Package: cryptsetup-initramfs Version: 2:2.6.1-4~deb12u1 Severity: important
Discovered this whilst working on a relatively simple test of multiple LUKS block devices for LUKS.0 + LUKS.1 > btrfs RAID1 @/ - that is a BTRFS RAID1 using 2 LUKS block devices. Two files represent SSD1 and SSD2, which each have GPT with: 1: EFI-SP (ef00) 2: LUKS (8309) for BTRFS 3: LUKS (8309) for swap added as loop devices and configured. SSD2's EFI-SP partition is not formatted. # fallocate -l 12G ssd${x}.raw # sgdisk --new=... --typecode=... ssd${x}.raw # losetup --show --partscan --find ssd${x}.raw mkfs.vfat -F 16 ${SSD1}p1 # next 2 also applied to SSD2 cryptsetup luksFormat --pbkdf pbkdf2 ${SSD1}p2 cryptsetup open ${SSD1}p2 luks-$(UUID_SSD1p2} mkfs.btrfs -d raid1 -m raid1 /dev/mapper/luks-${UUID_SSD1p2} /dev/mapper/luks-${UUID_SSD2p2} mount /dev/mapper/luks-${UUID_SSD1p2} /target btrfs subvol create /target/@ btrfs subvol create /target/@home umount /target mount -o subvol=@ /dev/mapperluks-${UUID_SSD1p2} debootstrap bookworm /target # add and configure packages for bootable EFI image After unmounting and closing devices create a libvirt VM guest using the two files as virtio storage and configure for UEFI boot. On startup GRUB correctly opens the LUKS block devices to access vmlinuz and initrd.img, and its own configuration and modules. On reaching initialramfs it fails to unlock either of the LUKS devices; eventually dropping to the shell after reporting: Error: Timeout reached while waiting for askpass. After using `break=mount` and investigating with `sh -x /bin/cryptsetup-unlock` it seems it fails because it is not finding `askpass` in the process list. On closer examination and searching I am unable to locate where /usr/lib/cryptsetup/askpass is actually executed. `cryptsetup-unlock` correctly locates the file with [ -f ] and ensures it is executable with [-x ] but I do not see any attempt to actually execute it. If needed I can either share the 2 SSD files or a script to build them. -- System Information: Debian Release: 12.1 Architecture: amd64 (x86_64) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages cryptsetup-initramfs depends on: ii busybox-static [busybox] 1:1.36.0-1~exp1 ii cryptsetup 2:2.6.1-4~deb12u1 ii debconf [debconf-2.0] 1.5.82 ii initramfs-tools [linux-initramfs-tool] 0.143~tj01 Versions of packages cryptsetup-initramfs recommends: ii console-setup 1.221 ii kbd 2.5.1-1+b1