[dm-crypt] problems mounting encrypted drive on reboot

Jerry Lowry jlowry at edt.com
Thu Sep 21 00:59:07 CEST 2017


Well, I have traced the error down to cryptsetup.c, line 564. Which is 
getting a return code of less than 0 from crypt_activate_by_keyfile_offset.

So, I don't think it is the systemd folks.  Just my guess.

---------------------------------------------------------------------------
Jerold Lowry
Principal Network/Systems Engineer
Engineering Design Team (EDT), Inc. a HEICO company
3423 NW John Olsen Pl
Hillsboro, Oregon 97124 (U.S.A.)
Phone: 503-690-1234 / 800-435-4320
Fax: 503-690-1243
Web: _www.edt.com <http://www.edt.com/>_


On 9/20/2017 3:53 PM, Arno Wagner wrote:
> Hi,
>
> looks to me like you need to complain to the systemd-people,
> not to us here. Good luck with that....
>
> Regards,
> Arno
>
> On Thu, Sep 21, 2017 at 00:38:20 CEST, Jerry Lowry wrote:
>>     Hi,
>>
>>     I have created an encrypted drive using the following commands:
>>
>>     #>cryptsetup --verify=passphrase -- hash=sha256 --keyfile=/dir/file
>>     create /dev/mapper/testcui /dev/sdb
>>
>>     #>mkfs.ext4 /dev/mapper/testcui
>>
>>     I did this all at single user level.  running centos 7 on a VM.
>>
>>     this all work well until I reboot the system and then it fails to mount
>>     the device and drops down it to emergency mode.  This is the journalctl
>>     output I get. ( yeah I know about the acls on the key file )  device
>>     name  "testcui"
>>
>>     Sep 20 14:19:53 jubilee systemd[1]: Starting Cryptography Setup for
>>     /dev/mapper/testcui...
>>     -- Subject: Unit [1]systemd-cryptsetup at -dev-mapper-testcui.service has
>>     begun start-up
>>     -- Defined-By: systemd
>>     -- Support:
>>     [2]https://url.emailprotection.link/?aU9kur6wsNUi02sZK7jqbqHUDJAa-o4ToSDYQrs9syxvrrIdB1sQAdzV3HPUijEgCYM0mtOEY4w7RKS2IUkVivQ~~
>>     --
>>     -- Unit [3]systemd-cryptsetup at -dev-mapper-testcui.service has begun
>>     starting up.
>>     Sep 20 14:19:53 jubilee systemd-cryptsetup[501]: Key file /etc/keys is
>>     world-readable. This is not a good idea!
>>     Sep 20 14:19:53 jubilee systemd-cryptsetup[501]: Set cipher aes, mode
>>     cbc-essiv:sha256, key size 256 bits for device /dev/sdb.
>>     Sep 20 14:19:53 jubilee systemd-cryptsetup[501]: Failed to activate
>>     with key file '/etc/keys': Invalid argument
>>     Sep 20 14:19:53 jubilee systemd[1]: Started Forward Password Requests
>>     to Plymouth.
>>
>>     What is the invalid argument that it is complaining about?
>>
>>     Once in emergency mode I can :
>>
>>     #>cryptsetup create testcui /dev/sdb
>>
>>     ( passcode)
>>
>>     And it continues just fine.
>>
>>     -- crypttab --
>>
>>     # test disk
>>     #
>>     /dev/mapper/testcui  /dev/sdb /etc/keys plain
>>
>>     --fstab--
>>
>>     #
>>     # /etc/fstab
>>     # Created by anaconda on Tue Dec 15 12:05:51 2015
>>     #
>>     # Accessible filesystems, by reference, are maintained under
>>     '/dev/disk'
>>     # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more
>>     info
>>     #
>>     UUID=c4cc85f2-9dbb-4bf8-8b3e-edaa5af3dae9 /
>>     xfs     defaults        1 1
>>     UUID=2f178edb-b16e-4ea1-85c3-d8243b07a75b /boot
>>     xfs     defaults        1 2
>>     UUID=a34fac21-a385-494a-a6cc-cae22b87c8c9 swap
>>     swap    defaults        0 0
>>     /dev/mapper/testcui    /cui        ext4    defaults    1 2
>>
>>     jerry
>>
>>     --
>>
>>     -----------------------------------------------------------------------
>>     ----
>>     Jerold Lowry
>>     Principal Network/Systems Engineer
>>     Engineering Design Team (EDT), Inc. a HEICO company
>>     3423 NW John Olsen Pl
>>     Hillsboro, Oregon 97124 (U.S.A.)
>>     Phone: 503-690-1234 / 800-435-4320
>>     Fax: 503-690-1243
>>     Web: [4]https://url.emailprotection.link/?a4pOREhk_4MCW0PtjXkm2I74KsEDNqUHU1TlAGkvY7v8~
>>
>> References
>>
>>     1. mailto:systemd-cryptsetup at -dev-mapper-testcui.service
>>     2. https://url.emailprotection.link/?aU9kur6wsNUi02sZK7jqbqHUDJAa-o4ToSDYQrs9syxvrrIdB1sQAdzV3HPUijEgCYM0mtOEY4w7RKS2IUkVivQ~~
>>     3. mailto:systemd-cryptsetup at -dev-mapper-testcui.service
>>     4. https://url.emailprotection.link/?arGCBlB4ktQEllVdqrdFEHWz7tmQKHcDNQMQoUiVtXzs~
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt at saout.de
>> https://url.emailprotection.link/?ayE0YSl-8fsjTFuwcayuImPwuXvHCc0cXGaaipszDZOnBozAr3C_ngpEWBBTBT_i-8IP1XBKBwokSgi0QxfTytA~~
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20170920/4b946df4/attachment-0001.html>


More information about the dm-crypt mailing list