[dm-crypt] dmsetup or cryptsetup hangs in the initrd

[dm-crypt] dmsetup or cryptsetup hangs in the initrd

[Sean MacLennan]

[-- Attachment #1.1: Type: text/plain, Size: 885 bytes --]

In RedHat 7 I am trying to setup a partition with dmsetup. I have attached
a tarball that includes three files:

* go.sh is a simple script to install everything
* install is the dracut module install
* 95dmcrypt.sh is the file I want to run at boot time

All the files are small, I can send them inline if preferred.

Obviously, this has all been stripped down to make it as simple as
possible. Sorry for the hard coding. If you want to test it, you need to
provide a /dev/sdb1 partition that is at least 2G. If you comment out the
`exit 0' in go.sh it will setup the partition for you.

Note that if 95dmcrypt.sh has either the dmsetup or the 2 cryptsetup lines
commented in, it will hang the machine.

I am hoping I have just put something in the wrong place. pre-mount is
where we previously ran the script from. Note that we have dmsetup working
under RedHat 6.

Cheers,
    Sean

[-- Attachment #1.2: Type: text/html, Size: 1077 bytes --]

[-- Attachment #2: dmtest.tar.gz --]
[-- Type: application/x-gzip, Size: 1001 bytes --]

Re: [dm-crypt] dmsetup or cryptsetup hangs in the initrd

[Arno Wagner]

First, we are not your debugging service. I do offer 
professional security consulting which includes this 
type of engineering, and it runs $250/hour and you have 
to order at least a day.
 
That said, you can narrow down "it hangs" by running 
cryptsetup with strace. Do not use a secret password 
for that as it will show up in the trace data. The last 
operation you see is the one that hangs. If it is still 
unclear to you what the problem is, post the trace here
(but remember the bit about the non-secret password!).

Regards,
Arno

On Sat, Oct 17, 2015 at 16:24:13 CEST, Sean MacLennan wrote:
> In RedHat 7 I am trying to setup a partition with dmsetup. I have attached
> a tarball that includes three files:
> 
> * go.sh is a simple script to install everything
> * install is the dracut module install
> * 95dmcrypt.sh is the file I want to run at boot time
> 
> All the files are small, I can send them inline if preferred.
> 
> Obviously, this has all been stripped down to make it as simple as
> possible. Sorry for the hard coding. If you want to test it, you need to
> provide a /dev/sdb1 partition that is at least 2G. If you comment out the
> `exit 0' in go.sh it will setup the partition for you.
> 
> Note that if 95dmcrypt.sh has either the dmsetup or the 2 cryptsetup lines
> commented in, it will hang the machine.
> 
> I am hoping I have just put something in the wrong place. pre-mount is
> where we previously ran the script from. Note that we have dmsetup working
> under RedHat 6.
> 
> Cheers,
>     Sean


> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier

Re: [dm-crypt] dmsetup or cryptsetup hangs in the initrd

[Milan Broz]

I guess you are missing dmsetup udev rules in initramfs
or something like that. (Hint: just add --debug to cryptsetup and it will show where is is waiting.)

You should probably use systemd to activate crypt devices in RHEL7 anyway.

On 10/19/2015 08:21 AM, Arno Wagner wrote:
>> Obviously, this has all been stripped down to make it as simple as
>> possible. Sorry for the hard coding. If you want to test it, you need to
>> provide a /dev/sdb1 partition that is at least 2G. If you comment out the
>> `exit 0' in go.sh it will setup the partition for you.

Using hardcoded sdb1 is wrong, it will overwrite other disk if you e.g. forget
USB drive plugged in. Use some hw id symlink.

>> Note that if 95dmcrypt.sh has either the dmsetup or the 2 cryptsetup lines
>> commented in, it will hang the machine.

Run dracut shell, debug it by hand. 

Milan

Re: [dm-crypt] dmsetup or cryptsetup hangs in the initrd

[Arno Wagner]

On Mon, Oct 19, 2015 at 09:06:47 CEST, Milan Broz wrote:
> I guess you are missing dmsetup udev rules in initramfs
> or something like that. (Hint: just add --debug to cryptsetup and it will show where is is waiting.)
> 
> You should probably use systemd to activate crypt devices in RHEL7 anyway.
> 
> On 10/19/2015 08:21 AM, Arno Wagner wrote:
> >> Obviously, this has all been stripped down to make it as simple as
> >> possible. Sorry for the hard coding. If you want to test it, you need to
> >> provide a /dev/sdb1 partition that is at least 2G. If you comment out the
> >> `exit 0' in go.sh it will setup the partition for you.
> 
> Using hardcoded sdb1 is wrong, it will overwrite other disk if you e.g. forget
> USB drive plugged in. Use some hw id symlink.

Good point.

Arno
 
> >> Note that if 95dmcrypt.sh has either the dmsetup or the 2 cryptsetup lines
> >> commented in, it will hang the machine.
> 
> Run dracut shell, debug it by hand. 
> 
> Milan
> 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier