FS#55537 - [linux-hardened] encrypt hook and booting fails on 4.13.a-1

Attached to Project: Community Packages
Opened by tom (archtom) - Wednesday, 06 September 2017, 13:53 GMT
Last edited by Daniel Micay (thestinger) - Tuesday, 03 October 2017, 20:24 GMT
Task Type Bug Report
Category Upstream Bugs
Status Closed
Assigned To Daniel Micay (thestinger)
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Hey, I updated to the latest version linux-hardened 4.13.a-1 and it went with no error.

From the next boot on the computer would not boot anymore failing on the decrypt hook. The system is completely encrypted (incl. boot) and all packages are up-to-date.

As the event seems to happen before the log starts (at I couldn't find anything in there regarding the issue) I took a photo and attached it.

As I will be on holiday for 10 days I at least wanted to report the issue before.

Downgrading to the latest 4.12 kernel linux-hardened solves the issue.

Thanks in advance
This task depends upon

Closed by  Daniel Micay (thestinger)
Tuesday, 03 October 2017, 20:24 GMT
Reason for closing:  Fixed
Comment by Daniel Micay (thestinger) - Wednesday, 06 September 2017, 17:01 GMT
You'll need to try an unmodified Linux 4.13 kernel.
Comment by tom (archtom) - Thursday, 07 September 2017, 15:13 GMT
As the "regular" kernel is not in the repos yet and I don`t want to switch to testing on this production machine I guess we have to put this one on hold until linux 4.13-1 hits core. Is that alright?
Comment by Daniel Micay (thestinger) - Thursday, 07 September 2017, 17:10 GMT
You can build it with makepkg with the line applying the patch for linux-hardened commented out.
Comment by tom (archtom) - Friday, 29 September 2017, 07:43 GMT
I tried the latest stable regular kernel yesterday. It also showed the message
Waiting 10 seconds for the device /dev/sdb1...
but then booted up fine. It took around 5 or 6 seconds to pass that point.

Then I tried the latest hardened kernel that was working 4.12.10 and counted the seconds it took for the encrypt hook. It took more than 15 seconds and there was no timer saying that it only waits for 10 seconds.

Is there a way for checking if it would work with a longer timeout? If yes, where would I have to set it?

In addition the hardened kernel seems to be doing something differently here which takes it a lot longer for this hook.

Thanks for your help in advance
Comment by Daniel Micay (thestinger) - Friday, 29 September 2017, 19:08 GMT
I can't see how that could happen unless there was an upstream bug like a use-after-free.

Try 4.13.4.a-1 which is realigned with the core/linux configuration.
Comment by Daniel Micay (thestinger) - Tuesday, 03 October 2017, 06:11 GMT
I'll just assume this is working on 4.13.4.a then since I brought the storage configuration back in line with core/linux.
Comment by tom (archtom) - Tuesday, 03 October 2017, 20:15 GMT
Thank you, linux-hardened 4.13.4.a is working and takes about the same time than the regular kernel (around 6 seconds) for passing the following message, this time successfully without timeout.
Waiting 10 seconds for the device /dev/sdb1...
I think the issue can be closed, but I am a little concerned about the timeout and 6 or 7 seconds out of 10 possible is pretty close to the chance of failing again. Is there a way to stretch the 10 seconds to 15 or 20 by default?
Comment by Daniel Micay (thestinger) - Tuesday, 03 October 2017, 20:24 GMT
There's a high chance that message is from a userspace component. I'm not familiar with that stuff.

Loading...