Mint 17.3 64 (Cin) and Bitlocker (HW) encryption issue

Questions about Grub, UEFI,the liveCD and the installer
Forum rules
Before you post please read how to get help
Post Reply
Lisa_P
Level 1
Level 1
Posts: 8
Joined: Tue Dec 22, 2015 7:51 am

Mint 17.3 64 (Cin) and Bitlocker (HW) encryption issue

Post by Lisa_P » Tue Dec 22, 2015 10:04 am

Hi,

TL;DR: ata1.00: failed command: READ DMA because of hardware encryption of a Bitlocker partition on Samsung EVO 850 SSDs.

Long version:

I have a new laptop which I tested dual-booting Win 10 and Mint 17.3-64 (Cinnamon) first before enabling hardware encryption on my disks (both Samsung EVO 850 SSDs, one of them is m2.sata). The initial running and setup were fine (except for minor -already known- issues with intel HD 530/nVidia 970 combo, along with the i915 problems).

After enabling the hardware encryption on both drives (both need to be enabled in case I decide to add another BitLocker partition, since Win 10 version 1511 (build 10586) would otherwise break it), I reinstalled Win 10 (the 10240 build to enable the hardware encryption and updated after that).
So far so good. Bitlocker's hardware encryption is working for both drives, that's not an issue, nor a topic for discussion here.

My Mint installation (as well as the Live CD/USB) did have an issue with it. Not so much a disruptive problem, just a lot of log spamming and delays. This spamming occurs during boot and when updating grub.

Please note, before encryption was enabled this spamming/delay did NOT occur, so Bitlocker is to blame for this. Turning off Bitlocker cures the spam issue, but that's not a solution, I prefer my important data to be encrypted.

The spam in my logs consist of messages like these:

Code: Select all

Dec 22 13:15:11 my_laptop kernel: [   31.330238] ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
Dec 22 13:15:11 my_laptop kernel: [   31.330934] ata1.00: irq_stat 0x40000001
Dec 22 13:15:11 my_laptop kernel: [   31.331611] ata1.00: failed command: READ DMA
Dec 22 13:15:11 my_laptop kernel: [   31.332291] ata1.00: cmd c8/00:08:00:b8:11/00:00:00:00:00/e0 tag 6 dma 4096 in
Dec 22 13:15:11 my_laptop kernel: [   31.332291]          res 51/04:08:00:b8:11/00:00:00:00:00/e0 Emask 0x1 (device error)
Dec 22 13:15:11 my_laptop kernel: [   31.333646] ata1.00: status: { DRDY ERR }
Dec 22 13:15:11 my_laptop kernel: [   31.334340] ata1.00: error: { ABRT }
Dec 22 13:15:11 my_laptop kernel: [   31.335309] ata1.00: supports DRM functions and may not be fully accessible
Dec 22 13:15:11 my_laptop kernel: [   31.335714] ata1.00: disabling queued TRIM support
Dec 22 13:15:11 my_laptop kernel: [   31.336221] ata1.00: supports DRM functions and may not be fully accessible
Dec 22 13:15:11 my_laptop kernel: [   31.336416] ata1.00: disabling queued TRIM support
Dec 22 13:15:11 my_laptop kernel: [   31.336598] ata1.00: configured for UDMA/33
Dec 22 13:15:11 my_laptop kernel: [   31.336603] ata1: EH complete
When installing a new kernel or updating grub, I experience delays and get messages like these:

Code: Select all

ERROR: pdc: reading /dev/sda[Input/output error]
However, grub DOES update correctly, so it's something in the probing.

hdparm of sda (sdb is similar)

Code: Select all

/dev/sda:

ATA device, with non-removable media
	Model Number:       Samsung SSD 850 EVO M.2 500GB           
	Serial Number:      <removed>     
	Firmware Revision:  EMT21B6Q
	Transport:          Serial, ATA8-AST, SATA 1.0a, SATA II Extensions, SATA Rev 2.5, SATA Rev 2.6, SATA Rev 3.0
Standards:
	Used: unknown (minor revision code 0x0039) 
	Supported: 9 8 7 6 5 
	Likely used: 9
Configuration:
	Logical		max	current
	cylinders	16383	16383
	heads		16	16
	sectors/track	63	63
	--
	CHS current addressable sectors:   16514064
	LBA    user addressable sectors:  268435455
	LBA48  user addressable sectors:  976773168
	Logical  Sector size:                   512 bytes
	Physical Sector size:                   512 bytes
	Logical Sector-0 offset:                  0 bytes
	device size with M = 1024*1024:      476940 MBytes
	device size with M = 1000*1000:      500107 MBytes (500 GB)
	cache/buffer size  = unknown
	Nominal Media Rotation Rate: Solid State Device
Capabilities:
	LBA, IORDY(can be disabled)
	Queue depth: 32
	Standby timer values: spec'd by Standard, no device specific minimum
	R/W multiple sector transfer: Max = 1	Current = 1
	DMA: mdma0 mdma1 mdma2 udma0 udma1 *udma2 udma3 udma4 udma5 udma6 
	     Cycle time: min=120ns recommended=120ns
	PIO: pio0 pio1 pio2 pio3 pio4 
	     Cycle time: no flow control=120ns  IORDY flow control=120ns
Commands/features:
	Enabled	Supported:
	   *	SMART feature set
	   *	Power Management feature set
	   *	Write cache
	   *	Look-ahead
	   *	Host Protected Area feature set
	   *	WRITE_BUFFER command
	   *	READ_BUFFER command
	   *	NOP cmd
	   *	DOWNLOAD_MICROCODE
	    	SET_MAX security extension
	   *	48-bit Address feature set
	   *	Device Configuration Overlay feature set
	   *	Mandatory FLUSH_CACHE
	   *	FLUSH_CACHE_EXT
	   *	SMART error logging
	   *	SMART self-test
	   *	General Purpose Logging feature set
	   *	WRITE_{DMA|MULTIPLE}_FUA_EXT
	   *	64-bit World wide name
	    	Write-Read-Verify feature set
	   *	WRITE_UNCORRECTABLE_EXT command
	   *	{READ,WRITE}_DMA_EXT_GPL commands
	   *	Segmented DOWNLOAD_MICROCODE
	   *	Gen1 signaling speed (1.5Gb/s)
	   *	Gen2 signaling speed (3.0Gb/s)
	   *	Gen3 signaling speed (6.0Gb/s)
	   *	Native Command Queueing (NCQ)
	   *	Phy event counters
	   *	READ_LOG_DMA_EXT equivalent to READ_LOG_EXT
	   *	DMA Setup Auto-Activate optimization
	    	Device-initiated interface power management
	   *	Asynchronous notification (eg. media change)
	   *	Software settings preservation
	    	Device Sleep (DEVSLP)
	   *	SMART Command Transport (SCT) feature set
	   *	SCT Write Same (AC2)
	   *	SCT Error Recovery Control (AC3)
	   *	SCT Features Control (AC4)
	   *	SCT Data Tables (AC5)
	   *	reserved 69[4]
	   *	reserved 69[7]
	   *	DOWNLOAD MICROCODE DMA command
	   *	SET MAX SETPASSWORD/UNLOCK DMA commands
	   *	WRITE BUFFER DMA command
	   *	READ BUFFER DMA command
	   *	Data Set Management TRIM supported (limit 8 blocks)
Logical Unit WWN Device Identifier: <removed>
	NAA		: 5
	IEEE OUI	: 002538
	Unique ID	: <removed>
Checksum: correct
Device Sleep:
	DEVSLP Exit Timeout (DETO): 50 ms (drive)
	Minimum DEVSLP Assertion Time (MDAT): 30 ms (drive)
Pre-hardware encryption it also had the security bits in there, which are now obviously gone (only way to get them back is with a PSID revert tool):

Code: Select all

Security: 
	Master password revision code = 65534
		supported
	not	enabled
	not	locked
	not	frozen
	not	expired: security count
		supported: enhanced erase
	2min for SECURITY ERASE UNIT. 8min for ENHANCED SECURITY ERASE UNIT.
inxi info:

Code: Select all

System:    Host: my_laptop Kernel: 4.2.0-19-generic x86_64 (64 bit gcc: 4.8.2)
           Desktop: Cinnamon 2.8.6 (Gtk 3.10.8~8+qiana)
           Distro: Linux Mint 17.3 Rosa
Machine:   Mobo: Notebook model: P65_P67RGRERA
           Bios: American Megatrends v: 1.05.07 date: 10/12/2015
CPU:       Quad core Intel Core i7-6700HQ (-HT-MCP-) cache: 6144 KB
           flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 20726
           clock speeds: max: 3500 MHz 1: 2599 MHz 2: 3359 MHz 3: 3141 MHz
           4: 2600 MHz 5: 2599 MHz 6: 2817 MHz 7: 3006 MHz 8: 3318 MHz
Graphics:  Card-1: Intel Device 191b bus-ID: 00:02.0
           Card-2: NVIDIA Device 13d8 bus-ID: 01:00.0
           Display Server: X.Org 1.17.1 drivers: nvidia (unloaded: intel)
           Resolution: 1920x1080@60.0hz
           GLX Renderer: GeForce GTX 970M/PCIe/SSE2
           GLX Version: 4.5.0 NVIDIA 352.63 Direct Rendering: Yes
Audio:     Card Intel Device a170 driver: snd_hda_intel bus-ID: 00:1f.3
           Sound: Advanced Linux Sound Architecture v: k4.2.0-19-generic
Network:   Card-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
           driver: r8169 v: 2.3LK-NAPI port: d000 bus-ID: 02:00.1
           IF: eth0 state: down mac: <filter>
           Card-2: Intel Wireless 8260 driver: iwlwifi bus-ID: 03:00.0
           IF: wlan0 state: up mac: <filter>
Drives:    HDD Total Size: 1000.2GB (4.0% used)
           ID-1: /dev/sda model: Samsung_SSD_850 size: 500.1GB
           ID-2: /dev/sdb model: Samsung_SSD_850 size: 500.1GB
Partition: ID-1: / size: 46G used: 6.5G (15%) fs: ext4 dev: /dev/sdb5
           ID-2: /home size: 55G used: 2.0G (4%) fs: ext4 dev: /dev/sdb6
           ID-3: swap-1 size: 32.00GB used: 0.00GB (0%) fs: swap dev: /dev/sdb7
RAID:      No RAID devices: /proc/mdstat, md_mod kernel module present
Sensors:   System Temperatures: cpu: 40.0C mobo: N/A gpu: 0.0:41C
           Fan Speeds (in rpm): cpu: N/A
Info:      Processes: 245 Uptime: 3 min Memory: 1606.1/31996.0MB
           Init: Upstart runlevel: 2 Gcc sys: 4.8.4
           Client: Shell (bash 4.3.111) inxi: 2.2.28 
Parted info:

Code: Select all

Model: ATA Samsung SSD 850 (scsi)
Disk /dev/sda: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt

Number  Start   End    Size    File system  Name                          Flags
 1      1049kB  473MB  472MB   ntfs         Basic data partition          hidden, diag
 2      473MB   578MB  105MB   fat32        EFI system partition          boot
 3      578MB   595MB  16.8MB               Microsoft reserved partition  msftres
 4      595MB   138GB  138GB                Basic data partition          msftdata


Model: ATA Samsung SSD 850 (scsi)
Disk /dev/sdb: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt

Number  Start   End     Size    File system     Name  Flags
 1      1049kB  60.0GB  60.0GB  ext4
 2      60.0GB  64.1GB  4096MB  linux-swap(v1)
 3      64.1GB  124GB   60.0GB


Model: Linux device-mapper (crypt) (dm)
Disk /dev/mapper/home: 60.0GB
Sector size (logical/physical): 512B/512B
Partition Table: loop

Number  Start  End     Size    File system  Flags
 1      0.00B  60.0GB  60.0GB  ext4
I opted for a normal installation with only LUKS encrypted home because it was easier to setup than a fully encrypted system. Not all space is occupied yet as this is the basic installation so far.

Is there any way to "cure" or suppress this spamming behaviour? (Booting and updating grub takes severely longer thanks to this).

Lisa_P
Level 1
Level 1
Posts: 8
Joined: Tue Dec 22, 2015 7:51 am

Re: Mint 17.3 64 (Cin) and Bitlocker (HW) encryption issue

Post by Lisa_P » Sat Feb 06, 2016 6:49 am

I still haven't found any solution and the above problem causes Bitlocker drives to 'think' I've entered an invalid pin-code too many times to unlock the partitions.
Obviously this is the result of the probing.

To avoid having to go through entering the lengthy "recovery key" every time I need to boot Windows 10, I switched from using a PIN to using a key-file on a USB stick.

While this does stop Bitlocker to think it has been attacked, the problem of the spam (and freezing/errors while updating grub) still remains in Linux.
I had hoped the recent update of the osprobe would have fixed it, but it didn't. I also still haven't found a way to have the system 'ignore' the Bitlocker partitions.

wursthorst
Level 1
Level 1
Posts: 4
Joined: Mon May 08, 2017 4:29 pm

Re: Mint 17.3 64 (Cin) and Bitlocker (HW) encryption issue

Post by wursthorst » Wed May 10, 2017 3:13 pm

Hi!

Now that it's been a while that you opened this thread, did you finally find a solution to the problem?

I did set up a dual boot system with Mint 18.1 and Windows 10 a couple of days ago and I encounter exactly the same type of errors. I am using a HP Envy 15 Notebook with a Crucial MX300 SSD and despite being no hardcore techy I suspect the SSD being at the origin of the mess since I am running a similar setup on my old notebook (HP 250 G2 with HGST Travelstar HDD) that works flawlessly even including acces of bitlockered partitions from within Linux using dislocker.

Any help would be greatly appreciated! :)

Lisa_P
Level 1
Level 1
Posts: 8
Joined: Tue Dec 22, 2015 7:51 am

Re: Mint 17.3 64 (Cin) and Bitlocker (HW) encryption issue

Post by Lisa_P » Wed May 10, 2017 3:40 pm

Hi,

No I never found a solution for it, other than disabling bitlocker, which is undesirable.
I was thinking that the hardware encryption was causing it, but even after removing it it still gave me the same errors. Yes, it might be SSD/M.2-SSD related.

wursthorst
Level 1
Level 1
Posts: 4
Joined: Mon May 08, 2017 4:29 pm

Re: Mint 17.3 64 (Cin) and Bitlocker (HW) encryption issue

Post by wursthorst » Thu May 11, 2017 3:16 pm

Thank you very much for your reply..even if there doesn't seem to be much hope. ;) I am also running my SSD without hardware encryption enabled. So this should not be the reason.

I am really upset for now since I really thought that I had found the perfect solution for data encryption on a dual boot system with the bitlocker/dislocker combo. So, maybe is there anybody out there with an idea how to workaround this to access the bitlockered partitions anyway?

FreedomTruth
Level 4
Level 4
Posts: 431
Joined: Fri Sep 23, 2016 10:19 am

Re: Mint 17.3 64 (Cin) and Bitlocker (HW) encryption issue

Post by FreedomTruth » Thu May 11, 2017 9:17 pm

It's not a hardware solution, but you could try using a veracrypt encrypted partition instead. my very limited experience with bitlocker was with a vhd file I'd manually unlock/mount in windows, i never did get it mounted directly in linux (I could in a windows vm though); I have moved away from that format.
If you abide in My word, you are My disciples indeed. And you shall know the truth, and the truth shall make you free... Most assuredly, I say to you, whoever commits sin is a slave of sin... Therefore if the Son makes you free, you shall be free indeed.

wursthorst
Level 1
Level 1
Posts: 4
Joined: Mon May 08, 2017 4:29 pm

Re: Mint 17.3 64 (Cin) and Bitlocker (HW) encryption issue

Post by wursthorst » Fri May 12, 2017 6:00 pm

I have indeed been thinking about using Veracrypt. Until now, the relative complexity compared to the Bitlocker/Dislocker solution (afaik: necessity of tampering around with the bootloader, no GPT-Partitioning etc.) prevented me from doing so, but I think I am going to give it a try. However, I am still whining around that it doesn't work the easy way.. ;)

wursthorst
Level 1
Level 1
Posts: 4
Joined: Mon May 08, 2017 4:29 pm

Re: Mint 17.3 64 (Cin) and Bitlocker (HW) encryption issue

Post by wursthorst » Thu May 18, 2017 1:07 pm

I couldn't stop retrying all kind of options and I eventually got everything running! :) The described problem seems to be related to Bitlocker doing hardware encryption by default if the SSD is capable of it. I told Bitlocker to do software encryption in any case by changing a group policy, re-crypted the partitions and everything worked flawlessly from then on. I can also read and write the bitlockered partitions from within Linux using dislocker.

@Lisa_P: Maybe for you this will also do the trick? How did you disable hardware encryption when trying to workaround the errors?

@all: I know I have not been very exhaustive in my description, so feel free to ask if you need a detailed description of how to force Bitlocker to do software encryption.

Post Reply

Return to “Installation & Boot”