[dm-crypt] Kernel update: "Failed to access temporary keystore device."
arno at wagner.name
Thu Aug 21 01:40:58 CEST 2014
just resolved this. I did indeed screw up the kernel config
update. After a second try, cryptsetup works fine with
stock kernel.org 3.14.15.
On Mon, Aug 04, 2014 at 03:13:30 CEST, Arno Wagner wrote:
> On Sun, Aug 03, 2014 at 21:41:46 CEST, Milan Broz wrote:
> > On 08/03/2014 02:01 AM, Arno Wagner wrote:
> > >> Can you paste the command with added --debug?
> > >
> > > See below, both for 1.6.1 and 1.6.5, which unloaks without
> > > error (well, without error that gets propagated to the user),
> > > but never creates the entry in /dev/mapper/. Likely
> > > a bug in 1.6.5, as it probably should tell the user that
> > > things went wrong.
> > The 1.6.5 uses different code here (it reads device directly
> > when decrypting keyslot) and it need more user friendly error
> > messages here, my bad...
> > Anyway, seems like in both cases read of device really returns
> > I/O error while reading keyslot area.
> > Could you send me strace of the command?
> > (No need to enter correct password at all.)
> Looks like it. Strace output from a test container comes
> in separate email.
> > BTW if not already there, it is another nice item to FAQ
> > - warn people that strace and similar debugging output can
> > easily leak keys or passwords. And yes, people sometimes
> > post these to lists :)
> Good idea. Added as Item 4.5 and to the warnings at the start.
> > >
> > >> Can you try to boot Debian provided kernel - does it work?
> > >
> > > Not easily. But it does work with 3.10.51, so the 3.2.x that
> > > Debian stable is stuck at should probably work too.
> > >
> > > Come to think of it, I have /usr/src/linux pointing to a 3.4.67
> > > source tree, as gcc kernel includes in Debian stable are really
> > > messed up with 3.5.x and later and I failed to fix it manually.
> > > (Sometimes I really wonder what the Kernel devs are thinking or
> > > whether they are thinking at all...) Could that be the problem?
> > Don't think so... kernel should use own includes while compiling
> > and what's failing here is just plain read (I think).
> > > I usually run testing, except that I really do not want systemd,
> > > so until I am sure I can do that update without getting that
> > > atrocity, no update to jessy for me.
> > There is a lot of discussion about this on debian devel,
> > IIRC systemd-shim is possible the way to avoid systemd as init.
> > (dunno if this will be supported).
> We will see. I have a suspicion that the sudden long-term support
> for pre-systemd Debian is not an accident.
> > > Anyways, if we do not figure this one out, I will just stay
> > > with 3.10.x, it is a longterm-kernel after all. I just
> > > tried 3.14.15 because I have some network issues and wanted to
> > > see whether they may be gone with a newer kernel.
> > Well, it would be interesting to find what's wrong here.
> Ok, so lets keep poking at it.
> > You are using MD device - what kind of raid is that?
> > (lsblk -t can say more info about storage stack topology as well).
> It is a 3-way md RAID1 (on 2.5" laptop drives, about one firmware
> crash per year...).
> "lsblk -t" does not say a lot:
> NAME ALIGNMENT MIN-IO OPT-IO PHY-SEC LOG-SEC ROTA SCHED RQ-SIZE
> md10 0 4096 0 4096 512 1 128
> Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
> GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
> A good decision is based on knowledge and not on numbers. - Plato
> dm-crypt mailing list
> dm-crypt at saout.de
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. - Plato
More information about the dm-crypt