From: Martin Steigerwald <martin@lichtvoll.de>
To: linux-bcachefs@vger.kernel.org
Subject: Re: Error while unlocking encrypted BCacheFS: Required key not available
Date: Sun, 07 Jan 2024 12:27:29 +0100 [thread overview]
Message-ID: <1876799.tdWV9SEqCh@lichtvoll.de> (raw)
In-Reply-To: <2312305.ElGaqSPkdT@lichtvoll.de>
Martin Steigerwald - 07.01.24, 12:22:53 CET:
> Hi!
>
> Kernel 6.7.0-rc8 with BCacheFS new year fixes. Compliled with Debian gcc
> 13.2.0-9.
>
> BCacheFS tools 1.3.3 – according to bcachefs version – from Debian
> package bcachefs-tools 24+really1.3.4-2.
>
> Linux kernel keyutils from Debian package keyutils 1.6.3-2+b2. (Not sure
> whether really required.)
>
> Created BCacheFS on external 4 TB SSD:
>
> % mkfs.bcachefs -L […] --data_checksum xxhash --metadata_checksum xxhash
> --compression=lz4 --encrypted /dev/sda1
>
> (also tried without xxhash, no difference)
>
>
> Unlock attempt with incorrect passphrase:
>
> % bcachefs unlock /dev/sda1
> Enter passphrase:
> incorrect passphrase
>
> Unlock attempt with correct passphrase does not yield error message
> "incorrect passphrase". Key seems to be available:
>
> % grep bcachefs /proc/keys
> 1b9e7153 I--Q--- 1 perm 3f010000 0 0 user bcachefs:[… UUID …]: 32
Also keyctl sees the key in root user keyring:
% keyctl list @u
1 key in keyring:
463368531: --alswrv 0 0 user: bcachefs:[… UUID …]
In case this is an issue with Debian packaging of bcachefs-tools I can
report there.
> UUID matches filesystem.
>
>
> Still I get:
>
> % LANG=en mount /dev/sda1 /mnt/zeit
> mount: /mnt/zeit: mount(2) system call failed: Required key not
> available. dmesg(1) may have more information after failed mount system
> call.
>
> % dmesg | tail -1
> [105441.695035] bcachefs ([…]): error requesting encryption key: ENOKEY
>
>
> Why? And how to fix it?
>
> I found
>
> error requesting encryption key #93
>
> https://github.com/koverstreet/bcachefs/issues/93
>
> But I am not sure whether it applies to my situation.
>
> I use Devuan with elogind. Do I need that pam related configuration
> change from comment
>
> https://github.com/koverstreet/bcachefs/issues/93#issuecomment-609430340
>
> ?
>
> I do not like to do it in case it is not required.
>
> Best,
--
Martin
next prev parent reply other threads:[~2024-01-07 11:27 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-07 11:22 Error while unlocking encrypted BCacheFS: Required key not available Martin Steigerwald
2024-01-07 11:27 ` Martin Steigerwald [this message]
2024-01-10 2:13 ` AP
2024-01-10 14:18 ` Martin Steigerwald
2024-01-10 19:13 ` Kent Overstreet
2024-01-11 11:58 ` Martin Steigerwald
2024-01-11 16:35 ` Kent Overstreet
2024-01-11 18:23 ` Martin Steigerwald
-- strict thread matches above, loose matches on Subject: below --
2024-01-16 17:59 George Hilliard
2024-01-16 18:20 ` Martin Steigerwald
2024-02-10 18:34 ` Martin Steigerwald
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1876799.tdWV9SEqCh@lichtvoll.de \
--to=martin@lichtvoll.de \
--cc=linux-bcachefs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox