FS#60907 - [systemd] sd-encrypt hook fails

Attached to Project: Arch Linux
Opened by Bario (barmadrid) - Sunday, 25 November 2018, 04:04 GMT
Last edited by Jan Alexander Steffens (heftig) - Saturday, 28 December 2019, 00:59 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Dave Reisner (falconindy)
Christian Hesse (eworm)
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 7
Private No

Details

Description:

On latest systemd version 239.300-2 sd-encrypt hook fails for LUKS encrypted partition/device with error:

A start job is running for dev-mapper-cryptroot.device

...and then dropping into the emergency shell.

Chrooting using Arch ISO and switching to udev and encrypt hooks and regenerating initramfs fixes that.

Hooks with issue reproduced:

HOOKS=(base systemd autodetect keyboard sd-vconsole modconf block sd-encrypt filesystems fsck)
This task depends upon

Closed by  Jan Alexander Steffens (heftig)
Saturday, 28 December 2019, 00:59 GMT
Reason for closing:  Works for me
Comment by André (FredericChopin) - Friday, 07 December 2018, 08:43 GMT
Also downgrading to systemd 239.2-1 helped to get sd-encrypt working again.
Comment by Ingo Albrecht (indigo) - Saturday, 12 January 2019, 19:37 GMT
Not affected, but I noticed a report involving key-files:
https://github.com/systemd/systemd/issues/11090

Maybe you can add more info, e.g. the boot parameters?
Comment by Pedro Nariyoshi (nariox) - Thursday, 24 January 2019, 19:25 GMT
EDIT: I'm not affected, I was setting the wrong kernel parameters. See comment below for solution.

I'm affected, not using key-files. Using systemd 240.34-3, the following hooks work:
HOOKS=(consolefont base udev autodetect encrypt lvm2 modconf block keyboard)
The ones below have the same behavior as Bario:
HOOKS=(base systemd autodetect keyboard sd-vconsole modconf block sd-encrypt sd-lvm2 filesystems fsck)

My systemd-boot entry is:
options cryptdevice=UUID=2dc109c6-48d5-42db-b303-7534a634c3c0:cryptlvm root=/dev/MyVolGroup/root bootflags=rw,noatime,nodiratime,compress=lzo,ssd,discard,space_cache,subvolid=257,subvol=/@ quiet loglevel=3 rd.systemd.show_status=auto rd.udev.log_priority=3 audit=0 scsi_mod.use_blk_mq=1 add_efi_memmap i915.fastboot=1 fsck.mode=skip
Comment by loqs (loqs) - Thursday, 24 January 2019, 19:33 GMT Comment by Pedro Nariyoshi (nariox) - Friday, 25 January 2019, 02:38 GMT
I'm so sorry. It's right there, in the wiki. Thank you for the support.
Comment by Bario (barmadrid) - Sunday, 14 April 2019, 20:48 GMT
Any reason for the "task closure" request? What misconfiguration?
Comment by rainer (raneon) - Thursday, 31 October 2019, 14:15 GMT
I've tried "systemd sd-encrypt" in hooks as well with systemd 243, but there is no possibility to enter the password. It works only when using "base udev".
Comment by Stefan (poidl) - Friday, 22 November 2019, 16:17 GMT
I just had a similar error when I tried to encrypt my root partition, but then I realized I was using PARTUUID instead of UUID. Now it works without error. I use root=PARTUUID for the non-encrypted setup, that's why I mixed it up.
Comment by Jan Alexander Steffens (heftig) - Saturday, 28 December 2019, 00:58 GMT
sd-encrypt works fine for me; mind that it uses different configuration from the encrypt hook.

The details are in "man 5 crypttab" and "man 8 systemd-cryptsetup-generator".

I prefer using crypttab. The sd-encrypt hook will use /etc/crypttab.initramfs as the initramfs' crypttab, so that's where you need to place the config to unlock the root fs.

Loading...