[dm-crypt] Kernel update: "Failed to access temporary keystore device."
arno at wagner.name
Mon Aug 4 03:13:30 CEST 2014
On Sun, Aug 03, 2014 at 21:41:46 CEST, Milan Broz wrote:
> On 08/03/2014 02:01 AM, Arno Wagner wrote:
> >> Can you paste the command with added --debug?
> > See below, both for 1.6.1 and 1.6.5, which unloaks without
> > error (well, without error that gets propagated to the user),
> > but never creates the entry in /dev/mapper/. Likely
> > a bug in 1.6.5, as it probably should tell the user that
> > things went wrong.
> The 1.6.5 uses different code here (it reads device directly
> when decrypting keyslot) and it need more user friendly error
> messages here, my bad...
> Anyway, seems like in both cases read of device really returns
> I/O error while reading keyslot area.
> Could you send me strace of the command?
> (No need to enter correct password at all.)
Looks like it. Strace output from a test container comes
in separate email.
> BTW if not already there, it is another nice item to FAQ
> - warn people that strace and similar debugging output can
> easily leak keys or passwords. And yes, people sometimes
> post these to lists :)
Good idea. Added as Item 4.5 and to the warnings at the start.
> >> Can you try to boot Debian provided kernel - does it work?
> > Not easily. But it does work with 3.10.51, so the 3.2.x that
> > Debian stable is stuck at should probably work too.
> > Come to think of it, I have /usr/src/linux pointing to a 3.4.67
> > source tree, as gcc kernel includes in Debian stable are really
> > messed up with 3.5.x and later and I failed to fix it manually.
> > (Sometimes I really wonder what the Kernel devs are thinking or
> > whether they are thinking at all...) Could that be the problem?
> Don't think so... kernel should use own includes while compiling
> and what's failing here is just plain read (I think).
> > I usually run testing, except that I really do not want systemd,
> > so until I am sure I can do that update without getting that
> > atrocity, no update to jessy for me.
> There is a lot of discussion about this on debian devel,
> IIRC systemd-shim is possible the way to avoid systemd as init.
> (dunno if this will be supported).
We will see. I have a suspicion that the sudden long-term support
for pre-systemd Debian is not an accident.
> > Anyways, if we do not figure this one out, I will just stay
> > with 3.10.x, it is a longterm-kernel after all. I just
> > tried 3.14.15 because I have some network issues and wanted to
> > see whether they may be gone with a newer kernel.
> Well, it would be interesting to find what's wrong here.
Ok, so lets keep poking at it.
> You are using MD device - what kind of raid is that?
> (lsblk -t can say more info about storage stack topology as well).
It is a 3-way md RAID1 (on 2.5" laptop drives, about one firmware
crash per year...).
"lsblk -t" does not say a lot:
NAME ALIGNMENT MIN-IO OPT-IO PHY-SEC LOG-SEC ROTA SCHED RQ-SIZE
md10 0 4096 0 4096 512 1 128
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. - Plato
More information about the dm-crypt