live-boot not getting dm-crypt module in initramfs

To: <debian-live@lists.debian.org>
Subject: live-boot not getting dm-crypt module in initramfs
From: Seth Grover <sethdgrover@gmail.com>
Date: Thu, 19 Jul 2018 16:20:08 -0600
Message-id: <[🔎] 164b4a101c0.27d3.88647bba91f4d7bee624fc6144563f9e@gmail.com>

I have been trying for the last couple of days to get encrypted persistenceworking with a custom debian live build image I'm building and have not hadany luck.


During boot I see these two messages:

Warning: Unable to load module dm-crypt
Warning: cryptsetup in unavailable

I'm assuming that if dm-crypt/cryptsetup would run, it would ask me for thepassword to decrypt the persistence partition and process persistence.conf,but I'm never prompted.

Once booting is completed I am able to mount the encrypted persistencepartition fine. I've tried it with both a luks loopback file (namedpersistence, and containing an ext2 partition also labeled persistence) anda luks-formatted partition (containing an ext2 partition labeled persistence).


It seems very similar to:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765729
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767195

But those are almost 4 years old, and i assume wouldn't be a problem any more?

I followed those threads and tried a couple of different methods of settingCRYPTSETUP=yes for the initramfs command, but it didn't change anything. Iassume this hook should be taking care of that anyway:


https://github.com/debian-live/live-build/blob/debian/share/hooks/normal/0030-enable-cryptsetup.hook.chroot

I also see these messages inside of the chroot during build:

[2018-07-12 15:42:27] lb chroot_hacks
P: Begin executing hacks...
update-initramfs: Generating /boot/initrd.img-4.16.0-2-amd64
cryptsetup: WARNING: Couldn't determine root device
cryptsetup: ERROR: Couldn't resolve device /dev/sda3
cryptsetup: WARNING: The initramfs image may not contain cryptsetup binaries
nor crypto modules. If that's on purpose, you may want to uninstall the
'cryptsetup-initramfs' package in order to disable the cryptsetup initramfs
integration and avoid this warning.

I don't know if that matters or know. I don't know why the inside of thechroot would care about /dev/sda3 or whatever.

I have tried the build several different ways, including inside a vanilladebian sid VM, inside a debian sid docker image I have built for thepurpose, and simply as root on my host machine.

I'm running debian unstable, with live-build version 20180618 installedfrom that repository. Kernel is 4.16.0-2-amd64.

I've followed the instructions pretty well to the letter from the LiveSystems Manual, as far as creating the image goes and creating the luksvolumes. I'm out of ideas at this time. Any ideas?


Thanks,

-SG

Reply to:

Prev by Date: Re: Debootstrap possibly ignoring --include option?
Next by Date: Re: Missing the rescue CD image, what can I do?
Previous by thread: Re: Debootstrap possibly ignoring --include option?
Next by thread: Re: Missing the rescue CD image, what can I do?
Index(es):
- Date
- Thread