[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: whole disk encryption -- not prompting for passphrase

I appreciate all the pointers I've been given.  I've looked pretty carefully
at my initramfs, and I've mostly been able to fix it.  I still have a few
questions though.

I did have to create an /etc/crypttab before updating the initramfs.  I'm
not quite sure how to recreate the configuration the debian installer
did.   The debian installer created a physical partition hda1 for /boot.
It also created hda2, which would be encrypted.  On hda2, it created a
volume group 'debian' and 3 logical volumes, 'home', 'root', and 'swap_1'.

So at this point, what should my crypttab look like?  Since hda2 is the only
encrypted partition, it should be the only line in /etc/crypttab right? I set
up crypttab as follows:

# <target name>   <source device>   <key file>   <options>
hda2_crypt   /dev/hda2   none   luks

So I update my initramfs.  To check I extracted the image to /tmp and
inspected conf/conf.d/cryptroot.  It looked like this:


Does this look right?  How did it know about the lvm volume debian-root?
Is the target name important, other than being the name of the device created in /dev/mapper? Specifically, is it important that it is the same as it was when
the debian installer set up the devices?

Anyway, I reboot, and the messages look like this:

   Begin: Mounting root file system... ...
   Begin: Running /scripts/local-top ...
   device-mapper: uevent: version 1.0.3
device-mapper: ioctl: 4.13.0-ioctl (2007-10-02) initialised: dm-devel@redhat.com
      Volume group "debian" not found
      Volume group "debian" not found
   Setting up cryptographic volume hda2_crypt (based on /dev/hda2)
   Enter LUKS passphrase:

This is good, at least it's prompting me for a passphrase. I enter my passphrase, and it appears to work, but not quite perfectly. After I enter my passphrase it boots but
I get this on the console:

   Starting early crypto disks...done.
Setting up LVM Volume Groups Reading all physical volumes. This may take a while...
      Found volume group "debian" using metadata type lvm2
      Device '/dev/dm-0' has been left open.
      Device '/dev/dm-0' has been left open.
      3 logical volumes in volume group "debian" now active
   Starting remaining crypto disks...done.

When I shutdown I get this:

   Unmounting local filesystems...done.
   Stopping remaining crypto disks...done.
Shutting down LVM Volume Groups Can't deactivate volume group "debian" with 2 open logical volume(s)
   Stopping early crypto disks...done.

So my question is, why aren't those volumes correctly deactivated on shutdown? How does /dev/dm-0 figure into this when I'm mounting /dev/mapper/debian-root as /? Can I safely ignore this message, or is closing these devices important? When I try to mount /dev/dm-0 it tells me "mount: unknown filesystem type 'lvm2pv'". /dev/dm-1, 2, and 3 are debian-root debian-swap_1 and debian-home respectively.

Any hints, tips, suggestions on FMs to R are appreciated. I learned a lot already in this process. My next challenge is to resize my swap to match all the RAM I have now so I can s2disk safely.

Reply to: