Re: [dm-crypt] Help: after crypttab modify > begin: waiting for root file system

[Tommaso <elisapippo@tiscali.it>]

Jonas Meurer wrote:
> yes, that's exactly what passdev is meant for.

Problem solved indeed, passdev works :)


> that really sounds weird. if the unlocked device _is_ the same for both
> passphrases, then it will behave similar. thus i don't see how issues
> with network should be related to the used keyslot.

Ok, maybe I got it, but maybe you won't like the answer.

The error I was getting with the new passphrase was:

    ADDRCONF(NETDEV_UP): eth1: link is not ready


I found many topics about, and I discovered that this is an issue of a
bad renaming of the network interfaces, see i.e.
http://marc.info/?l=debian-user&m=114369893509924&w=2

In fact I have two NICs on the server, one of which (eth0) is not used
(hasn't got even a cable). So it seems that, due to the dynamic
remapping of the interfaces at boot, if I insert the old passphrase the
interface names are right, but if I change the passphrase, probably
because of some kind of variation in the entropy pattern of the system,
the names are swapped. I solved this issue installing ifrename and
managing the interfaces name according to their MAC.

HOWEVER: if this is the case (that is, if the cause of the name swapping
is due to the passphrase inserted for cryptsetup), I believe it's not a
good thing. It would indicate some kind of fixed entropy pattern
variation according to a given passphrase, probably not a desiderable
behaviour in regard to the security of encrypted filesystems.

I also addressed this issue on
http://forums.debian.net/viewtopic.php?f=10&t=44690

Thank you :)