Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 598602 - Dracut does not honor rd_LUKS_UUID= for encrypted partition containing swap -- resume after hibernation fails
Summary: Dracut does not honor rd_LUKS_UUID= for encrypted partition containing swap -...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: dracut
Version: 13
Hardware: All
OS: Linux
low
high
Target Milestone: ---
Assignee: Harald Hoyer
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-06-01 17:27 UTC by Veit Wahlich
Modified: 2010-09-22 12:31 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-09-22 12:31:35 UTC


Attachments (Terms of Use)

Description Veit Wahlich 2010-06-01 17:27:07 UTC
Description of problem:
After creating an encrypted swap partition during installation of F13 to ensure no sensitive data is being recoverable from swapped-out pages or hibernation data, resuming from hibernate image fails as dracut does not unlock the partition although listed rd_LUKS_UUID= in kernel command line and crypttab with corrent UUID.

Version-Release number of selected component (if applicable):
005-3.fc13

How reproducible:
Always.

Steps to Reproduce:
1. Boot from Fedora 13 installation media.
2. Create a custom harddisk partition layout including a partition for swap and check the "encrypt" box.
3. Boot F13 and install all updates and reboot.
4. Hibernate using GNOME or /usr/sbin/pm-hibernate.
5. Power-on the system again.

Actual results:
Dracut does not unlock the swap partition. The system does not resume and performs an ordinary boot instead. After switching to the system root fs, /etc/rc.d/rc.sysinit asks for the password for the swap partition and unlocks it. When the swap is being activated, a message appears stating that the swap contains suspend data and is being reset to a swap signature.

Expected results:
Dracut should unlock the swap partition and the kernel should resume from software suspend image in swap.

Additional info:
A LVM setup is not reasonable in my case as I need Ext4 discard/TRIM support for SSD hardware and LVM/devicemapper does still not support it.

Comment 1 Jan Kratochvil 2010-06-06 19:33:56 UTC
I believe a related problem is that swap never gets LUKS-opened after regular boot.  This problem was present even in pre-dracut mkinitrd.
I always have to do cryptsetup luksOpen + swapon after new boot.
Confirming hibernate also does not resume for me.

Comment 2 Harald Hoyer 2010-06-10 10:57:40 UTC
does it work, if you add

resume=/dev/...
or
resume=UUID=..

to the kernel command line?

Comment 3 Veit Wahlich 2010-06-21 09:18:56 UTC
Hi Harald,

thanks for your suggestions, it helped.

The following worked well for me:
  resume=/dev/mapper/luks-$UUID

These both did NOT work:
  resume=UUID=luks-$UUID
  resume=UUID=$UUID

Using the latter, the device gets also unlocked by the initrd/initramfs, but does not resume. After a while "Could not open root filesystem" or similar appeared and system remains in sleep loop.

I think, anaconda should at least add resume= to the kernel command line if the problem cannot be fixed otherways.

Best regards,
// Veit

Comment 4 Harald Hoyer 2010-06-21 10:07:58 UTC
(In reply to comment #3)
> Hi Harald,
> 
> thanks for your suggestions, it helped.
> 
> The following worked well for me:
>   resume=/dev/mapper/luks-$UUID
> 

luks-UUID != filesystem-UUID

$ udevadm info --query=all --name=/dev/mapper/luks-d1b7e28f-bbdf-4e27-a51f-e61c0b56bbc6 
...
E: DM_UUID=CRYPT-LUKS1-d1b7e28fbbdf4e27a51fe61c0b56bbc6-luks-d1b7e28f-bbdf-4e27-a51f-e61c0b56bbc6

E: ID_FS_UUID=0a2bd0df-fb5f-4f00-ae87-3ae6287f9ad5

So, here UUID is 0a2bd0df-fb5f-4f00-ae87-3ae6287f9ad5 and not d1b7e28f-bbdf-4e27-a51f-e61c0b56bbc6


Note You need to log in before you can comment on or make changes to this bug.