[SOLVED] LUKS/dm-crypt & LVM boot sequence incorrect!

Archived topics about LMDE 1 and LMDE 2
Locked
UnrealMiniMe

[SOLVED] LUKS/dm-crypt & LVM boot sequence incorrect!

Post by UnrealMiniMe »

I'm trying to set up LMDE (x86_64) with an encrypted root partition (using LVM on top of LUKS as usual). I've tried the following two guides, and they both have the same results:
http://forums.linuxmint.com/viewtopic.p ... it=encrypt*
http://forums.linuxmint.com/viewtopic.p ... 20#p364620

If I use the guides in a straightforward manner, the boot process does not even attempt to unlock my drive before searching for the logical volume group and LVM volumes. I get the messages:

Code: Select all

Volume group "LogicalVolumesOnEncryptedPartition" not found
Skipping volume group LogicalVolumesOnEncryptedPartition
Unable to find LVM volume LogicalVolumesOnEncryptedPartition/Root
blah blah
After a bit more complaining, I'm dropped into the initramfs debug shell.

I can get a little farther if I follow a few extra instructions from the [somewhat dated] guide at https://help.ubuntu.com/community/Feist ... hInstaller. I followed these additional instructions, though I'm not sure which helped matters (probably the creation of the cryptroot file though):
  • cd /dev; MAKEDEV generic (outside of chroot)
  • echo 'CRYPTOPTS=target=sda5_crypt,source=/dev/sda5' > /etc/initramfs-tools/conf.d/cryptroot
    (sda5 is my encrypted volume)
  • cp /usr/share/initramfs-tools/hooks/cryptroot /etc/initramfs-tools/hooks/cryptroot
    cp /usr/share/initramfs-tools/scripts/local-top/cryptroot /etc/initramfs-tools/scripts/local-top/cryptroot
  • update-grub
  • update-initramfs -u (of course)
With those, I still get the same error messages as before...but then the boot process actually asks for my encryption passphrase (yay!). Once i enter it and unlock the drive though, I just get more complaining about the LVM volumes:

Code: Select all

cryptsetup: lvm fs found but no lvm configured
After a bit more complaining, I get dropped to the Busybox shell once again.

Note that I have no problem opening up my encrypted volumes manually; I only have trouble getting them working at boot time. I checked the boot scripts in /etc/rcS.d, and S09lvm2 includes cryptdisks-early under "Should-Start" instead of "Required-Start." Thinking that was the problem, I moved the cryptdisks-early dependency to "Required-Start" and ran update-initramfs -u again, but that didn't actually help matters.

As a side note, I do get update-initramfs error messages saying:

Code: Select all

cryptsetup: WARNING: invalid line in /etc/crypttab -
However, I hear there are a lot of false positives for those. My current /etc/crypttab is:

Code: Select all

sda5_crypt /dev/sda5 none luks,tries=3
I get the error messages even if I remove the underscore from sda5_crypt (and modify the cryptroot file to reflect the change), and even if I use UUID=blahblah instead of /dev/sda5. None of it seems to make a difference, and the boot process still eventually decrypts the drive (assuming I followed the extra instructions I mentioned)...but only after it's done looking for the LVM volumes.

Does anyone know what I need to do to actually get the boot process working? Thanks!
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 4 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
UnrealMiniMe

Re: LUKS/dm-crypt and LVM: Boot script ordering incorrect!

Post by UnrealMiniMe »

Update:
I've made some progress, but I still haven't solved the problem. I modified the /etc/initramfs-tools/conf.d/cryptroot file again, so it says:

Code: Select all

CRYPTOPTS=target=sda5_crypt,source=/dev/sda5,lvm=LogicalVolumesOnEncryptedPartition-Root
The boot sequence starts up the same:

Code: Select all

	Volume group "LogicalVolumesOnEncryptedPartition" not found
	Skipping volume group LogicalVolumesOnEncryptedPartition
Unable to find LVM volume LogicalVolumesOnEncryptedPartition/Root
Then it asks for the passphrase, and OMG, it actually loads the volumes!

Code: Select all

Unlocking the disk /dev/sda5 (cryptroot)
Enter passphrase:
	Reading all physical volumes.  This may take a while...
	Found volume group "LogicalVolumesOnEncryptedPartition" using metadata type lv
m2
	3 logical volumes(s) in volume group "LogicalVolumesOnEncryptedPartition" now a
ctive
cryptsetup: cryptroot set up successfully
INIT: version 2.88 booting
Using makefile-style concurrent boot in runlevel S.
Starting the hotplug events dispatcher: udevd.
Synthesizing the initial hotplug events...done.
Waiting for /dev to be fully populated...udevd[600]: failed to execute '/lib/ude
v/mtp-probe' 'mtp-probe /sys/devices/pci0000:00/0000:00:1d.0/usb4/4-1/4-1.2 4 3'
: No such file or directory
udevd[601]: failed to execute '/lib/udev/mtp-probe' 'mtp-probe /sys/devices/pci0
000:00/0000:00:1a.0/usb3/3-1/3-1.3 3 4': No such file or directory
Note that the mtp-probe errors happen with the LiveCD too. So far, so good...

Code: Select all

done.
Setting parameters of disc: (none).
Setting system clock.
Setting preliminary keymap...done.
Checking root file system...fsck from util-linux-ng 2.17.2
/dev/mapper/LogicalVolumesOnEncryptedPartition-Root: Superblock last mount time is in the future.
		(by less than a day, probably due to the hardware clock being incorrectly set)  FIXED.
/dev/mapper/LogicalVolumesOnEncryptedPartition-Root: Superblock last mount time is in the future.
		(by less than a day, probably due to the hardware clock being incorrectly set)  FIXED.
/dev/mapper/LogicalVolumesOnEncryptedPartition-Root: clean, 163740/1310720 files, 1073274/5242880 blocks
done.
Finally, it loaded my root filesystem! But wait...now it's trying to unlock my drive again, when it's already unlocked!

Code: Select all

Starting early crypto disks...sda5_crypt (starting)...
Unlocking the disk /dev/sda5 (sda5_crypt)
Enter passphrase:
Cannot use device /dev/sda5 which is in use (already mapped or mounted).
Unlocking the disk /dev/sda5 (sda5_crypt)
Enter passphrase:
Cannot use device /dev/sda5 which is in use (already mapped or mounted).
On the third try, I may have made a typo, or it may have just decided to do something differently:

Code: Select all

Unlocking the disk /dev/sda5 (sda5_crypt)
Enter passphrase:
failed.
done.
Cleaning up ifupdown....
Loading kernel modules...done.
Setting up networking....
Setting the system clock.
Setting up LVM Volume Groups  Reading all physical volumes.  This may take a while...
	Found volume group "LogicalVolumesOnEncryptedPartition" using metadata type lvm2
	3 logical volume(s) in volume group "LogicalVolumesOnEncryptedPartition" now active
.
Starting remaining crypto disks...sda5_crypt (starting)...
Unlocking the disk /dev/sda5 (sda5_crypt)
Enter passphrase:
Cannot use device /dev/sda5 which is in use (already mapped or mounted).
Unlocking the disk /dev/sda5 (sda5_crypt)
Enter passphrase:
After the fourth and fifth password prompts, I headed off to bed.

This morning, that screen was still up, and I entered the passphrase one more time...and lo and behold, it actually booted and got me to the login screen! I tried the same process again, and I can eventually get to the login screen after about 7 password attempts (the second time required at least one more try, so typos are probably factoring in somewhere).

Of course, everything is STILL not correct even after logging in: I am now able to log in, but the Disk Utility shows my LVM volumes (dm-1, dm-2, and dm-3 for root, swap, and data, respectively) as unformatted drives. I can access their data, but I can't imagine this won't have any ill effects. The OS should really be recognizing their formatting (ext4 for root, swap for swap, and ext3 for my data partition).

In case it matters, my fstab is as follows (note that on Ubuntu, the same LUKS/LVM setup worked without a hitch):

Code: Select all

# /etc/fstab: static file system information.
#
# Use 'blkid -o value -s UUID' to print the universally unique identifier
# for a device; this may be used with UUID= as a more robust way to name
# devices that works even if disks are added and removed.  See fstab(5).
#
# <file system>						<mount point>	<type>	<options>					<dump>	<pass>
proc							/proc		proc	nodev,noexec,nosuid				0	0
/dev/mapper/LogicalVolumesOnEncryptedPartition-Root	/		ext4	errors=remount-ro				0	1
/dev/sda3						/boot		ext4	defaults					0	2
/dev/mapper/LogicalVolumesOnEncryptedPartition-Swap	none		swap	sw						0	0
/dev/mapper/LogicalVolumesOnEncryptedPartition-Data	/home/user/data	ext3	auto,user,exec,rw,async,nodev,nosuid,relatime	0	2
(Sorry if the tabs make it hard to read in a browser.)

Note that my data partition is meant to mount at /home/user/data. (It's basically a separate home without all of the dot folders. I let each distro keep its own dot folders to avoid conflicts and problems, and for the few I need to be persistent, I symlink them to a directory inside my data partition.)

I'm assuming the OS isn't properly recognizing my logical volumes due to the screwy boot sequence which my setup took before finally letting me log in...and that boot sequence is unnecessarily arduous. I have a feeling the shutdown sequence will be equally screwy as wel...so how do I fix my boot sequence and get LVM/LUKS operating as it should?
UnrealMiniMe

Re: LUKS/dm-crypt and LVM: Boot script ordering incorrect!

Post by UnrealMiniMe »

UPDATE WITH SOLUTION:
I have this mostly solved! Apparently, the /etc/crypttab file was causing all of the extra (redundant) password checks / unlock attempts after the first one.

In order to make this work correctly, I had to DELETE /etc/crypttab while retaining the following /etc/initramfs-tools/conf.d/cryptroot:

Code: Select all

CRYPTOPTS=target=sda5_crypt,source=/dev/sda5,lvm=LogicalVolumesOnEncryptedPartition-Root
The boot process still makes an LVM attempt before asking for my LUKS/dm-crypt password, but it only unlocks the volume once, and the boot proceeds smoothly all the way to the login screen without any extra password attempts.

My only remaining problem is that Disk Utility still thinks my logical volumes are unformatted (/dev/dm-1, /dev/dm-2, and /dev/dm-3 as root, swap, and data, respectively). I didn't mention this before, but it also doesn't even recognize them as logical volumes at all, even though vgscan and lvscan list the group/volumes correctly. (Disk Utility properly recognizes all of the volumes from the Live CD - assuming I install lvm2 after unlocking the drive - but not from my actual install).

I'd like to get this fixed, but I'm starting to believe the problem is distinct from the boot issue (if still related). For all I know, things are supposed to look this way when the root volume is inside the encrypted partition. Therefore, I'll mark this as solved for readers who may be having the same problem. :)
cb474

Re: [SOLVED] LUKS/dm-crypt & LVM boot sequence incorrect!

Post by cb474 »

Thanks for figuring all this out. It totally saved me. I was having the same problem as you with booting.

I wondering how your system is working now? Are you still running it the same way or do you figure out a better way to do this?

I do see the same LVM errors as you mention when booting. And it seems weird to totally not use crypttab. So I can't shake the feeling that there's something fundamentally wanky about my system. I had come to LMDE from Arch, in the hopes of avoiding these problems and have more of an, it just works, system.
cb474

Re: [SOLVED] LUKS/dm-crypt & LVM boot sequence incorrect!

Post by cb474 »

Well I realized the one error on boot I was getting was due to my own missing something obvious. I would get an error saying the system could not find /dev/mapper/LogicalVolumesOnEncryptedPartition-Root.

I realized that "LogicalVolumesOnEncryptedPartition-Root" should be the name of my lvm root partition as it appears in /dev/mapper. Curiously depsite that error my system booted fine anyway. But it's nice to have fixed it and not get the boot error.

I found this howto useful for understanding better this method of using lvm with debian:

http://aptosid.com/index.php?module=wik ... eDebianWay
cb474

Re: [SOLVED] LUKS/dm-crypt & LVM boot sequence incorrect!

Post by cb474 »

That's interesting. I was unable to figure out how to get around those problems in the setup process, being more of an end user. I'll try those suggestions when I have a chance and see if I can get things to work as they should.
UnrealMiniMe

Re: [SOLVED] LUKS/dm-crypt & LVM boot sequence incorrect!

Post by UnrealMiniMe »

I'm currently experiencing the same problem again with another distro I'm testing out, and I'm trying to fix it the "right way" this time without deleting crypttab, etc.

You're right about having to make those directories to fix the broken symlink, although there are a couple discrepancies between our experiences: The guide here indicates we should mount -t tmpfs tmpfs /dev/shm rather than mounting /run...is the guide mistaken, or are were you? (I went forward assuming the guide was correct here.) I also had to make the directories prior to mounting /dev/shm instead of afterwards, so the mount would proceed correctly (because /dev/shm points to /run/shm).

Anyway, after creating those directories and mounting everything inside the chroot, the output of update-initramfs -u changes...and shows a syntax error, much like you said:
cryptsetup: WARNING: invalid line in /etc/crypttab for udisks-luks-uuid-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX-uid0 -

I X'ed out my actual GUID above, but you get the idea. The error now happens regardless of whether I make the line in /etc/crypttab look like
sda2_crypt /dev/disk/by-uuid/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX none luks
or
sda2_crypt /dev/sda2 none luks

Do you remember how you resolved the syntax error in your case, or could you copy/paste your /etc/crypttab here? It seems like that's the missing piece of the puzzle here, and it would be nice to finally resolve this issue for real.

EDIT: Oh, crap. It looks like selfification is no longer a user here, and despite his post count of 2, a search only shows this one. I wonder if his second post got removed and got him banned? Urgh...not good. This thread has over 3000 views too, so it looks like it's been helpful. If anyone who reads this knows how to fix the /etc/crypttab syntax error, I'm all ears!
UnrealMiniMe

Re: [SOLVED] LUKS/dm-crypt & LVM boot sequence incorrect!

Post by UnrealMiniMe »

I GOT IT.

You want to follow the guide here:
http://forums.linuxmint.com/viewtopic.p ... 20#p364620
However, make sure you create folders for /run/shm and /run/lock/dev inside of your chroot before you mount /dev/shm.

Now, if you make your /etc/crypttab look like it does in the guide, then update-initramfs -u will now complain about a syntax error:
cryptsetup: WARNING: invalid line in /etc/crypttab for udisks-luks-uuid-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX-uid0 -

Somewhere along the line, the target in /dev/mapper/ had its name changed from sda2_crypt (or similar) to something like udisks-luks-uuid-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX-uid0 (actual UUID goes where the X's are). Because of that, sda2_crypt wasn't a valid target in /dev/mapper. To fix it, just change your /etc/crypttab to look like:
udisks-luks-uuid-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX-uid0 /dev/disk/by-uuid/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX none luks
Use your real UUID of course instead of X's, then rerun update-initramfs -u. It should now complete without an error, and your boot process should go smoothly.
malenki

Re: [SOLVED] LUKS/dm-crypt & LVM boot sequence incorrect!

Post by malenki »

@UnrealMiniMe: thanks for solving this issue. Today I stumbled over it and found your solution via the linuxmint bug tracker
Locked

Return to “LMDE Archive”