Bug#945208: "No such file or directory" when attempting to decrypt LUKS during init
Package: systemd Version: 241-7~deb10u2 When attempting to decrypt LUKS-encrypted volumes under systemd (through dracut) during boot/init, I get the following failure message: systemd-cryptsetup[410]: Failed to activate with key file '/run/systemd/cryptsetup/keydev-deviceluks/device-disk.key': No such file or directory when using a keyfile and: systemd-cryptsetup[449]: Failed to activate with specified passphrase: No such file or directory when attempting to activate with an interactive passphrase (note: the prompt does show up, the error message occurs after typing in the passphrase). In the case of the keyfile, the key file drive (key file is located on an external drive) is mounted and accessible through the dracut recovery console (which runs after a failed boot). The keyfile itself is readable. The logged messages (obtained via systemctl status systemd-cryptsetup@deviceluks.service): Nov 20 09:13:46 device systemd[1]: Starting Cryptography Setup for deviceluks... Nov 20 09:13:46 device systemd-cryptsetup[410]: Key file /run/systemd/cryptsetup/keydev-deviceluks/device-disk.key is world-readable. This is not a good idea! Nov 20 09:13:46 device systemd-cryptsetup[410]: WARNING: Locking directory /run/cryptsetup is missing! Nov 20 09:13:46 device systemd-cryptsetup[410]: Set cipher aes, mode xts-plain64, key size 512 bits for device /dev/disk/by-uuid/----. Nov 20 09:13:46 device systemd-cryptsetup[410]: Failed to activate with key file '/run/systemd/cryptsetup/keydev-deviceluks/device-disk.key': No such file or directory Nov 20 09:13:46 device systemd[1]: systemd-cryptsetup@deviceluks.service: Main process exited, code=exited, status=1/FAILURE Nov 20 09:13:46 device systemd[1]: systemd-cryptsetup@deviceluks.service: Failed with result 'exit-code'. Nov 20 09:13:46 device systemd[1]: Failed to start Cryptography Setup for deviceluks. indicating readability of the key file by systemd. Supplying an invalid keyfile path (i.e. path to a non-existent file) yields the error: Failed to activate with key file '/run/systemd/cryptsetup/keydev-deviceluks/device-disk.key.1': Invalid argument The system is booted with dracut as the initrd and grub2 as the bootloader (under UEFI) with the bootline: root=/dev/mapper/device--lvm-root ro rd.luks.name=----=deviceluks rd.luks.key=----=/device-disk.key:LABEL=keydisk intel_iommu=on The root partition, located on an LVM2 LV, resides on the LUKS partition that is being decrypted by systemd during init. Kernel version: Linux device 4.19.0-6-amd64 #1 SMP Debian 4.19.67-2+deb10u2 (2019-11-11) x86_64 GNU/Linux libc6: libc-2.28.so # Automatically generated by systemd-cryptsetup-generator [Unit] Description=Cryptography Setup for %I Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8) SourcePath=/etc/crypttab DefaultDependencies=no Conflicts=umount.target IgnoreOnIsolate=true After=cryptsetup-pre.target Before=cryptsetup.target RequiresMountsFor=/run/systemd/cryptsetup/keydev-deviceluks/device-disk.key BindsTo=dev-disk-by\x2duuid-\x2d\x2d\x2d\x2d.device After=dev-disk-by\x2duuid-\x2d\x2d\x2d\x2d.device Before=umount.target [Service] Type=oneshot RemainAfterExit=yes TimeoutSec=0 KeyringMode=shared ExecStart=/lib/systemd/systemd-cryptsetup attach 'deviceluks' '/dev/disk/by-uuid/----' '/run/systemd/cryptsetup/keydev-deviceluks/device-disk.key' 'timeout=0' ExecStop=/lib/systemd/systemd-cryptsetup detach 'deviceluks' ExecStartPost=/bin/umount /run/systemd/cryptsetup/keydev-deviceluks â systemd-cryptsetup@deviceluks.service - Cryptography Setup for deviceluks Loaded: loaded (/etc/crypttab; generated) Active: failed (Result: exit-code) since Wed 2019-11-20 09:13:46 UTC; 4min 36s ago Docs: man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8) Process: 410 ExecStart=/lib/systemd/systemd-cryptsetup attach deviceluks /dev/disk/by-uuid/---- /run/systemd/cryptsetup/keydev-deviceluks/device-disk.key timeout=0 (code=exited, status=1/FAILURE) Main PID: 410 (code=exited, status=1/FAILURE) Nov 20 09:13:46 device systemd[1]: Starting Cryptography Setup for deviceluks... Nov 20 09:13:46 device systemd-cryptsetup[410]: Key file /run/systemd/cryptsetup/keydev-deviceluks/device-disk.key is world-readable. This is not a good idea! Nov 20 09:13:46 device systemd-cryptsetup[410]: WARNING: Locking directory /run/cryptsetup is missing! Nov 20 09:13:46 device systemd-cryptsetup[410]: Set cipher aes, mode xts-plain64, key size 512 bits for device /dev/disk/by-uuid/----. Nov 20 09:13:46 device systemd-cryptsetup[410]: Failed to activate with key file '/run/systemd/cryp
Bug#945208: "No such file or directory" when attempting to decrypt LUKS during init
Am 21.11.19 um 09:35 schrieb Amit Agnani: > Package: systemd > Version: 241-7~deb10u2 > > When attempting to decrypt LUKS-encrypted volumes under systemd (through > dracut) during boot/init, I get the following failure message: I don't really have any experience with systemd-cryptsetup-generator and dracut in particular. Could you maybe raise this upstream at https://github.com/systemd/systemd/issues. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#945208: "No such file or directory" when attempting to decrypt LUKS during init
Upstream seems to have a policy to only track bugs against the two most recent revisions of systemd, which are 243 and 242 at the moment of writing. See: https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.md But if you insist, I can do that and link this issue. On Thu, 21 Nov 2019 10:57:24 +0100 Michael Biebl wrote: > Am 21.11.19 um 09:35 schrieb Amit Agnani: > > Package: systemd > > Version: 241-7~deb10u2 > > > > When attempting to decrypt LUKS-encrypted volumes under systemd (through > > dracut) during boot/init, I get the following failure message: > > I don't really have any experience with systemd-cryptsetup-generator and > dracut in particular. > Could you maybe raise this upstream at > https://github.com/systemd/systemd/issues. > > > -- > Why is it that all of the instruments seeking intelligent life in the > universe are pointed away from Earth? >
Bug#945208: "No such file or directory" when attempting to decrypt LUKS during init
Am 21.11.19 um 12:22 schrieb Amit Agnani: > Upstream seems to have a policy to only track bugs against the two most > recent revisions of systemd, which are 243 and 242 at the moment of writing. > See: https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.md > > But if you insist, I can do that and link this issue. There is a backport of v242 available, just in case -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#945208: "No such file or directory" when attempting to decrypt LUKS during init
On Thu, 21 Nov 2019 12:38:26 +0100 Michael Biebl wrote: > Am 21.11.19 um 12:22 schrieb Amit Agnani: > > Upstream seems to have a policy to only track bugs against the two most > > recent revisions of systemd, which are 243 and 242 at the moment of writing. > > See: https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.md > > > > But if you insist, I can do that and link this issue. > > There is a backport of v242 available, just in case > > > -- > Why is it that all of the instruments seeking intelligent life in the > universe are pointed away from Earth? > Bug has been tested with systemd 242-8~bpo10+1 yielding the same error. An upstream bug has been filed at: https://github.com/systemd/systemd/issues/14098 signature.asc Description: PGP signature
Bug#945208: "No such file or directory" when attempting to decrypt LUKS during init
Control: forwarded -1 https://github.com/systemd/systemd/issues/14098 Am 21.11.19 um 14:01 schrieb Amit Agnani: > Bug has been tested with systemd 242-8~bpo10+1 yielding the same error. > > An upstream bug has been filed at: > https://github.com/systemd/systemd/issues/14098 Thanks Amit! Marking the bug report accordingly. Regards -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#945208: "No such file or directory" when attempting to decrypt LUKS during init
Issue has been resolved. During init, systemd-cryptsetup uses libcryptsetup to perform the actual unlocking of the LUKS partition. libcryptsetup itself requires a few kernel modules to work, or else it fails with -ENOENT, which, through systemd's use of error no -> error message, turns into a generic "No such file or directory" message. Effectively, the message is bogus with reference to the keyfile, where it actually referred to the missing kernel modules. The missing kernel modules were "af_alg" and "algif_skcipher". signature.asc Description: PGP signature
Processed: Re: Bug#945208: "No such file or directory" when attempting to decrypt LUKS during init
Processing control commands: > forwarded -1 https://github.com/systemd/systemd/issues/14098 Bug #945208 [systemd] "No such file or directory" when attempting to decrypt LUKS during init Set Bug forwarded-to-address to 'https://github.com/systemd/systemd/issues/14098'. -- 945208: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945208 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems