[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Can't mount crypted RAID1 disks after stable install from buster netinstall

Hi Rory,

Rory Campbell-Lange <rory@campbell-lange.net> (2019-05-15):
> I've installed a system with / on two disks in software RAID1 with
> dm_crypt on top from a buster netinstall disk 20190429-03:57.
> I'm using a buster netinstall disk because the machine's ixgbe network
> adapters aren't supported under stable.
> After a stable install and rebooting, it isn't possible to unencrypt
> the RAIDed volume. I've ensured the password is correct by copying and
> pasting on a serial console connection and also trying many times by
> keyboard and ipmi virtual keyboard. I've also tried the reinstall over
> 5 times with slightly different options including ensuring all available
> kernel modules are installed.
> Mounting works fine if I install buster rather than stretch with exactly
> the same configuration.
> Two questions:
> * could there be a problem in the stable component of the installer
>   for grub or other mising support for dm_crypt?
> * since I'm aiming to run stable on this machine but I need recent ixgbe
>   network modules anyway, can I install the kernel-image-4.19.0-0.bpo
>   backport package at the end of the installation process from a console?
>   I'm hoping this will also solve the mounting problem I'm experiencing.

If you're installing stretch with a buster image, you're using
cryptsetup-udeb from buster during the installation, which forcibly uses
type luks2 for created encrypted devices; which then can't be opened by
stretch's cryptsetup (that only knows about luks1).

Incidently, offering an option to stick to luks1 is something I'm
working on right now; you might try your luck without waiting for me, by
patching the running installation system this way: once partman-crypto
has been installed, locate lib/crypto-base.sh and apply this:

-       /sbin/cryptsetup -c $cipher-$iv -d $pass -h $hash -s $size create $mapping $device
+       /sbin/cryptsetup --type luks1 -c $cipher-$iv -d $pass -h $hash -s $size create $mapping $device

Cyril Brulebois (kibi@debian.org)            <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

Attachment: signature.asc
Description: PGP signature

Reply to: