Bug#789125: initramfs-tools: update-initramfs fails w/ random luks key for swap
Package: initramfs-tools
Version: 0.120
Severity: normal
Dear Maintainer,
since the migration to systemd, key scripts in /etc/crypttab are no
longer supported (bug #618862). To work around this problem I tried
replacing the keyscript for my swap partition with a random key. But
this fails when trying to update the initramfs:
/etc/crypttab:
sda4_crypt /dev/sda4 /dev/urandom cipher=aes-xts-plain64,size=256,swap
sda5_crypt UUID=2fa9feb8-b096-41f7-bf17-41399ccc8004 none luks,discard
root@laptop:/etc# update-initramfs -u
update-initramfs: Generating /boot/initrd.img-3.16.0-4-amd64
cryptsetup: WARNING: target sda4_crypt has a random key, skipped
The swap partition does not get created on boot.
If this is not a bug but expected behavior, then what is the proper way
now to create a randomly encrypted swap partition?
Thanks!
- B
-- Package-specific info:
-- initramfs sizes
-rw-r--r-- 1 root root 4.8M Jun 17 22:42 /boot/initrd.img-3.16.0-4-amd64
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-3.16.0-4-amd64
root=UUID=a9fb75bb-960d-47dd-8e94-d5863b059810 ro quiet
intel_pstate=disable acpi_backlight=vendor
-- resume
RESUME=/dev/mapper/sda4_crypt
-- /proc/filesystems
ext3
ext2
ext4
fuseblk
vfat
-- lsmod
Module Size Used by
cpuid 12663 0
ccm 17577 3
usb_storage 56215 0
hid_generic 12393 0
snd_usb_audio 135354 3
snd_usbmidi_lib 23388 1 snd_usb_audio
snd_rawmidi 26806 1 snd_usbmidi_lib
snd_seq_device 13132 1 snd_rawmidi
hid_logitech_dj 17192 0
usbhid 44460 0
pci_stub 12429 1
vboxpci 23077 0
vboxnetadp 25443 0
vboxnetflt 23324 0
vboxdrv 340226 3 vboxnetadp,vboxnetflt,vboxpci
ip6table_filter 12540 1
ip6_tables 26025 1 ip6table_filter
xt_recent 17246 1
iptable_nat 12646 0
nf_nat_ipv4 12912 1 iptable_nat
xt_comment 12427 20
ipt_REJECT 12465 4
xt_addrtype 12557 5
xt_mark 12453 1
iptable_mangle 12536 1
xt_tcpudp 12527 51
xt_CT 12842 22
iptable_raw 12524 1
xt_multiport 12518 4
nf_conntrack_ipv4 18448 45
nf_defrag_ipv4 12483 1 nf_conntrack_ipv4
xt_conntrack 12681 22
ipt_ULOG 12819 0
xt_NFLOG 12462 0
nfnetlink_log 17201 1 xt_NFLOG
xt_LOG 17171 12
nf_nat_tftp 12422 0
nf_nat_snmp_basic 16904 0
nf_conntrack_snmp 12443 3 nf_nat_snmp_basic
nf_nat_sip 17053 0
nf_nat_pptp 12562 0
nf_nat_proto_gre 12517 1 nf_nat_pptp
nf_nat_irc 12454 0
nf_nat_h323 16935 0
nf_nat_ftp 12460 0
nf_nat_amanda 12424 0
ts_kmp 12535 5
nf_conntrack_amanda 12437 3 nf_nat_amanda
nf_nat 18241 10
nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,nf_nat_proto_gre,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,iptable_nat
nf_conntrack_sane 12428 2
nf_conntrack_tftp 12433 3 nf_nat_tftp
nf_conntrack_sip 26053 3 nf_nat_sip
nf_conntrack_proto_udplite 12931 0
nf_conntrack_proto_sctp 17268 0
nf_conntrack_pptp 12619 3 nf_nat_pptp
nf_conntrack_proto_gre 13024 1 nf_conntrack_pptp
nf_conntrack_netlink 35433 0
nfnetlink 12989 2 nfnetlink_log,nf_conntrack_netlink
nf_conntrack_netbios_ns 12445 2
nf_conntrack_broadcast 12365 2 nf_conntrack_netbios_ns,nf_conntrack_snmp
nf_conntrack_irc 12427 3 nf_nat_irc
nf_conntrack_h323 58618 5 nf_nat_h323
nf_conntrack_ftp 16783 3 nf_nat_ftp
nf_conntrack 87424 29
nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_amanda,xt_CT,nf_nat_snmp_basic,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,nf_conntrack_proto_\
udplite,nf_nat,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_conntrack,nf_conntrack_amanda,nf_conntrack_proto_sctp,nf_conntrack_netlink,nf_conntrack_broadcast,nf_con\
ntrack_ftp,nf_conntrack_irc,nf_conntrack_sip,iptable_nat,nf_conntrack_h323,nf_conntrack_ipv4,nf_conntrack_pptp,nf_conntrack_sane,nf_conntrack_snmp,nf_conntrack_tftp
deflate 12551 0
ctr 12927 3
nfsd 263032 2
twofish_generic 16569 0
twofish_avx_x86_64 46079 0
twofish_x86_64_3way 25483 1 twofish_avx_x86_64
auth_rpcgss 51211 1 nfsd
twofish_x86_64 12541 2 twofish_avx_x86_64,twofish_x86_64_3way
oid_registry 12419 1 auth_rpcgss
twofish_common 20585 4
twofish_generic,twofish_avx_x86_64,twofish_x86_64_3way,twofish_x86_64
nfs_acl 12511 1 nfsd
camellia_generic 29025 0
nfs 188136 0
camellia_aesni_avx2 25843 0
camellia_aesni_avx_x86_64 25925 1 camellia_aesni_avx2
camellia_x86_64 50481 2
camellia_aesni_avx2,camellia_aesni_avx_x86_64
lockd 83389 2 nfs,nfsd
fscache 45542 1 nfs
serpent_avx2 45954 0
sunrpc 237402 6 nfs,nfsd,auth_rpcgss,lockd,nfs_acl
serpent_avx_x86_64 46241 1 serpent_avx2
serpent_sse2_x86_64 50146 0
xts 12679 3
camellia_x86_64,serpent_sse2_x86_64,twofish_x86_64_3way
serpent_generic 29140 3
serpent_sse2_x86_64,serpent_avx_x86_64,serpent_avx2
blowfish_generic 12464 0
blowfish_x86_64 21132 0
blowfish_common 16487 2 blowfish_generic,blowfish_x86_64
cast5_avx_x86_64 49760 0
cast5_generic 20813 1 cast5_avx_x86_64
cast_common 12313 2 cast5_generic,cast5_avx_x86_64
iptable_filter 12536 1
des_generic 20851 0
ip_tables 26011 4
iptable_filter,iptable_mangle,iptable_nat,iptable_raw
cbc 12696 0
x_tables 27111 18
ip6table_filter,xt_mark,xt_CT,xt_comment,ipt_ULOG,xt_recent,ip_tables,xt_tcpudp,xt_NFLOG,xt_conntrack,xt_LOG,xt_multiport,iptable_filter,\
ipt_REJECT,iptable_mangle,ip6_tables,xt_addrtype,iptable_raw
cmac 12709 0
xcbc 12709 0
rmd160 16640 0
sha512_ssse3 41814 0
sha512_generic 12632 1 sha512_ssse3
hmac 12753 0
crypto_null 12732 0
af_key 35326 0
xfrm_algo 13031 1 af_key
sha256_ssse3 25692 2
sha256_generic 16804 1 sha256_ssse3
joydev 17063 0
algif_skcipher 13008 0
af_alg 12988 1 algif_skcipher
uvcvideo 79005 0
videobuf2_vmalloc 12816 1 uvcvideo
videobuf2_memops 12519 1 videobuf2_vmalloc
videobuf2_core 47787 1 uvcvideo
v4l2_common 12995 1 videobuf2_core
videodev 126451 3 uvcvideo,v4l2_common,videobuf2_core
media 18305 2 uvcvideo,videodev
snd_hda_codec_hdmi 45118 1
nls_utf8 12456 1
nls_cp437 16553 1
vfat 17135 1
fat 61986 1 vfat
iTCO_wdt 12831 0
iTCO_vendor_support 12649 1 iTCO_wdt
dell_wmi 12477 0
sparse_keymap 12818 1 dell_wmi
mmc_block 34991 0
snd_hda_codec_realtek 67127 1
snd_hda_codec_generic 63181 1 snd_hda_codec_realtek
dell_laptop 17077 0
dcdbas 13313 1 dell_laptop
arc4 12536 2
x86_pkg_temp_thermal 12951 0
intel_powerclamp 17159 0
intel_rapl 17356 0
coretemp 12820 0
kvm_intel 139116 0
kvm 388635 1 kvm_intel
efi_pstore 12805 1
crc32_pclmul 12915 0
crc32c_intel 21809 0
ghash_clmulni_intel 12978 0
evdev 17445 33
psmouse 99249 0
serio_raw 12849 0
efivars 17257 1 efi_pstore
fuse 83350 1
i2c_i801 16965 0
nvidia 10507891 32
iwlmvm 137115 0
sr_mod 21903 0
mac80211 474277 1 iwlmvm
cdrom 47424 1 sr_mod
sg 29973 0
iwlwifi 96547 1 iwlmvm
cfg80211 405538 3 iwlwifi,mac80211,iwlmvm
drm 249955 3 nvidia
sdhci_pci 22097 0
lpc_ich 20768 0
mfd_core 12601 1 lpc_ich
rfkill 18867 3 cfg80211,dell_laptop
wmi 17339 1 dell_wmi
snd_soc_rt5640 82832 0
snd_soc_rl6231 12442 1 snd_soc_rt5640
snd_soc_core 147254 1 snd_soc_rt5640
i2c_hid 17410 0
snd_compress 17197 1 snd_soc_core
hid 102264 4 i2c_hid,hid_generic,usbhid,hid_logitech_dj
regmap_i2c 12783 1 snd_soc_rt5640
snd_hda_intel 26327 7
sdhci_acpi 12810 0
sdhci 35153 2 sdhci_acpi,sdhci_pci
ehci_pci 12512 0
snd_hda_controller 26646 1 snd_hda_intel
xhci_hcd 148881 0
e1000e 212128 0
ehci_hcd 69837 1 ehci_pci
snd_hda_codec 104463 5
snd_hda_codec_realtek,snd_hda_codec_hdmi,snd_hda_codec_generic,snd_hda_intel,snd_hda_controller
mei_me 17941 0
mmc_core 102374 4 mmc_block,sdhci,sdhci_acpi,sdhci_pci
snd_hwdep 13148 2 snd_usb_audio,snd_hda_codec
usbcore 195340 8
snd_usb_audio,uvcvideo,usb_storage,snd_usbmidi_lib,ehci_hcd,ehci_pci,usbhid,xhci_hcd
i2c_designware_platform 12645 0
dell_smo8800 12742 0
snd_pcm 88662 10
snd_soc_rt5640,snd_usb_audio,snd_soc_core,snd_hda_codec_hdmi,snd_hda_codec,snd_hda_intel,snd_hda_controller
i2c_designware_core 12813 1 i2c_designware_platform
ptp 17692 1 e1000e
snd_soc_sst_acpi 12559 0
i2c_core 46012 9
drm,i2c_i801,snd_soc_rt5640,i2c_hid,i2c_designware_platform,regmap_i2c,nvidia,v4l2_common,videodev
snd_timer 26614 2 snd_pcm
mei 74977 1 mei_me
video 18096 0
acpi_cpufreq 17218 0
pps_core 17225 1 ptp
usb_common 12440 1 usbcore
snd 65244 30
snd_hda_codec_realtek,snd_usb_audio,snd_soc_core,snd_hwdep,snd_timer,snd_hda_codec_hdmi,snd_pcm,snd_rawmidi,snd_hda_codec_generic,snd_usb\
midi_lib,snd_hda_codec,snd_hda_intel,snd_seq_device,snd_compress
battery 13356 0
soundcore 13026 2 snd,snd_hda_codec
shpchp 31121 0
processor 28221 1 acpi_cpufreq
ac 12715 0
button 12944 0
parport_pc 26300 0
ppdev 16782 0
lp 17074 0
parport 35749 3 lp,ppdev,parport_pc
autofs4 35529 2
ext4 473802 5
crc16 12343 1 ext4
mbcache 17171 1 ext4
jbd2 82413 1 ext4
dm_crypt 22595 4
dm_mod 89405 9 dm_crypt
sd_mod 44356 8
crc_t10dif 12431 1 sd_mod
crct10dif_generic 12581 0
crct10dif_pclmul 13387 1
crct10dif_common 12356 3
crct10dif_pclmul,crct10dif_generic,crc_t10dif
aesni_intel 151423 15
aes_x86_64 16719 1 aesni_intel
glue_helper 12695 9
camellia_aesni_avx2,camellia_x86_64,serpent_sse2_x86_64,aesni_intel,serpent_avx_x86_64,camellia_aesni_avx_x86_64,serpent_avx2,twofish_avx_\
x86_64,twofish_x86_64_3way
lrw 12757 9
camellia_aesni_avx2,camellia_x86_64,serpent_sse2_x86_64,aesni_intel,serpent_avx_x86_64,camellia_aesni_avx_x86_64,serpent_avx2,twofish_avx_\
x86_64,twofish_x86_64_3way
gf128mul 12970 2 lrw,xts
ablk_helper 12572 8
camellia_aesni_avx2,serpent_sse2_x86_64,aesni_intel,serpent_avx_x86_64,camellia_aesni_avx_x86_64,serpent_avx2,twofish_avx_x86_64,cast5_avx\
_x86_64
ahci 33291 6
cryptd 14516 7 ghash_clmulni_intel,aesni_intel,ablk_helper
libahci 27158 1 ahci
libata 177457 2 ahci,libahci
scsi_mod 191405 5 sg,usb_storage,libata,sd_mod,sr_mod
thermal 17559 0
thermal_sys 27642 5
video,intel_powerclamp,thermal,processor,x86_pkg_temp_thermal
-- /etc/initramfs-tools/modules
-- /etc/initramfs-tools/initramfs.conf
MODULES=most
BUSYBOX=y
KEYMAP=n
COMPRESS=gzip
DEVICE=
NFSROOT=auto
-- /etc/initramfs-tools/update-initramfs.conf
update_initramfs=yes
backup_initramfs=no
-- /etc/crypttab
sda5_crypt UUID=2fa9feb8-b096-41f7-bf17-41399ccc8004 none luks,discard
sda6_crypt UUID=ce3a3208-b19c-4cc8-9f25-1cca02458920 /root/keys/VM.key
luks,discard
sda7_crypt UUID=b8461f12-c456-48ed-9651-4f7da6a41bf5 /root/keys/HOME.key
luks,discard
sdb1_crypt UUID=c02c5ea3-cf6e-4cbf-bced-94b9dffbe7ae /root/keys/EXT.key
luks,discard
-- /sys/block
dm-0
dm-1
dm-2
dm-3
mmcblk0
sda
sdb
sdc
sr0
-- mkinitramfs hooks
/etc/initramfs-tools/hooks/:
/usr/share/initramfs-tools/hooks:
btrfs
busybox
cryptgnupg
cryptkeyctl
cryptopenct
cryptopensc
cryptpassdev
cryptroot
dmsetup
fsck
fuse
intel_microcode
iscan_data
keymap
klibc
kmod
ntfs_3g
resume
thermal
udev
zz-busybox
zz_nvidia-blacklists-nouveau
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (700, 'testing'), (690, 'unstable'), (680, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages initramfs-tools depends on:
ii busybox 1:1.22.0-15
ii cpio 2.11+dfsg-4.1
ii klibc-utils 2.0.4-2
ii kmod 20-1
ii module-init-tools 20-1
ii udev 215-18
Versions of packages initramfs-tools recommends:
ii busybox 1:1.22.0-15
Versions of packages initramfs-tools suggests:
pn bash-completion <none>
-- no debconf information
Reply to: