usr/lib//libnl.so.1.1
  /lib/i686/nosegneg/libm.so.6 -> /tmp/initrd.9dynSu/lib/libm.so.6
    /lib/i686/nosegneg//libm-2.10.1.so -> /tmp/initrd.9dynSu/lib//libm-2.10.1.so
  /lib/libgcc_s.so.1 -> /tmp/initrd.9dynSu/lib/libgcc_s.so.1
    /lib//libgcc_s-4.4.0-20090506.so.1 -> /tmp/initrd.9dynSu/lib//libgcc_s-4.4.0-20090506.so.1
  /lib/libreadline.so.5 -> /tmp/initrd.9dynSu/lib/libreadline.so.5
    /lib//libreadline.so.5.2 -> /tmp/initrd.9dynSu/lib//libreadline.so.5.2
  /lib/i686/nosegneg/librt.so.1 -> /tmp/initrd.9dynSu/lib/librt.so.1
    /lib/i686/nosegneg//librt-2.10.1.so -> /tmp/initrd.9dynSu/lib//librt-2.10.1.so
      /lib/i686/nosegneg/libpthread.so.0 -> /tmp/initrd.9dynSu/lib/libpthread.so.0
        /lib/i686/nosegneg//libpthread-2.10.1.so -> /tmp/initrd.9dynSu/lib//libpthread-2.10.1.so
  /lib/libtinfo.so.5 -> /tmp/initrd.9dynSu/lib/libtinfo.so.5
    /lib//libtinfo.so.5.7 -> /tmp/initrd.9dynSu/lib//libtinfo.so.5.7
/sbin/modprobe -> /tmp/initrd.9dynSu/bin/modprobe
/sbin/rmmod -> /tmp/initrd.9dynSu/bin/rmmod
resolving for MODULES
and that has items of pata_acpi ata_generic
Looking for deps of module pata_acpi
Looking for deps of module ata_generic
resolving for availmodules
and that has items of 
copy from `/lib/modules/2.6.29.5-191.fc11.i586/kernel/drivers/ata/ata_generic.ko' [elf32-i386] to `/tmp/initrd.9dynSu/lib/modules/2.6.29.5-191.fc11.i586/ata_generic.ko' [elf32-i386]
copy from `/lib/modules/2.6.29.5-191.fc11.i586/kernel/drivers/ata/pata_acpi.ko' [elf32-i386] to `/tmp/initrd.9dynSu/lib/modules/2.6.29.5-191.fc11.i586/pata_acpi.ko' [elf32-i386]
/sbin/lvm -> /tmp/initrd.9dynSu/bin/lvm
/etc/lvm -> /tmp/initrd.9dynSu/etc/lvm
`/etc/lvm/lvm.conf' -> `/tmp/initrd.9dynSu/etc/lvm/lvm.conf'
/etc/sysconfig/keyboard -> /tmp/initrd.9dynSu/etc/sysconfig/keyboard
/bin/loadkeys -> /tmp/initrd.9dynSu/bin/loadkeys
/lib/kbd/keymaps/i386/qwerty/us.map.gz -> /tmp/initrd.9dynSu/lib/kbd/keymaps/i386/qwerty/us.map.gz
/lib/kbd/keymaps/i386/include/qwerty-layout.inc -> /tmp/initrd.9dynSu/lib/kbd/keymaps/i386/include/qwerty-layout.inc
/lib/kbd/keymaps/i386/include/compose.inc -> /tmp/initrd.9dynSu/lib/kbd/keymaps/i386/include/compose.inc
/lib/kbd/keymaps/include/compose.latin1 -> /tmp/initrd.9dynSu/lib/kbd/keymaps/include/compose.latin1
/lib/kbd/keymaps/include/compose.8859_8 -> /tmp/initrd.9dynSu/lib/kbd/keymaps/include/compose.8859_8
/lib/kbd/keymaps/include/compose.8859_7 -> /tmp/initrd.9dynSu/lib/kbd/keymaps/include/compose.8859_7
/lib/kbd/keymaps/include/compose.latin2 -> /tmp/initrd.9dynSu/lib/kbd/keymaps/include/compose.latin2
/lib/kbd/keymaps/include/compose.latin3 -> /tmp/initrd.9dynSu/lib/kbd/keymaps/include/compose.latin3
/lib/kbd/keymaps/include/compose.latin4 -> /tmp/initrd.9dynSu/lib/kbd/keymaps/include/compose.latin4
/lib/kbd/keymaps/include/compose.latin -> /tmp/initrd.9dynSu/lib/kbd/keymaps/include/compose.latin
/lib/kbd/keymaps/i386/include/linux-with-alt-and-altgr.inc -> /tmp/initrd.9dynSu/lib/kbd/keymaps/i386/include/linux-with-alt-and-altgr.inc
/lib/kbd/keymaps/i386/include/linux-keys-bare.inc -> /tmp/initrd.9dynSu/lib/kbd/keymaps/i386/include/linux-keys-bare.inc
/lib/kbd/keymaps/i386/include/euro1.map.gz -> /tmp/initrd.9dynSu/lib/kbd/keymaps/i386/include/euro1.map.gz
/etc/sysconfig/i18n -> /tmp/initrd.9dynSu/etc/sysconfig/i18n
/bin/setfont -> /tmp/initrd.9dynSu/bin/setfont
/lib/kbd/consolefonts/latarcyrheb-sun16.psfu.gz -> /tmp/initrd.9dynSu/lib/kbd/consolefonts/latarcyrheb-sun16.psfu.gz
/lib/udev/console_init -> /tmp/initrd.9dynSu/lib/udev/console_init
  /lib/libglib-2.0.so.0 -> /tmp/initrd.9dynSu/lib/libglib-2.0.so.0
    /lib//libglib-2.0.so.0.2000.3 -> /tmp/initrd.9dynSu/lib//libglib-2.0.so.0.2000.3
probing for modules for drm device card0
Adding graphics device card0
Looking for deps of module pci:v00008086d00002992sv0000103Csd00002802bc03sc00i00: output video i2c-core i2c-algo-bit drm i915 
Adding module output
Adding module video
Adding module i2c-core
Adding module i2c-algo-bit
Adding module drm
Adding module i915
resolving for GRAPHICSMODS
and that has items of output video i2c-core i2c-algo-bit drm i915
Looking for deps of module output
Looking for deps of module video: output 
Looking for deps of module i2c-core
Looking for deps of module i2c-algo-bit: i2c-core 
Looking for deps of module drm: i2c-core 
Looking for deps of module i915: output video i2c-core i2c-algo-bit drm 
copy from `/lib/modules/2.6.29.5-191.fc11.i586/kernel/drivers/gpu/drm/drm.ko' [elf32-i386] to `/tmp/initrd.9dynSu/lib/modules/2.6.29.5-191.fc11.i586/drm.ko' [elf32-i386]
copy from `/lib/modules/2.6.29.5-191.fc11.i586/kernel/drivers/i2c/algos/i2c-algo-bit.ko' [elf32-i386] to `/tmp/initrd.9dynSu/lib/modules/2.6.29.5-191.fc11.i586/i2c-algo-bit.ko' [elf32-i386]
copy from `/lib/modules/2.6.29.5-191.fc11.i586/kernel/drivers/i2c/i2c-core.ko' [elf32-i386] to `/tmp/initrd.9dynSu/lib/modules/2.6.29.5-191.fc11.i586/i2c-core.ko' [elf32-i386]
copy from `/lib/modules/2.6.29.5-191.fc11.i586/kernel/drivers/gpu/drm/i915/i915.ko' [elf32-i386] to `/tmp/initrd.9dynSu/lib/modules/2.6.29.5-191.fc11.i586/i915.ko' [elf32-i386]
copy from `/lib/modules/2.6.29.5-191.fc11.i586/kernel/drivers/video/output.ko' [elf32-i386] to `/tmp/initrd.9dynSu/lib/modules/2.6.29.5-191.fc11.i586/output.ko' [elf32-i386]
copy from `/lib/modules/2.6.29.5-191.fc11.i586/kernel/drivers/acpi/video.ko' [elf32-i386] to `/tmp/initrd.9dynSu/lib/modules/2.6.29.5-191.fc11.i586/video.ko' [elf32-i386]
/sbin/plymouthd -> /tmp/initrd.9dynSu/bin/plymouthd
  /lib/libply.so.2 -> /tmp/initrd.9dynSu/lib/libply.so.2
    /lib//libply.so.2.0.0 -> /tmp/initrd.9dynSu/lib//libply.so.2.0.0
  /usr/lib/libplybootsplash.so.2 -> /tmp/initrd.9dynSu/usr/lib/libplybootsplash.so.2
    /usr/lib//libplybootsplash.so.2.0.0 -> /tmp/initrd.9dynSu/usr/lib//libplybootsplash.so.2.0.0
  /usr/lib/libpng12.so.0 -> /tmp/initrd.9dynSu/usr/lib/libpng12.so.0
    /usr/lib//libpng12.so.0.37.0 -> /tmp/initrd.9dynSu/usr/lib//libpng12.so.0.37.0
  /lib/libz.so.1 -> /tmp/initrd.9dynSu/lib/libz.so.1
    /lib//libz.so.1.2.3 -> /tmp/initrd.9dynSu/lib//libz.so.1.2.3
/bin/plymouth -> /tmp/initrd.9dynSu/bin/plymouth
/usr/share/plymouth/themes/text/text.plymouth -> /tmp/initrd.9dynSu/usr/share/plymouth/themes/text/text.plymouth
/usr/lib/plymouth/text.so -> /tmp/initrd.9dynSu/usr/lib/plymouth/text.so
/usr/share/plymouth/themes/details/details.plymouth -> /tmp/initrd.9dynSu/usr/share/plymouth/themes/details/details.plymouth
/usr/lib/plymouth/details.so -> /tmp/initrd.9dynSu/usr/lib/plymouth/details.so
/usr/share/pixmaps/system-logo-white.png -> /tmp/initrd.9dynSu/usr/share/pixmaps/system-logo-white.png
/etc/system-release -> /tmp/initrd.9dynSu/etc/system-release
  /etc//fedora-release -> /tmp/initrd.9dynSu/etc//fedora-release
Adding module scsi_wait_scan
copy from `/lib/modules/2.6.29.5-191.fc11.i586/kernel/drivers/scsi/scsi_wait_scan.ko' [elf32-i386] to `/tmp/initrd.9dynSu/lib/modules/2.6.29.5-191.fc11.i586/scsi_wait_scan.ko' [elf32-i386]
Adding module pata_acpi
Adding module ata_generic
This initrd uses dynamic shared objects.
Adding dynamic linker configuration files.
/etc/ld.so.conf -> /tmp/initrd.9dynSu/etc/ld.so.conf
/etc/ld.so.conf.d/atlas-sse2.conf -> /tmp/initrd.9dynSu/etc/ld.so.conf.d/atlas-sse2.conf
/etc/ld.so.conf.d/mysql-i386.conf -> /tmp/initrd.9dynSu/etc/ld.so.conf.d/mysql-i386.conf
/etc/ld.so.conf.d/kernel-2.6.27.25-170.2.72.fc10.i686.conf -> /tmp/initrd.9dynSu/etc/ld.so.conf.d/kernel-2.6.27.25-170.2.72.fc10.i686.conf
/etc/ld.so.conf.d/kernel-2.6.29.5-191.fc11.i586.conf -> /tmp/initrd.9dynSu/etc/ld.so.conf.d/kernel-2.6.29.5-191.fc11.i586.conf
Running ldconfig


There is no mention of crypt modules. Here is modprobe output:



[root@server2 ~]# modprobe --list | grep crypt
/lib/modules/2.6.29.5-191.fc11.i586/kernel/arch/x86/crypto/twofish-i586.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/arch/x86/crypto/aes-i586.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/arch/x86/crypto/salsa20-i586.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/arch/x86/crypto/crc32c-intel.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/lrw.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/arc4.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/salsa20_generic.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/seqiv.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/cts.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/xcbc.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/lzo.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/michael_mic.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/cast5.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/sha512_generic.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/deflate.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/tea.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/rmd160.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/ccm.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/ecb.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/cbc.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/rmd256.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/authenc.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/sha256_generic.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/rmd128.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/camellia.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/rmd320.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/gf128mul.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/blowfish.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/tgr192.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/twofish.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/twofish_common.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/xts.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/async_tx/async_memcpy.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/async_tx/async_tx.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/async_tx/async_xor.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/xor.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/anubis.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/pcbc.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/cast6.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/fcrypt.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/seed.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/gcm.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/ansi_cprng.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/des_generic.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/md4.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/tcrypt.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/aes_generic.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/serpent.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/wp512.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/crypto_null.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/khazad.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/crypto/ctr.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/net/wireless/lib80211_crypt_wep.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/net/wireless/lib80211_crypt_tkip.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/net/wireless/lib80211_crypt_ccmp.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/drivers/crypto/padlock-aes.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/drivers/crypto/geode-aes.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/drivers/crypto/hifn_795x.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/drivers/crypto/padlock-sha.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/drivers/md/dm-crypt.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/drivers/block/cryptoloop.ko
/lib/modules/2.6.29.5-191.fc11.i586/kernel/fs/ecryptfs/ecryptfs.ko
[root@server2 ~]# 



- Mike

Comment 7 Michael J. Chudobiak 2009-07-02 15:13:02 UTC
Created attachment 350295 [details]
debugging output from mkinitrd

Attached is the full debugging output of:

bash -x mkinitrd -v /boot/initrd-2.6.29.5-191.fc11.i586.test.img 2.6.29.5-191.fc11.i586 2>eraseme 1>eraseme

mkinitrd is not doing anything with dm-2, which is the root of my woes.

[root@server2 ~]# cat /sys/devices/virtual/block/dm-2/dm/name
enc-fileserver

[root@server2 ~]# ll /dev/mapper/
total 0
crw-rw----. 1 root root  10, 63 2009-06-30 15:15 control
brw-rw----. 1 root disk 253,  2 2009-06-30 15:16 enc-fileserver
brw-rw----. 1 root disk 253,  0 2009-06-30 15:15 VolGroup00-LogVol00
brw-rw----. 1 root disk 253,  1 2009-06-30 15:15 VolGroup00-LogVol01


Need any more debugging out?

- Mike

Comment 8 debu 2009-07-02 18:52:06 UTC
Hi, I think same problem here. I would like just to add, that if in a fstab instead of ....1 2 is ....0 0 it gives an error:

the device "/dev/mapper/some_name" does not exist

and continue booting (though the encrypted partion is not mounted).

Comment 9 Michael J. Chudobiak 2010-03-12 13:21:16 UTC
I think everything is OK now.

However, it was critical to change my crypttab line from:

enc-fileserver /dev/sdb1 cipher=aes-cbc-plain

to

enc-fileserver /dev/sdb1 none cipher=aes-cbc-plain

That is, the third field must be "none" for a password prompt to occur. This was not necessary in earlier versions.

Closing as fixed.

- Mike

Comment 10 Milan Broz 2010-03-12 13:34:49 UTC
One more note - also using cipher for non-LUKS device should be mandatory in crypttab.

After some discussion I changed upstream cipher default for non-LUKS devices
(because aes-cbc-plain is vulnerable to known-IV watermark attack).

(and with cryptsetup 1.1.x you can see compiled-in default in --help output)

Comment 11 Michael J. Chudobiak 2010-03-12 13:41:57 UTC
As it happens, my devices is LUKS, so I have now removed the "cipher=aes-cbc-plain" field entirely from my crypttab (a warning is printed if the cipher field is left in).

- Mike

Comment 12 Milan Broz 2010-03-12 13:50:38 UTC
(yes, with LUKS cipher attribute makes no sense, LUKS stores cipher in metadata header)


Note You need to log in before you can comment on or make changes to this bug.