Re: Can't mount crypted RAID1 disks after stable install from buster netinstall

To: Rory Campbell-Lange <rory@campbell-lange.net>
Cc: debian-boot@lists.debian.org
Subject: Re: Can't mount crypted RAID1 disks after stable install from buster netinstall
From: Cyril Brulebois <kibi@debian.org>
Date: Sat, 18 May 2019 15:31:51 +0200
Message-id: <[🔎] 20190518133151.wu23aip3qp6qjlke@mraw.org>
In-reply-to: <[🔎] 20190515222828.7wngdils3gp7d54b@campbell-lange.net>
References: <[🔎] 20190515222828.7wngdils3gp7d54b@campbell-lange.net>

Hi Rory,

Rory Campbell-Lange <rory@campbell-lange.net> (2019-05-15):
> I've installed a system with / on two disks in software RAID1 with
> dm_crypt on top from a buster netinstall disk 20190429-03:57.
> 
> I'm using a buster netinstall disk because the machine's ixgbe network
> adapters aren't supported under stable.
> 
> After a stable install and rebooting, it isn't possible to unencrypt
> the RAIDed volume. I've ensured the password is correct by copying and
> pasting on a serial console connection and also trying many times by
> keyboard and ipmi virtual keyboard. I've also tried the reinstall over
> 5 times with slightly different options including ensuring all available
> kernel modules are installed.
> 
> Mounting works fine if I install buster rather than stretch with exactly
> the same configuration.
> 
> Two questions:
> 
> * could there be a problem in the stable component of the installer
>   for grub or other mising support for dm_crypt?
> 
> * since I'm aiming to run stable on this machine but I need recent ixgbe
>   network modules anyway, can I install the kernel-image-4.19.0-0.bpo
>   backport package at the end of the installation process from a console?
>   I'm hoping this will also solve the mounting problem I'm experiencing.

If you're installing stretch with a buster image, you're using
cryptsetup-udeb from buster during the installation, which forcibly uses
type luks2 for created encrypted devices; which then can't be opened by
stretch's cryptsetup (that only knows about luks1).

Incidently, offering an option to stick to luks1 is something I'm
working on right now; you might try your luck without waiting for me, by
patching the running installation system this way: once partman-crypto
has been installed, locate lib/crypto-base.sh and apply this:

-       /sbin/cryptsetup -c $cipher-$iv -d $pass -h $hash -s $size create $mapping $device
+       /sbin/cryptsetup --type luks1 -c $cipher-$iv -d $pass -h $hash -s $size create $mapping $device


Cheers,
-- 
Cyril Brulebois (kibi@debian.org)            <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Can't mount crypted RAID1 disks after stable install from buster netinstall
  - From: Rory Campbell-Lange <rory@campbell-lange.net>

References:
- Can't mount crypted RAID1 disks after stable install from buster netinstall
  - From: Rory Campbell-Lange <rory@campbell-lange.net>

Prev by Date: Bug#767760: busybox: Please build selinux support
Next by Date: Re: Bug#929097: unblock: u-boot/2019.01+dfsg-7
Previous by thread: Can't mount crypted RAID1 disks after stable install from buster netinstall
Next by thread: Re: Can't mount crypted RAID1 disks after stable install from buster netinstall
Index(es):
- Date
- Thread