Re: [dm-crypt] problems mounting encrypted drive on reboot

From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] problems mounting encrypted drive on reboot
Date: Thu, 21 Sep 2017 00:53:01 +0200	[thread overview]
Message-ID: <20170920225301.GA26718@tansi.org> (raw)
In-Reply-To: <bb04eb1b-4a50-1b46-3093-b815b2704e34@edt.com>

Hi,

looks to me like you need to complain to the systemd-people,
not to us here. Good luck with that....

Regards,
Arno

On Thu, Sep 21, 2017 at 00:38:20 CEST, Jerry Lowry wrote:
>    Hi,
> 
>    I have created an encrypted drive using the following commands:
> 
>    #>cryptsetup --verify=passphrase -- hash=sha256 --keyfile=/dir/file
>    create /dev/mapper/testcui /dev/sdb
> 
>    #>mkfs.ext4 /dev/mapper/testcui
> 
>    I did this all at single user level.  running centos 7 on a VM.
> 
>    this all work well until I reboot the system and then it fails to mount
>    the device and drops down it to emergency mode.  This is the journalctl
>    output I get. ( yeah I know about the acls on the key file )  device
>    name  "testcui"
> 
>    Sep 20 14:19:53 jubilee systemd[1]: Starting Cryptography Setup for
>    /dev/mapper/testcui...
>    -- Subject: Unit [1]systemd-cryptsetup@-dev-mapper-testcui.service has
>    begun start-up
>    -- Defined-By: systemd
>    -- Support:
>    [2]http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>    --
>    -- Unit [3]systemd-cryptsetup@-dev-mapper-testcui.service has begun
>    starting up.
>    Sep 20 14:19:53 jubilee systemd-cryptsetup[501]: Key file /etc/keys is
>    world-readable. This is not a good idea!
>    Sep 20 14:19:53 jubilee systemd-cryptsetup[501]: Set cipher aes, mode
>    cbc-essiv:sha256, key size 256 bits for device /dev/sdb.
>    Sep 20 14:19:53 jubilee systemd-cryptsetup[501]: Failed to activate
>    with key file '/etc/keys': Invalid argument
>    Sep 20 14:19:53 jubilee systemd[1]: Started Forward Password Requests
>    to Plymouth.
> 
>    What is the invalid argument that it is complaining about?
> 
>    Once in emergency mode I can :
> 
>    #>cryptsetup create testcui /dev/sdb
> 
>    ( passcode)
> 
>    And it continues just fine.
> 
>    -- crypttab --
> 
>    # test disk
>    #
>    /dev/mapper/testcui  /dev/sdb /etc/keys plain
> 
>    --fstab--
> 
>    #
>    # /etc/fstab
>    # Created by anaconda on Tue Dec 15 12:05:51 2015
>    #
>    # Accessible filesystems, by reference, are maintained under
>    '/dev/disk'
>    # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more
>    info
>    #
>    UUID=c4cc85f2-9dbb-4bf8-8b3e-edaa5af3dae9 /
>    xfs     defaults        1 1
>    UUID=2f178edb-b16e-4ea1-85c3-d8243b07a75b /boot
>    xfs     defaults        1 2
>    UUID=a34fac21-a385-494a-a6cc-cae22b87c8c9 swap
>    swap    defaults        0 0
>    /dev/mapper/testcui    /cui        ext4    defaults    1 2
> 
>    jerry
> 
>    --
> 
>    -----------------------------------------------------------------------
>    ----
>    Jerold Lowry
>    Principal Network/Systems Engineer
>    Engineering Design Team (EDT), Inc. a HEICO company
>    3423 NW John Olsen Pl
>    Hillsboro, Oregon 97124 (U.S.A.)
>    Phone: 503-690-1234 / 800-435-4320
>    Fax: 503-690-1243
>    Web: [4]www.edt.com
> 
> References
> 
>    1. mailto:systemd-cryptsetup@-dev-mapper-testcui.service
>    2. http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>    3. mailto:systemd-cryptsetup@-dev-mapper-testcui.service
>    4. http://www.edt.com/

> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier