FS#56733 : [systemd] Antomatic mounting of encrypted root fails with systemd 236.0-1

FS#56733 - [systemd] Antomatic mounting of encrypted root fails with systemd 236.0-1

Attached to Project: Arch Linux
Opened by Archer (justanarcher) - Friday, 15 December 2017, 14:47 GMT
Last edited by Christian Hesse (eworm) - Monday, 18 December 2017, 14:05 GMT

Task Type	Bug Report
Category	Packages: Testing
Status	Closed
Assigned To	Dave Reisner (falconindy) Christian Hesse (eworm)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	7 hexchain (hexchain) (2017-12-18) cfg (onde2rock) (2017-12-17) Sam (smls) (2017-12-17) Rémy Oudompheng (remyoudompheng) (2017-12-17) userwithuid (userwithuid) (2017-12-17) Adam Kürthy (adee) (2017-12-15) Andrey Vihrov (andreyv) (2017-12-15)
Private	No

Details

Description:

After upgrading to systemd 236.0-1, systemd no longer asks for password to my encrypted root partition, instead stopping at "waiting for /dev/mapper/root.mount".

After waiting 90s I can continue booting by manually dropping into maintenance shell and doing:
/usr/lib/systemd/systemd-cryptsetup attach root /dev/sdx
mount /dev/mapper/root /new_root

Additional info:
From /proc/cmdline:
rd.luks.name=<my-encrypted-partition-uuid>=root root=/dev/mapper/root.

From /etc/mkinitcpio.conf:
HOOKS=(base systemd sd-encrypt sd-vconsole autodetect block filesystems keyboard)

I tried different combinations, rd.luks -> luks, passing uuid and then root=/dev/disk/by-uuid etc. Every one of them works with systemd 235.38-4 and none work with 236.0-1. I suspected crypsetup 2.0.0 is at fault, but systemd 235.38-4 is already built against it and works fine.

Downgrading systemd and rebuilding mkinitcpio solves the issue.

Steps to reproduce:
Upgrade systemd to version 236.0-1 and reboot.

This task depends upon

Closed by Christian Hesse (eworm)
Monday, 18 December 2017, 14:05 GMT
Reason for closing: Fixed
Additional comments about closing: systemd 236.0-2

Comment by Archer (justanarcher) - Friday, 15 December 2017, 15:05 GMT

Found this in dmesg:
[ 0.341366] systemd-cryptsetup-generator[101]: Out of memory.
[ 0.341711] systemd[100]: /usr/lib/systemd/system-generators/systemd-cryptsetup-generator failed with error code 1.

Comment by Daniel M. Capella (polyzen) - Friday, 15 December 2017, 16:50 GMT

Worked for me.

Comment by Archer (justanarcher) - Friday, 15 December 2017, 17:10 GMT

Do you mean that you get an automatic password prompt by passing just rd.luks.name or rd.luks.uuid and no out of memory systemd-cryptsetup-generator errors with systemd 236.0-1? Can you please paste your HOOKS array?

Comment by Andrey Vihrov (andreyv) - Friday, 15 December 2017, 19:30 GMT

Confirmed with the same symptoms. systemd 235 works, 236 doesn't ask for password. "systemd-cryptsetup-generator: Out of memory" is printed on the console.

Kernel command line: rw luks.name=<UUID>=<NAME> luks.options=<UUID>=discard root=/dev/mapper/<ROOT>

Hooks: (systemd autodetect modconf block sd-encrypt filesystems keyboard fsck)

Comment by Adam Kürthy (adee) - Friday, 15 December 2017, 19:46 GMT

Same here.
HOOKS="base systemd autodetect modconf keyboard sd-vconsole block sd-encrypt filesystems fsck"

kernel command line:
rd.luks.uuid=0b89b530-3bd6-4e52-8d24-790d2843229d rd.luks.options=discard root=UUID=41a255d4-9061-4b94-a761-35d22a38ed84 quiet rw zswap.enabled=1 acpi_osi=Linux modprobe.blacklist=iTCO_wdt intel_iommu=off

Comment by Daniel M. Capella (polyzen) - Friday, 15 December 2017, 19:59 GMT

Might be my first time seeing `luks.xxxx=` options. I have been using `cryptdevice=`.

Edit: Oh, `sd-encrypt`. I'm using the `encrypt` hook. ;D

Comment by Jan Alexander Steffens (heftig) - Saturday, 16 December 2017, 00:51 GMT

This patch is an attempt at fixing this.

0001-cryptsetup-generator-Don... (1.3 KiB)

Comment by Archer (justanarcher) - Saturday, 16 December 2017, 12:07 GMT

Applying the above patch in systemd 236.0-1 PKGBUILD doesn't change anything.

Comment by Johannes Löthberg (demize) - Sunday, 17 December 2017, 22:43 GMT

Can confirm the patch works fine for me.

Comment by Archer (justanarcher) - Monday, 18 December 2017, 10:30 GMT

Right, earlier I applied the patch to systemd instead of systemd-stable in the PKGBUILD.
Now I can also confirm it works, systemd automatically asks for password.

Comment by Christian Hesse (eworm) - Monday, 18 December 2017, 10:47 GMT

Just for reference... This broke with:
https://github.com/systemd/systemd/commit/98bad05e75

Jan, will you care sending a pull request upstream?

Comment by Jan Alexander Steffens (heftig) - Monday, 18 December 2017, 11:56 GMT

https://github.com/systemd/systemd/pull/7688

	Tasks related to this task (0)

Duplicate tasks of this task (2)
~~FS#56754 - [systemd] Out of memory in systemd-cryptsetup-generator~~
~~FS#56755 - [systemd] [mkinitcpio] Unlocking encrypted root with sd-encrypt~~

Arch Linux

FS#56733 - [systemd] Antomatic mounting of encrypted root fails with systemd 236.0-1

Details

Loading...