Re: debian-10.6.0-amd64 cryptsetup: Waiting for encrypted source device sdb2_crypt

To: debian-user@lists.debian.org
Subject: Re: debian-10.6.0-amd64 cryptsetup: Waiting for encrypted source device sdb2_crypt
From: David Christensen <dpchrist@holgerdanske.com>
Date: Sat, 28 Nov 2020 00:46:22 -0800
Message-id: <[🔎] b3720df5-1e01-461d-6d26-f088b3d96b24@holgerdanske.com>
In-reply-to: <[🔎] CAMPXz=pvBg2h7b9O4Bb1dpvMWroVziYubUBR5BTJu2A6LDpiPA@mail.gmail.com>
References: <[🔎] fbf13d70-794b-015d-82f8-334908b06d45@holgerdanske.com> <[🔎] CAMPXz=pvBg2h7b9O4Bb1dpvMWroVziYubUBR5BTJu2A6LDpiPA@mail.gmail.com>

On 2020-11-27 22:39, David wrote:

Thanks for the reply.  :-)

On Sat, 28 Nov 2020 at 16:22, David Christensen
<xxxxxxxx@xxxxxxxx.com> wrote:

Please configure your mail client so that it does not put the sender'se-mail address into the body of your reply.

Note that the system drive is 'sdb' (the USB drive was 'sda').

Upon rebooting, I entered the LUKS passphrase for sdb3_crypt.
Boot continued, and then then hung at:

      cryptsetup: Waiting for encrypted source device sdb2_crypt

The Debian boot loader does not read crypttab(5) and/or fstab(5)

from the root partition (?!!!).

At that point in the boot process, the root partition device has
not been mounted and so can't be read. Especially not if it is
encrypted.

The installer chose sdb2_crypt and sdb3_crypt,
so those names became baked into 'cryptsetup open' commands
in the initramfs, as well as in /etc/crypttab.

At that point in the boot process, I have already entered the rootpartition dm-crypt passphrase. So, the root filesystem, /etc/crypttab,and /etc/fstab are available to the bootloader; if it cared to look.

I can ignore the crypttab(5) target values; it's the source device valueof '/dev/sdb2' in /etc/crypttab that changes once I remove theinstallation USB flash drive and reboot. Caching this value in a/boot/* file rather than reading it from the canonical source is badengineering.

What you need to do is get the system up and running in the
configuration you want, by handling the timeouts and running
'cryptsetup open' (with whatever <names> and devices you
like to use) in busybox, as you described doing. The <name>s
you enter do not need to match any used previously. When
you run 'cryptsetup open' you are *creating* a new mapping
so you can use whatever name you like.

Once the system is up and running in the configuration you
want, make sure the same <names> and any device specifications
you like are used in /etc/crypttab. The rootfs device must also be
correct in /etc/fstab.

Then, run update-initramfs whose scripts will read those two files
and should update your initramfs with appropriate 'cryptsetup open'
commands and arguments so that things work properly at the next boot.

I suppose I could waste more time working around flaws in Linux and/orDebian.



But, I have already built a graphical workstation using FreeBSD.

I use UUID= syntax in my etc/crypttab to specify devices.

I tried crypttab(5) source devices of 'UUID=...' in the past forencrypted swap paritions; they did not work. /dev/disk/by-partuuid/* works.



David

Reply to:

Follow-Ups:
- Re: debian-10.6.0-amd64 cryptsetup: Waiting for encrypted source device sdb2_crypt
  - From: Andrei POPESCU <andreimpopescu@gmail.com>

References:
- debian-10.6.0-amd64 cryptsetup: Waiting for encrypted source device sdb2_crypt
  - From: David Christensen <dpchrist@holgerdanske.com>
- Re: debian-10.6.0-amd64 cryptsetup: Waiting for encrypted source device sdb2_crypt
  - From: David <bouncingcats@gmail.com>

Prev by Date: Kernel problem
Next by Date: Re: debian-10.6.0-amd64 cryptsetup: Waiting for encrypted source device sdb2_crypt
Previous by thread: Re: debian-10.6.0-amd64 cryptsetup: Waiting for encrypted source device sdb2_crypt
Next by thread: Re: debian-10.6.0-amd64 cryptsetup: Waiting for encrypted source device sdb2_crypt
Index(es):
- Date
- Thread