use entire disk with lvm/encrypted partitioning fails to boot

Bug #144390 reported by Martin Pitt
14
Affects Status Importance Assigned to Milestone
cryptsetup (Ubuntu)
Fix Released
High
Martin Pitt
pkgsel (Ubuntu)
Fix Released
Undecided
Martin Pitt

Bug Description

Binary package hint: debian-installer

Gutsy 20070924 alternate CD. I chose the "use entire disk with lvm/encrypted" partitioning option. The installation process went fine, but the system does not boot. After 60 seconds I get an initramfs prompt. /dev/mapper/ is empty (except for control).

Since this mode has /boot on a normal partition (/sda1 here), and a luks-encrypted second partition (sda5) which contains the LVM with swap and root, this has to be unlocked first:

(initramfs) cryptsetup luksOpen /dev/sda5 mylvm

this creates /dev/mapper/{mylvm,ubuntu-root,ubuntu-swap_1} properly. Now I can leave the initramfs shell, and booting continues.

It is a bit inconvenient that later in the boot process (at /etc/init.d/cryptdisks-early time) I am asked for the luks password for sda5 a second time. After entering it, boot finishes successfully.

Tags: iso-testing
Revision history for this message
Martin Pitt (pitti) wrote :

Moving to cryptsetup, since this is a bug in cryptsetup's initramfstools hooks.

Martin Pitt (pitti)
description: updated
Martin Pitt (pitti)
Changed in cryptsetup:
importance: Undecided → High
Revision history for this message
Reinhard Tartler (siretart) wrote :

confirming bug. I've done a test install and I'm currently looking into it.

Changed in cryptsetup:
assignee: nobody → siretart
status: New → Confirmed
Revision history for this message
Reinhard Tartler (siretart) wrote :

13:49:04 < siretart> pitti: I found out why the cryptroot hook is broken
13:49:14 < siretart> pitti: its the UUID mangling in /etc/fstab
13:49:59 < siretart> pitti: the cryptsetup initramfs hook is comparing /etc/cryptab and /etc/fstab entries. with the UUID mangling, it fails to detect the root device. that's why it doesn't mount root by default

Revision history for this message
Reinhard Tartler (siretart) wrote :

milestoning

Revision history for this message
Martin Pitt (pitti) wrote :

I just tested the new versions on the current amd64 alternate daily, and this is still not fixed. Symptoms exactly as in the original description.

Revision history for this message
Martin Pitt (pitti) wrote :

It seems that the recent udev update did not actually work. This is fstab:

# /dev/mapper/ubuntu-root
UUID=b744a30f-9186-4bd8-8b34-5ff4562bc466 / ext3 defaults,errors=remount-ro 0 1
# /dev/sda1
UUID=2d5ea572-70b1-43a8-a30a-ecd025ebf417 /boot ext3 defaults 0 2
# /dev/mapper/ubuntu-swap_1
UUID=ff29f720-9e0a-4e89-bce4-790b77668a5c none swap sw 0 0

crypttab seems to be as intended now, no UUIDs for the physical device:
sda5_crypt /dev/disk/by-uuid/cfb63807-6da8-4dc9-93da-892e336c2fb7 none luks

Revision history for this message
Martin Pitt (pitti) wrote :

Ah, please forget about my previous comment, it was pretty much nonsense.

The root problem is that /usr/share/initramfs-tools/hooks/cryptroot does not know anything about UUIDs. It needs to be taught to recognize UUIDs in fstab and crypttab and write a sane /conf/conf.d/cryptroot into the initramfs.

Changed in cryptsetup:
assignee: siretart → pitti
status: Confirmed → In Progress
Revision history for this message
Ian Jackson (ijackson) wrote : Re: [Bug 144390] Re: use entire disk with lvm/encrypted partitioning fails to boot

Martin Pitt writes ("[Bug 144390] Re: use entire disk with lvm/encrypted partitioning fails to boot"):
> The root problem is that /usr/share/initramfs-tools/hooks/cryptroot does
> not know anything about UUIDs. It needs to be taught to recognize UUIDs
> in fstab and crypttab and write a sane /conf/conf.d/cryptroot into the
> initramfs.

This is not possible, because the UUID of the filesystem is in the
encrypted portion of the disk. So it is no good quoting the fs UUID
in the config file as the on-disk copy is not accessible until the
decryption for the relevant partition or LV has already been set up.

Ian.

Revision history for this message
Martin Pitt (pitti) wrote :
Changed in cryptsetup:
status: In Progress → Fix Committed
Revision history for this message
Martin Pitt (pitti) wrote :

Reinhard wants to merge some fixes from Debian, too. He'll incorporate the patch.

Changed in cryptsetup:
assignee: pitti → siretart
Revision history for this message
Martin Pitt (pitti) wrote : Re: [Bug 144390] Re: use entire disk with lvm/encrypted partitioning fails to boot

Hi,

Ian Jackson [2007-10-02 16:49 -0000]:
> Martin Pitt writes ("[Bug 144390] Re: use entire disk with lvm/encrypted partitioning fails to boot"):
> > The root problem is that /usr/share/initramfs-tools/hooks/cryptroot does
> > not know anything about UUIDs. It needs to be taught to recognize UUIDs
> > in fstab and crypttab and write a sane /conf/conf.d/cryptroot into the
> > initramfs.
>
> This is not possible, because the UUID of the filesystem is in the
> encrypted portion of the disk. So it is no good quoting the fs UUID
> in the config file as the on-disk copy is not accessible until the
> decryption for the relevant partition or LV has already been set up.

No, that's alright. The script I am talking about runs at
update-initramfs -u time. What it does is to read fstab and crypttab
and figure out the 'outer' (encrypted) devices that contains the root
file system (which is on the cleartext device in an LVM). It
essentially translates fstab and crypttab into a proper
conf/conf.d/cryptroot file in the initramfs, so that the initramfs
hook knows which device it needs to luksOpen to get the root fs.

Revision history for this message
Reinhard Tartler (siretart) wrote :
Download full text (4.4 KiB)

cryptsetup (2:1.0.5-2ubuntu1) gutsy; urgency=low

  * Merge new debian version. Remaining changes:
    - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
      This will break systems where /usr is a separate encrypted filesystem
      but not have other bad consequences (in particular, systems with
      encrypted root are still fine). The upsides include better
      security supportability and smaller packages.
    - libcryptsetup.so et al removed from the binary packages. They have
      no stable ABI and are not suitable for use by other packages, and
      were in violation of library policies etc. They're not needed since
      the cryptsetup executable statically contains the relevant parts of
      libcryptsetup.
    - cryptdisks.functions: remove #!/bin/bash as it isn't a script
      by itself; it's only sourced by other scripts. This gets rid
      of the lintian warning `script-not-executable' for this file.
    - stop usplash on user input. LP #62751
    - Always output and read from the console. LP #58794.
    - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
      bzr on launchpad.
    - Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate
      libnsl linkage;
    - debian/initramfs/cryptroot-hook: (LP: #73862)
      Added patch to install aes optimized cypher module
    - try to load optimized cypher module in cryptsetup.functions as well,
      because cryptroot-hook is only executed when we really have a
      cryptoroot.
    - apply patch from pitti for allowing UUIDs in /etc/crypttab.
      This allowes crypted PVs! LP: #144390.
    - remove README.ubuntu, since it contains old and obsolete information.

cryptsetup (2:1.0.5-2) unstable; urgency=low

  [ Jonas Meurer ]
  * Add libselinux1-dev and libsepol1-dev to build-depends. Detected by
    the build daemon from hell by Steinar H. Gunderson. Thanks to Manoj
    Srivastava for advice.
  * Fix the watchfile
  * Fix cryptopensc-hook to honor key=none. Thanks to Daniel Baumann
    (closes: #436434)
  * Remove outdated README.html and example usbcrypto.* scripts from
    documentation. Add example usbcrypto.udev script. Thanks to Volker Sauer
    for the update. (closes: #409775)
  * Document that stdin is read different with '--key-file=-' than without.
    Thanks to Marc Haber. (closes: #418450)
  * Document that --timeout is useless in conjunction with --key-file. Thanks
    Alexander Zangerl. (closes: #421693)
  * [03_check_for_root.dpatch] Check for UID == 0 before actually doing
    something. Thanks to Benjamin Seidenberg. (closes: #401766)
  * [04_fix_unused_or_unitialized_variables.dpatch] Fix some gcc warnings
    about unused or unitialized variables. Thanks to Ludwig Nussel for the
    patch.
  * [05_segfault_at_nonexisting_device.dpatch] Fix segfault when trying to
    open a non existing device. Thanks to Ludwig Nussel for the patch.
    (closes: #438198)
  * Add CFLAGS="$(CFLAGS)" before ./configure invocation in debian/rules.
    This way CFLAGS are passed to the configure script. Thanks to Gordon
    Farquharson for the patch. (closes: #438450)
  * Add a warning about missing hash option in crypt...

Read more...

Changed in cryptsetup:
status: Fix Committed → Fix Released
Revision history for this message
Andrew (adhenry) wrote :

Is this going to make it into the final 7.10??

By the way, how do I get into the busybox shell?? It does not drop into this shell after 60s, but I am running in splash mode I guess...How do I boot in text mode? I do not see *anything* before the 'hang'...no grub, no nothing (yes I have an unencrypted /boot).

Revision history for this message
Reinhard Tartler (siretart) wrote : Re: [Bug 144390] Re: use entire disk with lvm/encrypted partitioning fails to boot

Andrew Henry <email address hidden> writes:

> Is this going to make it into the final 7.10??

yes, it should be on todays or tomorrows dailies.

> By the way, how do I get into the busybox shell?? It does not drop into
> this shell after 60s, but I am running in splash mode I guess...How do I
> boot in text mode? I do not see *anything* before the 'hang'...no grub,
> no nothing (yes I have an unencrypted /boot).

Please use
https://answers.edge.launchpad.net/ubuntu/+source/cryptsetup/+addquestion
for such questions.

short: edit your boot parameters: remove 'quiet' and 'splash', add
'verbose rootdelay=10'. If you want to break in anycase, add
'break=premount' (or any other point in the initramfs system, look at
the initramfs-tools source package)

--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4

Revision history for this message
Nicolai P (nicolaip) wrote :

I have just tried the current daily alternate cd.
Encrypting the whole disk works (or, at least, it seems to work, atm the installer is formatting my QEMU disk), but if I choose "Manual partitioning" (and create my boot partition+a encrypted one), the installer tells my that I haven't chosen a root partition...

Revision history for this message
Martin Pitt (pitti) wrote :

Nikolai's issue was sorted out in IRC.

Reopening, though, since this is still not fixed yet. The initially present initramfs after installation does not have a /conf/conf.d/cryptroot at all. A mere update-initramfs -u fixes that now. So now we need to find out why the post-installation initramfs is broken.

Changed in cryptsetup:
assignee: siretart → pitti
status: Fix Released → In Progress
Revision history for this message
A. Nonymous (nw1-mail) wrote :

Tested this with today's gutsy alternate CD iso. Still not fixed.

Revision history for this message
Martin Pitt (pitti) wrote :

Updated summary:

* During installation, /target does not have a /dev/disk/ bind-mount, so that the initramfs hook cannot do UUID resolution. This could be fixed with adding bind mounting to /var/lib/dpkg/info/base-installer.postinst (to install_extra()).

* The d-i environment lacks /dev/disk/by-uuid for LVM devices, it only has the physical block devices (sda1 and sda5). Therefore, again, UUID resolution fails.

* In the d-i environment, there is /dev/disk/by-id/dm-uuid-LVM-<something strangely encoded that is not an UUID>; it could be a base64-encoded UUID, but I haven't checked that at all

At this point I do not have an idea how to fix it properly with a trivial fix which would be appropriate for gutsy.

Revision history for this message
Martin Pitt (pitti) wrote :

The initramfs hook in cryptsetup works fine in the final system. We should make the d-i environment more conformant to the one in the installed system, so that stuff like cryptsetup, LVM, etc. can install properly. Since we committed to consistently using UUIDs everywhere, they should be provided by the installer environment's /dev/, too.

Any comment or hint appreciated, of course.

Changed in debian-installer:
status: New → Confirmed
Revision history for this message
Martin Pitt (pitti) wrote :

The original fix should be sufficient, so I close this task again.

Changed in cryptsetup:
status: In Progress → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote :

Ah, the lack of UUIDs is because the VGs are formatted after being set up. udevtrigger fixes that bit.

Revision history for this message
Martin Pitt (pitti) wrote :

Proposed debdiff for base-installer. I am currently testing this with a complete Ubuntu install (not just CLI).

Changed in debian-installer:
assignee: nobody → pitti
status: Confirmed → In Progress
Revision history for this message
Martin Pitt (pitti) wrote :

I updated the patch with the following changes:

 * bind-mount the entire /dev, which is more consistent and less likely to break
 * remove the mkdir -p, since it is not necessary any more
 * fixed tab damage
 * updated changelog accordingly

Revision history for this message
Martin Pitt (pitti) wrote :

Next try: We should not umount the bind mount of /dev that early, since packages like fuse are actually installed after the install_extras() packages. They also regenerate initramfs and thus UUIDs still need to be present.

Revision history for this message
Martin Pitt (pitti) wrote :

With my latest patch from above, packages which call MAKEDEV now fail to install, such as libraw1394-8. This is a bug in those packages, but hard to fix for Gutsy.

Revision history for this message
Martin Pitt (pitti) wrote :

New approach: Restore the diversion of update-initramfs and the final call in pkgsel, and just factor the bind-mounting and udevtrigger into this.

Revision history for this message
Martin Pitt (pitti) wrote :

With this change, it actually worked!

Revision history for this message
Martin Pitt (pitti) wrote :

pkgsel (0.13ubuntu3) gutsy; urgency=low

  * debian/postinst:
    - Revert the changes in 0.13ubuntu2 and use diversion of update-initramfs
      again. When not doing it, we have the unsolvable situation that some
      things (e. g. root on encrypted file system) fail with a static
      /target/dev/, and some other things (like configuration of libraw1394)
      fail with an udevish bind-mounted /target/dev.
    - Use a bind-mounted /target/dev for calling the final update-initramfs,
      so that scripts in the target system can resolve UUIDs. Also make /proc
      and /sys available.
    - Call udevtrigger, so that we get UUIDs for newly created and formatted
      partitions, too.
    - LP: #144390

 -- Martin Pitt <email address hidden> Mon, 08 Oct 2007 22:43:52 +0200

Changed in pkgsel:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.