[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

debian-10.6.0-amd64 cryptsetup: Waiting for encrypted source device sdb2_crypt

debian-user:
I have a desktop computer with an Intel DQ67SW motherboard and an Intel SSD 520 Series 60 GB system drive connected to the first SATA port. 


I downloaded:

    debian-10.6.0-amd64-xfce-CD-1.iso
I verified the GPG signature on the checksum file and verified the checksum on the ISO file.
I burned the ISO file to a USB flash drive and verified the checksum of the burned image.
The motherboard firmware is configured for BIOS mode. When I ran the Debian Installer (d-i), it came up in BIOS mode. I choose 'manual' partitioning: 

    Encrypted volume (sdb2_crypt) - 1.0 GB Linux device-mapper (crypt)
       #1             1.0 GB     f  swap          swap
    Encrypted volume (sdb3_crypt) - 12.0 GB Linux device-mapper (crypt)
         #1            12.0 GB     f  ext4          /
    SCSI5 (0,0,0) (sdb) - 60.0 GB ATA INTEL SSDSC2CW06
         #1  primary  999.3 MB  B  F  ext4          /boot
         #2  primary    1.0 GB     K  crypto       (sdb2_crypt)
         #3  primary   12.0 GB     K  crypto       (sdb3_crypt)
                       46.0 GB        FREESPACE


Note that the system drive is 'sdb' (the USB drive was 'sda').
I learned a long time ago that the system drive should be 'sda' during installation, or bad things can happen.
I tried moving the USB flash drive to various USB ports and changing CMOS Setup settings, but was unable to find a configuration whereby the system drive was 'sda' and the USB drive was 'sbd'. 


So, I proceeded with the install.


Upon rebooting, I entered the LUKS passphrase for sdb3_crypt.


Boot continued, and then then hung at:

    cryptsetup: Waiting for encrypted source device sdb2_crypt
After a timeout, the boot manager started BusyBox. As expected, the system drive is now /dev/sda.
I mounted sdb3_crypt at /mnt. I commented out the 'sdb2_crypt' entry in crypttab(5) 

    #sdb2_crypt /dev/sdb2 /dev/urandom cipher=aes-xts-plain64,size=256,swap


I commented out the 'sdb2_crypt' entry in fstab(5).

    #/dev/mapper/sdb2_crypt none swap sw	


I then rebooted.  Same problem:

    cryptsetup: Waiting for encrypted source device sdb2_crypt


It appears:
1. d-i still puts the kernel enumeration device node for random encrypted partitions into crypttab(5). This is brittle, and fails if the device node changes. 


A better solution is use one of the /dev/disk/by-*/* nodes.  For example:
sdb2_crypt /dev/disk/by-partuuid/007a0565-02 /dev/urandom cipher=aes-xts-plain64,size=256,swap
2. The Debian boot loader does not read crypttab(5) and/or fstab(5) from the root partition (?!!!).
Does Debian put these settings in initrd(4)? Do I need to run update-initramfs(8) in the bootloader BusyBox and/or d-i rescue shell if I change crypttab(5) and/or fstab(5)?
A better solution is to put the relevant information in exactly one location -- /etc/crypttab and /etc/fstab -- and read it from everywhere; including the bootloader. 


Comments?  Explanations?  Suggestions?


David
Reply to: