[dm-crypt] Kernel update: "Failed to access temporary keystore device."

Arno Wagner arno at wagner.name
Thu Aug 21 01:40:58 CEST 2014


Hi,

just resolved this. I did indeed screw up the kernel config
update. After a second try, cryptsetup works fine with 
stock kernel.org 3.14.15.

Gr"usse,
Arno

On Mon, Aug 04, 2014 at 03:13:30 CEST, Arno Wagner wrote:
> On Sun, Aug 03, 2014 at 21:41:46 CEST, Milan Broz wrote:
> > On 08/03/2014 02:01 AM, Arno Wagner wrote:
> > >> Can you paste the command with added --debug?
> > > 
> > > See below, both for 1.6.1 and 1.6.5, which unloaks without 
> > > error (well, without error that gets propagated to the user), 
> > > but never creates the entry in /dev/mapper/. Likely
> > > a bug in 1.6.5, as it probably should tell the user that 
> > > things went wrong.
> > 
> > The 1.6.5 uses different code here (it reads device directly
> > when decrypting keyslot) and it need more user friendly error
> > messages here, my bad...
> > 
> > Anyway, seems like in both cases read of device really returns
> > I/O error while reading keyslot area.
> > Could you send me strace of the command?
> > (No need to enter correct password at all.)
> 
> Looks like it. Strace output from a test container comes
> in separate email.
>  
> > BTW if not already there, it is another nice item to FAQ
> > - warn people that strace and similar debugging output can
> > easily leak keys or passwords. And yes, people sometimes
> > post these to lists :)
> 
> Good idea. Added as Item 4.5 and to the warnings at the start.
> 
> > > 
> > >> Can you try to boot Debian provided kernel - does it work?
> > > 
> > > Not easily. But it does work with 3.10.51, so the 3.2.x that
> > > Debian stable is stuck at should probably work too. 
> > > 
> > > Come to think of it, I have /usr/src/linux pointing to a 3.4.67 
> > > source tree, as gcc kernel includes in Debian stable are really 
> > > messed up with 3.5.x and later and I failed to fix it manually.  
> > > (Sometimes I really wonder what the Kernel devs are thinking or 
> > > whether they are thinking at all...) Could that be the problem?
> > 
> > Don't think so... kernel should use own includes while compiling
> > and what's failing here is just plain read (I think). 
> > 
> > > I usually run testing, except that I really do not want systemd,
> > > so until I am sure I can do that update without getting that 
> > > atrocity, no update to jessy for me. 
> > 
> > There is a lot of discussion about this on debian devel,
> > IIRC systemd-shim is possible the way to avoid systemd as init.
> > (dunno if this will be supported).
> 
> We will see. I have a suspicion that the sudden long-term support
> for pre-systemd Debian is not an accident.
>   
> > > Anyways, if we do not figure this one out, I will just stay
> > > with 3.10.x, it is a longterm-kernel after all. I just
> > > tried 3.14.15 because I have some network issues and wanted to
> > > see whether they may be gone with a newer kernel.
> > 
> > Well, it would be interesting to find what's wrong here.
> 
> Ok, so lets keep poking at it. 
> 
> > You are using MD device - what kind of raid is that?
> > (lsblk -t can say more info about storage stack topology as well).
> 
> It is a 3-way md RAID1 (on 2.5" laptop drives, about one firmware
> crash per year...). 
> 
> "lsblk -t" does not say a lot:
> 
> NAME ALIGNMENT MIN-IO OPT-IO PHY-SEC LOG-SEC ROTA SCHED RQ-SIZE
> md10         0   4096      0    4096     512    1           128
> 
> Arno
> 
> -- 
> Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
> GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
> ----
> A good decision is based on knowledge and not on numbers. -  Plato
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -  Plato


More information about the dm-crypt mailing list