Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic:  Caution for LUKS encrypted partitions  (Read 16189 times)

Offline melmarker

  • User
  • Posts: 2.799
    • g-com.eu
Re: Caution for LUKS encrypted partitions
« Reply #15 on: 2014/10/11, 15:55:42 »
nur zum Spass: als root - update-initramfs -u -k all

und dann sollte alles Wölkchen sein.
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. (Benjamin Franklin, November 11, 1755)
Never attribute to malice that which can be adequately explained by stupidity. (Hanlons razor)

nadar

  • Guest
Re: Caution for LUKS encrypted partitions
« Reply #16 on: 2014/10/11, 16:39:29 »
Der Vorsicht halber aktualisierte ich initramfs nur für den neuesten Kernel. Resultat: unverändertes Verhalten.

Being careful I only updated the latest kernel. Result: nothing changed.

Offline Lanzi

  • User
  • Posts: 1.777
Re: Caution for LUKS encrypted partitions
« Reply #17 on: 2014/10/11, 16:52:08 »
How can I use melmarkers command only for the last kernel?

I tried an older Kernel 3.15 and it didnt't change anything.

Hier keine Änderung mit altem Kernel.
Wie muss ich Alfs Konsolenbefehl verändern, damit es nur den aktuellen Kernel anpasst.
« Last Edit: 2014/10/11, 17:05:55 by Lanzi »

nadar

  • Guest
Re: Caution for LUKS encrypted partitions
« Reply #18 on: 2014/10/11, 16:56:55 »
@ Lanzi: try  update-initramfs -u -k <tab>

Offline melmarker

  • User
  • Posts: 2.799
    • g-com.eu
Re: Caution for LUKS encrypted partitions
« Reply #19 on: 2014/10/11, 17:45:34 »
so if the behaviour not change after the update i would suggest to examine the working and not working initrd's - unpack and diff them may be a good idea. Only a wild guess, eventually one should add a few modules to grub too with the new initramfs-tools.

Saying so, we like the new initramfs-tools, but it was a jump from stone-edge to now within a release, so there may be bugs.
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. (Benjamin Franklin, November 11, 1755)
Never attribute to malice that which can be adequately explained by stupidity. (Hanlons razor)

Offline Lanzi

  • User
  • Posts: 1.777
Re: Caution for LUKS encrypted partitions
« Reply #20 on: 2014/10/11, 18:06:41 »
I know, its not necessary to say, but to quote a german saying: better say thank you one time to many - then one time to few! (poorly translated from german: Es ist immer besser sich einemal zu viel zu bedanken, als einmal zu wenig!)

Thanks for the help everybody here is giving freely and the patience that is surely sometimes difficult to find.

Even if we have sometimes problems with our belovered distribution, there is always a helping hand very close, and if I may add, to nearly every hour of the day!
So thanks to everybody, and I am surewe will fix this problem one day!

Offline melmarker

  • User
  • Posts: 2.799
    • g-com.eu
Re: Caution for LUKS encrypted partitions
« Reply #21 on: 2014/10/11, 20:12:11 »
@nadar: das ist kein longstanding bug mit den Bildern, das ist gewollt so
ein über verschiedene Foren-SW gleicher bug ist unwahrscheinlich, oder. Man kann das aber mit mediacru.sh etc pp umgehen, die Bilder müssen nicht auf unserem Server rumgammeln

EDIT: zum ursprünglichen Problem: in fixes liegt noch ein initramfs-tools 0.117.2~really.. rum. Eventuell das mal probieren.
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. (Benjamin Franklin, November 11, 1755)
Never attribute to malice that which can be adequately explained by stupidity. (Hanlons razor)

nadar

  • Guest
Re: Caution for LUKS encrypted partitions
« Reply #22 on: 2014/10/12, 09:18:30 »
@melmarker: Falls du dich auf meine Kommentare im IRC beziehst: Ich glaube nicht dass es gewollt ist, dass die Forensoftware bemängelt, dass die Anhänge zu groß sind – und gleichzeitig allen eingegebenen Text unwiederbringlich verliert.
Zudem finde ich es sinnvoller, Bilder am gleichen Platz zu hosten wie die anderen Inhalte. Ich sehe gelegentlich ältere Forenthreads, die Bilder (nicht mehr) beinhalten, die bei irgendwelchen Hostern hinterlegt worden waren.

OnTopic: initramfs-tools_0.117.2~really~0.116_all.deb habe ich bereits gestern Vormittag installiert. Hat nichts gebracht.

graver

  • Guest
Re: Caution for LUKS encrypted partitions
« Reply #23 on: 2014/10/17, 21:28:25 »
I had this problem.  Installed paintitblack on a laptop with enctypted root, swap and home using lvm containers, following the instructions in the siduction manual (using same names for volumes).  For a while, I was forced to select the distribution kernel from the grub menu when booting, until I found time to look into the problem.

update-initramfs was complaining of no entry in /etc/crypttab, and failing to install cryptsetup to the initrd.  Looking through /usr/share/initramfs-tools/hooks/cryptroot, I saw a reference to /usr/share/doc/crtyptsetup/README.initramfs, and read it.

Can now boot with newer kernels since adding the following to my empty /etc/crypttab
Code: [Select]
cryptroot /dev/mapper/vg-crypt none luks
and doing

Code: [Select]
update-initramfs -u -k <latest installed kernel>

nadar

  • Guest
Re: Caution for LUKS encrypted partitions
« Reply #24 on: 2014/10/18, 11:41:29 »
@graver: thanks! This worked on my netbook (but I didn't dare to do it on my main box. :) )

nadar

  • Guest
Re: Caution for LUKS encrypted partitions
« Reply #25 on: 2014/10/29, 20:43:20 »
tl;dr: doesn't work for more then one crypted LVM

On the main box where I have two encrypted LVM and up to now only the non-root is in the crypttab.

I added the cryptroot to the crypttab before a d-u where a new kernel was to be installed. Alone during the d-u I was asked for the password for cryptroot 6 times. After restarting the box it still could not unlock cryptroot.
At booting with kernel 3.15-7 I needed several attempts. Although unlocking from Initramfs worked fine it seemed that systemd asked mostly for the passwords of both crypted LVMs at the same time and so I had to guess which password to enter first. After finally having the box booting I removed cryptroot from crypttab again. Doing so I was asked two times more the password for the cryptroot  while using a root shell.

Offline Lanzi

  • User
  • Posts: 1.777
Re: Caution for LUKS encrypted partitions
« Reply #26 on: 2014/11/10, 18:10:26 »
  @graver: please could you help:

The situation gets worse from DU to DU, no I have only to trys to enter the password, after that keyboardcommands are ignored. So I mount everything now after starting, wich is a pain in the... fingers... ;-)

I read the manual and your post, but i do not understand everything, since my crypttab is very different!
You wrote yours is empty???

My crypttab
Code: [Select]
disk1 UUID=xxxxx170-212d-4deb-9878-75ca6e0e5133  none luks
disk2 UUID=xxxxx66b-3cf6-42d5-a93c-b91d95a71f2a  none luks

disk1-backup UUID=xxxxx7cc-c63a-41af-b7a9-6515b19b835e  none luks
disk2-backup UUID=xxxxx872-4be8-40c4-8ba5-b4e6b89eb877  none luks

So when I add your line, it should be something like this, I suppose:
 
Code: [Select]
cryptroot /dev/mapper/disk1 none luks
cryptroot /dev/mapper/disk2 none luks

Should I enter this below my entries? Should I delete my entries??? (which does not make any sense to me)




 

Offline bluelupo

  • User
  • Posts: 2.068
    • BluelupoMe
Re: Caution for LUKS encrypted partitions
« Reply #27 on: 2014/11/13, 12:42:17 »
Hi Lanzi,
welche Einträge hast du in deiner crypttab drinnen aktuell? Ohne wird es nicht funktionieren :-(

---EN---

Hi Lanzi,
which entries you have currently entered in your crypttab? Without it will not work.

hefee

  • Guest
Re: Caution for LUKS encrypted partitions
« Reply #28 on: 2014/11/13, 13:48:46 »
For me it works for months with systemd, but I have only one entry in /etc/cryptab:

Code: [Select]
blub UUID=x[...]x none luks

Maybe you have things in /etc/initramfs-tools?  I cleanup the dir to the default. (there where days, when it was nessary to modify the files form initramfs-tools)...

hefee

  • Guest
Re: Caution for LUKS encrypted partitions
« Reply #29 on: 2014/11/13, 14:36:29 »
Okay the point that is relevant is full-encryption:
full-encrypted system with only one crypted container is safe, casue the pw quetion is triggered before anything elese can go on ('cause it needs an root).

If you use mutiple disks with encryption, systemd do not serialize the input and you get the problem you just reported. tanguy has the same problem:
http://tanguy.ortolo.eu/blog/article133/re-about-choice
http://tanguy.ortolo.eu/blog/article132/trying-systemd-back-to-sysv

A workaround is mentioned in the comments: install plymouth to serialize the input.


Der relvante Punkt ist Vollverschlüsselung:
Vollverschlüsselte Systeme mit nur einem verschlüsselten Container, haben kein Problem, weil die Passwortabfrage kommt, bevor es überhaupt weitergehen kann ( er braucht ja ein root)

Bei mehreren verschlüsselte Platten, kommt zum Tragen dass systemd die Eingaben nicht serialisiert und du genau dein beshriebens Problem bekommst. tanguy beschreibt das selbe Problem:
http://tanguy.ortolo.eu/blog/article133/re-about-choice
http://tanguy.ortolo.eu/blog/article132/trying-systemd-back-to-sysv

Als temporäre Lösung wird in den Kommentaren vorgeschlagen: plymouth installieren, um die Eingaben zu serialisieren.