Being a fellow pilgrim in the Way of the Penguin, I can confirm the exact same facts as Mr. Pellegrino on clean install of Ubuntu Mate 16.04.
It appears that the swap partition is not actually encrypted at all. Syslog shows that encryption failed, and "cryptsetup -v isLuks /path/to/partition" shows not LUKS partition. This is so no matter which path to the swap partition I use, including: /dev/disks/by-uuid/XXXX, the device show by "grep /proc/swaps", or /dev/mapper/cryptswap1. Looking at /var/log/syslog, I see that cryptsetup failed because /dev/urandom is not available. ("grep crypt /var/log/syslog" for details.) Further, I notice that poweroff.target is disabled. When I enable it (systemctl enable poweroff.target), shutdown works as expected unless the computer has resumed from suspend. The work around suggested by Mr. Pellegrino works, but of course that means that swap is not encrypted, which is of course a security vulnerability. Here is my working theory: On boot-up, systemd tries to create an encrypted swap, but when it cannot, systemd creates an unencrypted swap. (Feature or bug? There would be competing considerations, so it is hard to say.) After resume from suspend, which of course involves (on suspend) writing RAM to swap and then (on resume) reading from swap to RAM, the system thinks there should be an encrypted swap (because that's what /etc/fstab and /etc/crypttab say), but can't find it and gets confused when time comes to shutdown. This being a security issue, it should be given attention. ** Changed in: systemd (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1594035 Title: unable to shut down the system after suspend / resume Status in systemd package in Ubuntu: Confirmed Bug description: In the case of a system that has gone through a suspend / resume cycle, the "shutdown now" command fails with the following output: $ shutdown now Failed to power off system via logind: Transaction is destructive. Failed to start poweroff.target: Interactive authentication required. See system logs and 'systemctl status poweroff.target' for details. Failed to open /dev/initctl: Permission denied Failed to talk to init daemon. --- $ systemctl status poweroff.target ● poweroff.target - Power-Off Loaded: loaded (/lib/systemd/system/poweroff.target; disabled; vendor preset: Active: inactive (dead) Docs: man:systemd.special(7) --- $ systemctl list-jobs JOB UNIT TYPE STATE 438 dev-mapper-cryptswap1.device start running 439 dev-mapper-cryptswap1.swap start waiting 436 systemd-cryptsetup@cryptswap1.service start running 3 jobs listed. --- Steps to reproduce: 1. Boot system 2. User login to graphical session 3. Close lid while on battery power triggering a suspend 4. Open lid while on battery power triggering a resume 5. Run "shutdown now" from a terminal. Note that the command must be run from the terminal to see output. Selecting "Shut Down..." from the system menu in the menu bar will hide the error output. 6. Observe that the system fails to shut down Expected behavior: At step 6, the system should shut down gracefully. Note that the shutdown process works as expected if steps 3 and 4 are skipped. I suspect that something about the suspend / resume cycle during the session has an interaction effect with the shutdown process, preventing it from executing correctly. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: systemd 229-4ubuntu6 ProcVersionSignature: Ubuntu 4.4.0-24.43-generic 4.4.10 Uname: Linux 4.4.0-24-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 CurrentDesktop: Unity Date: Sat Jun 18 18:04:26 2016 EcryptfsInUse: Yes Lsusb: Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 003: ID 04f2:b550 Chicony Electronics Co., Ltd Bus 001 Device 002: ID 8087:0a2a Intel Corp. Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub MachineType: System76, Inc. Lemur ProcEnviron: LANGUAGE=en_US PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-24-generic.efi.signed root=UUID=7aecd352-8a3f-4ce9-88b8-0fc048dc9660 ro quiet splash vt.handoff=7 SourcePackage: systemd UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 11/29/2015 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: 1.05.06RS76 dmi.board.asset.tag: Tag 12345 dmi.board.name: Lemur dmi.board.vendor: System76, Inc. dmi.board.version: lemu6 dmi.chassis.asset.tag: No Asset Tag dmi.chassis.type: 10 dmi.chassis.vendor: System76, Inc. dmi.chassis.version: N/A dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr1.05.06RS76:bd11/29/2015:svnSystem76,Inc.:pnLemur:pvrlemu6:rvnSystem76,Inc.:rnLemur:rvrlemu6:cvnSystem76,Inc.:ct10:cvrN/A: dmi.product.name: Lemur dmi.product.version: lemu6 dmi.sys.vendor: System76, Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1594035/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp