[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: whole disk encryption -- not prompting for passphrase

Hatta wrote:

> I appreciate all the pointers I've been given.  I've looked pretty
> carefully
> at my initramfs, and I've mostly been able to fix it.  I still have a few
> questions though.
> I did have to create an /etc/crypttab before updating the initramfs.  I'm
> not quite sure how to recreate the configuration the debian installer
> did.   The debian installer created a physical partition hda1 for /boot.
> It also created hda2, which would be encrypted.  On hda2, it created a
> volume group 'debian' and 3 logical volumes, 'home', 'root', and 'swap_1'.
> So at this point, what should my crypttab look like?  Since hda2 is the
> only encrypted partition, it should be the only line in /etc/crypttab
> right? I set
> up crypttab as follows:
> # <target name>   <source device>   <key file>   <options>
> hda2_crypt   /dev/hda2   none   luks
> So I update my initramfs.  To check I extracted the image to /tmp and
> inspected conf/conf.d/cryptroot.  It looked like this:
> target=hda2_crypt,source=/dev/hda2,key=none,lvm=debian-root
> Does this look right?  How did it know about the lvm volume debian-root?
> Is the target name important, other than being the name of the device
> created
> in /dev/mapper?  Specifically, is it important that it is the same as it
> was when
> the debian installer set up the devices?
> Anyway, I reboot, and the messages look like this:
>     Begin: Mounting root file system... ...
>     Begin: Running /scripts/local-top ...
>     device-mapper: uevent: version 1.0.3
>     device-mapper: ioctl: 4.13.0-ioctl (2007-10-02) initialised:
> dm-devel@redhat.com
>        Volume group "debian" not found
>        Volume group "debian" not found
>     Setting up cryptographic volume hda2_crypt (based on /dev/hda2)
>     Enter LUKS passphrase:
> This is good, at least it's prompting me for a passphrase.  I enter my
> passphrase, and
> it appears to work, but not quite perfectly.   After I enter my
> passphrase it boots but
> I get this on the console:
>     Starting early crypto disks...done.
>     Setting up LVM Volume Groups   Reading all physical volumes.  This
> may take a while...
>        Found volume group "debian" using metadata type lvm2
>        Device '/dev/dm-0' has been left open.
>        Device '/dev/dm-0' has been left open.
>        3 logical volumes in volume group "debian" now active
>     .
>     Starting remaining crypto disks...done.
> When I shutdown I get this:
>     Unmounting local filesystems...done.
>     Stopping remaining crypto disks...done.
>     Shutting down LVM Volume Groups  Can't deactivate volume group
> "debian" with 2 open logical volume(s)
>        failed!
>     Stopping early crypto disks...done.
> So my question is, why aren't those volumes correctly deactivated on
> shutdown?  How does /dev/dm-0
> figure into this when I'm mounting /dev/mapper/debian-root as /?  Can I
> safely ignore this message, or
> is closing these devices important?  When I try to mount /dev/dm-0 it
> tells me "mount: unknown filesystem
> type 'lvm2pv'".   /dev/dm-1, 2, and 3 are debian-root debian-swap_1 and
> debian-home respectively.
> Any hints, tips, suggestions on FMs to R are appreciated.  I learned a
> lot already in this process.  My
> next challenge is to resize my swap to match all the RAM I have now so I
> can s2disk safely.

I'm pretty sure that the crypt thing is not compatible with lvm. may be this
is the problem. I'm not 100% sure though. The problem could be related to
previous formatting and using lvm, or some cached information somewhere.

what does sudo fdisk -l /dev/hda looks like. how are your partitions marked
there (the Id field)

parted should help you resize I guess.


Reply to: