[dm-crypt] Kernel update: "Failed to access temporary keystore device."

Arno Wagner arno at wagner.name
Mon Aug 4 03:13:30 CEST 2014

On Sun, Aug 03, 2014 at 21:41:46 CEST, Milan Broz wrote:
> On 08/03/2014 02:01 AM, Arno Wagner wrote:
> >> Can you paste the command with added --debug?
> > 
> > See below, both for 1.6.1 and 1.6.5, which unloaks without 
> > error (well, without error that gets propagated to the user), 
> > but never creates the entry in /dev/mapper/. Likely
> > a bug in 1.6.5, as it probably should tell the user that 
> > things went wrong.
> The 1.6.5 uses different code here (it reads device directly
> when decrypting keyslot) and it need more user friendly error
> messages here, my bad...
> Anyway, seems like in both cases read of device really returns
> I/O error while reading keyslot area.
> Could you send me strace of the command?
> (No need to enter correct password at all.)

Looks like it. Strace output from a test container comes
in separate email.
> BTW if not already there, it is another nice item to FAQ
> - warn people that strace and similar debugging output can
> easily leak keys or passwords. And yes, people sometimes
> post these to lists :)

Good idea. Added as Item 4.5 and to the warnings at the start.

> > 
> >> Can you try to boot Debian provided kernel - does it work?
> > 
> > Not easily. But it does work with 3.10.51, so the 3.2.x that
> > Debian stable is stuck at should probably work too. 
> > 
> > Come to think of it, I have /usr/src/linux pointing to a 3.4.67 
> > source tree, as gcc kernel includes in Debian stable are really 
> > messed up with 3.5.x and later and I failed to fix it manually.  
> > (Sometimes I really wonder what the Kernel devs are thinking or 
> > whether they are thinking at all...) Could that be the problem?
> Don't think so... kernel should use own includes while compiling
> and what's failing here is just plain read (I think). 
> > I usually run testing, except that I really do not want systemd,
> > so until I am sure I can do that update without getting that 
> > atrocity, no update to jessy for me. 
> There is a lot of discussion about this on debian devel,
> IIRC systemd-shim is possible the way to avoid systemd as init.
> (dunno if this will be supported).

We will see. I have a suspicion that the sudden long-term support
for pre-systemd Debian is not an accident.
> > Anyways, if we do not figure this one out, I will just stay
> > with 3.10.x, it is a longterm-kernel after all. I just
> > tried 3.14.15 because I have some network issues and wanted to
> > see whether they may be gone with a newer kernel.
> Well, it would be interesting to find what's wrong here.

Ok, so lets keep poking at it. 

> You are using MD device - what kind of raid is that?
> (lsblk -t can say more info about storage stack topology as well).

It is a 3-way md RAID1 (on 2.5" laptop drives, about one firmware
crash per year...). 

"lsblk -t" does not say a lot:

md10         0   4096      0    4096     512    1           128


Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. -  Plato

More information about the dm-crypt mailing list