Hi, I need a piece of advice concerning an encrypted root partition on Fedora 26. I'm running a custom manual setup created using dnf.
Further context: * The installation procedure is outlined in this tread -- and quite likely irrelevant to this question anyway: https://lists.fedorahosted.org/archives/list/users@lists.fedoraproject.org/message/3MUQLH4II636LEHREOOG7XCXCIB4GMDC/ * The disk layout is described in this comment: https://bugzilla.redhat.com/show_bug.cgi?id=1297188#c2 Unlike Fedora 23 and 24, both of which booted just fine, Fedora 26 has two glitches related to my encrypted LUKS root partition: 1. Dracut fails to automatically add the crypt module. It doesn't seem to care about LUKS-related settings in /etc/default/grub and/or about the fact that the system runs off an encrypted volume. I had to manually add add_dracutmodules+="crypt" into /etc/dracut.conf, or else I wouldn't get a password prompt on boot and the early systemd would freeze waiting for the root partition to appear. It works normally with add_dracutmodules+="crypt". 2. Possibly as a consequence of (1), systemd doesn't realize that the root partition has been already activated and luksOpen'ed at boot time and keeps trying to unlock it over and over. The consoles are spammed by messages like this one, basically on every sudo invocation: Password entry required for 'Please enter passphrase for disk cryptprdell-luks (plainprdell)!' (PID 5492). Please enter password with the systemd-tty-ask-password-agent tool! Of course I tried to run the systemd-tty-ask-password-agent tool and type in the password. But then systemctl --failed showed a failure in systemd-cryptsetup@plainprdell.service, the auto-generated unit for the LUKS volume. Presumably, journalctl revealed that the error message had been "Failed to activate: Device or resource busy". Well, that's indeed what happens when you try to open a LUKS volume that's already opened. If I don't use systemd-tty-ask-password-agent at all, systemctl status permanently shows "starting" and never reaches "running", because of the LUKS volume it thinks it needs to activate. (I tried systemctl disable, but nope, that had no effect.) This appears to have something in common with an ancient bug from 2013: https://bugzilla.redhat.com/show_bug.cgi?id=924581 Has anything changed (1) in the way Dracut finds out whether the crypt module is needed (which worked at least up to Fedora 24) or (2) in the way systemd generates its automatic units for encrypted volumes? Something must have changed, but I have no idea what it is and how to get the old behavior back. :-/ My /etc/default/grub and /etc/crypttab are attached. The current kernel version is 4.11.0-2.fc26.x86_64. Cheers, Andrej
plainprdell UUID=f5340cc4-d856-453e-9a19-70fd6adf5d90 none allow-discards,luks
GRUB_TIMEOUT=0 GRUB_HIDDEN_TIMEOUT=1 GRUB_HIDDEN_TIMEOUT_QUIET=true GRUB_GFXMODE=auto GRUB_GFXPAYLOAD_LINUX=keep GRUB_CMDLINE_LINUX='rootfstype=btrfs rd.md=0 rd.dm=0 rd.luks=1 rd.lvm=1 rd.lvm.lv=cryptprdell/luks rd.luks.uuid=f5340cc4-d856-453e-9a19-70fd6adf5d90 rd.luks.allow-discards=f5340cc4-d856-453e-9a19-70fd6adf5d90 rd.lvm.lv=plainprdell/swap rd.lvm.lv=plainprdell/root resume=/dev/mapper/plainprdell-swap i915.fastboot=1 loglevel=3 vga=current vconsole.font=ter-v32n rhgb quiet'
smime.p7s
Description: Elektronicky podpis S/MIME
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
