Package: cryptsetup Version: 2:1.7.0-2 Severity: important Dear Maintainer,
* What led up to the situation? Configuring a machine with RAID and encrypted disks. * What exactly did you do (or not do) that was effective (or ineffective)? Begin by encrypting entire disks: cryptsetup luksFormat /dev/sdc cryptsetup luksFormat /dev/sdd cryptsetup luksOpen /dev/sdc sdc_encrypted cryptsetup luksOpen /dev/sdd sdd_encrypted Create a raid array on the whole encrypted disk: mdadm --create --verbose --level=1 /dev/md/hdd_storage --raid-devices=2 /dev/mapper/sdc_encrypted /dev/mapper/sdd_encrypted /usr/share/mdadm/mkconf > /etc/mdadm/mdadm.conf Partition the raid array: fdisk /dev/md/hdd_storage ... w (write changes) * Linux immediately recognizes new partition /dev/md127p1 Create a filesystem: mkfs.ext4 /dev/md127p1 Using blkid, add /dev/sdc -> sdc_encrypted and /dev/sdd -> sdd_encrypted targets to /etc/crypttab # <target name> <source device> <key file> <options> sdc_encrypted /dev/disk/by-uuid/58560717-94f7-4a57-ae88-d83e16948969 none luks,timeout=30 sdd_encrypted /dev/disk/by-uuid/fc6fa717-83dc-44a3-8a09-de7585f70809 none luks,timeout=30 Using blkid, set /dev/md127p1 to be the root (/) in /etc/fstab Output of blkid | grep md127p1: /dev/md127p1: UUID="e084a1e0-f5bd-4342-ae87-a014561fce0c" TYPE="ext4" PARTUUID="2e7f7afa-b579-4b1f-83a8-c755708b9051" After mounting /dev/md127p1 (and necessary /proc, /sys, /dev, etc.), update-initramfs does NOT detect an encrypted root partition. * What was the outcome of this action? Cryptsetup was not included in initrd and the machine does not complete boot. * What outcome did you expect instead? Cryptsetup should be included in initrd. * More information: It seems that get_fs_devices() in /usr/share/initramfs-tools/hooks/cryptroot only looks at /etc/crypttab for device UUIDs, when there are other device UUIDs available in "blkid" that are available for use as a root mount. -- Package-specific info: -- /proc/cmdline BOOT_IMAGE=/vmlinuz-4.6.0-1-amd64 root=/dev/sda3 ro quiet -- /etc/crypttab # <target name> <source device> <key file> <options> sdc_encrypted /dev/disk/by-uuid/58560717-94f7-4a57-ae88-d83e16948969 none luks,timeout=30 sdd_encrypted /dev/disk/by-uuid/fc6fa717-83dc-44a3-8a09-de7585f70809 none luks,timeout=30 -- /etc/fstab # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> # / was on /dev/sda3 during installation UUID=e084a1e0-f5bd-4342-ae87-a014561fce0c / ext4 errors=remount-ro 0 1 # /boot was on /dev/sda2 during installation UUID=85c8ca98-b0c4-48cc-a5be-334ea4597de5 /boot ext4 defaults 0 2 # /boot/efi was on /dev/nvme0n1p2 during installation UUID=7293-2005 /boot/efi vfat umask=0077 0 3 -- lsmod Module Size Used by nls_utf8 16384 1 nls_cp437 20480 1 vfat 20480 1 fat 69632 1 vfat dm_crypt 24576 3 algif_skcipher 20480 0 af_alg 16384 1 algif_skcipher joydev 20480 0 btusb 45056 0 btrtl 16384 1 btusb btbcm 16384 1 btusb btintel 16384 1 btusb bluetooth 516096 5 btbcm,btrtl,btusb,btintel snd_hda_codec_hdmi 45056 3 iTCO_wdt 16384 0 iTCO_vendor_support 16384 1 iTCO_wdt dm_mod 106496 7 dm_crypt snd_hda_codec_realtek 86016 1 nouveau 1486848 1 snd_hda_codec_generic 69632 1 snd_hda_codec_realtek intel_rapl 20480 0 x86_pkg_temp_thermal 16384 0 intel_powerclamp 16384 0 coretemp 16384 0 kvm_intel 188416 0 mxm_wmi 16384 1 nouveau video 40960 1 nouveau snd_hda_intel 36864 0 iwlwifi 147456 0 kvm 561152 1 kvm_intel ttm 94208 1 nouveau snd_hda_codec 135168 4 snd_hda_codec_realtek,snd_hda_codec_hdmi,snd_hda_codec_generic,snd_hda_intel drm_kms_helper 147456 1 nouveau irqbypass 16384 1 kvm snd_hda_core 81920 5 snd_hda_codec_realtek,snd_hda_codec_hdmi,snd_hda_codec_generic,snd_hda_codec,snd_hda_intel cfg80211 573440 1 iwlwifi crct10dif_pclmul 16384 0 efi_pstore 16384 0 drm 360448 4 ttm,drm_kms_helper,nouveau snd_hwdep 16384 1 snd_hda_codec crc32_pclmul 16384 0 snd_pcm 106496 4 snd_hda_codec_hdmi,snd_hda_codec,snd_hda_intel,snd_hda_core sb_edac 32768 0 snd_timer 32768 1 snd_pcm serio_raw 16384 0 pcspkr 16384 0 efivars 20480 1 efi_pstore edac_core 57344 1 sb_edac i2c_algo_bit 16384 1 nouveau ghash_clmulni_intel 16384 0 mei_me 32768 0 i2c_i801 20480 0 snd 81920 8 snd_hda_codec_realtek,snd_hwdep,snd_timer,snd_hda_codec_hdmi,snd_pcm,snd_hda_codec_generic,snd_hda_codec,snd_hda_intel rfkill 24576 3 cfg80211,bluetooth lpc_ich 24576 0 soundcore 16384 1 snd sg 32768 0 mei 94208 1 mei_me mfd_core 16384 1 lpc_ich evdev 24576 2 shpchp 36864 0 8250_fintek 16384 0 wmi 20480 2 mxm_wmi,nouveau tpm_tis 20480 0 tpm 45056 1 tpm_tis processor 36864 0 button 16384 1 nouveau efivarfs 16384 1 autofs4 40960 2 ext4 593920 4 ecb 16384 0 crc16 16384 2 ext4,bluetooth jbd2 106496 1 ext4 mbcache 16384 5 ext4 raid10 45056 0 raid456 106496 0 async_raid6_recov 20480 1 raid456 async_memcpy 16384 2 raid456,async_raid6_recov async_pq 16384 2 raid456,async_raid6_recov async_xor 16384 3 async_pq,raid456,async_raid6_recov async_tx 16384 5 async_pq,raid456,async_xor,async_memcpy,async_raid6_recov xor 24576 1 async_xor uas 24576 0 usb_storage 69632 1 uas hid_generic 16384 0 usbhid 49152 0 hid 118784 2 hid_generic,usbhid raid6_pq 102400 3 async_pq,raid456,async_raid6_recov libcrc32c 16384 1 raid456 crc32c_generic 16384 0 raid1 36864 1 raid0 20480 0 multipath 16384 0 linear 16384 0 md_mod 131072 9 raid456,raid0,raid1,multipath,linear,raid10 sd_mod 45056 6 crc32c_intel 24576 9 aesni_intel 167936 9 aes_x86_64 20480 1 aesni_intel glue_helper 16384 1 aesni_intel lrw 16384 1 aesni_intel gf128mul 16384 1 lrw ablk_helper 16384 1 aesni_intel cryptd 20480 6 ghash_clmulni_intel,aesni_intel,ablk_helper psmouse 126976 0 ahci 36864 5 libahci 32768 1 ahci libata 233472 2 ahci,libahci scsi_mod 233472 5 sg,uas,usb_storage,libata,sd_mod xhci_pci 16384 0 ehci_pci 16384 0 xhci_hcd 180224 1 xhci_pci ehci_hcd 77824 1 ehci_pci e1000e 233472 0 ptp 20480 1 e1000e pps_core 20480 1 ptp usbcore 241664 8 uas,btusb,usb_storage,ehci_hcd,ehci_pci,usbhid,xhci_hcd,xhci_pci usb_common 16384 1 usbcore nvme 28672 1 nvme_core 28672 3 nvme fjes 28672 0 -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.6.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: unable to detect Versions of packages cryptsetup depends on: ii cryptsetup-bin 2:1.7.0-2 ii debconf [debconf-2.0] 1.5.59 ii dmsetup 2:1.02.133-1 ii libc6 2.24-3 Versions of packages cryptsetup recommends: ii busybox 1:1.22.0-19 ii console-setup 1.147 ii initramfs-tools [linux-initramfs-tool] 0.125 ii kbd 2.0.3-2 Versions of packages cryptsetup suggests: pn dosfstools <none> pn keyutils <none> ii liblocale-gettext-perl 1.07-3+b1 -- debconf information: cryptsetup/prerm_active_mappings: true