hey, this is an issue with the debian/ubuntu cryptroot implementation. On 31/08/2009 Tommaso wrote: > I run (ehm... I was running :( ) a headless debian lenny server with > encrypted LUKS filesystem. After I made an apparently harmless modify to > the crypttab file I can no longer boot the system. At startup I get the > message: > > Begin: waiting for root file system... > > > And all is hanged up. I have a plaintext /boot partition with the > bootloader (grub), while everything else is encrypted. My /etc/crypttab > file was something like this: > > lg0-lv0_crypt /dev/mapper/lg0-lv0 none luks > > so that at boot time it was necessary to manually insert a passphrase to > unlock the filesystem (lg0-lv0_crypt is mounted as / on fstab). Now, I > must leave the place where the server resides for some weeks, so I > decided to temporarily override this behaviour with a cleartext key file > to avoid problems due to accidental rebooting. So I did: > 1) put a random key_temp file in /boot with 600 permission > 2) cryptsetup luksAddKey /dev/mapper/lg0-lv0 /boot/key_temp > 3) edited /etc/crypttab to look like this: > > lg0-lv0_crypt /dev/mapper/lg0-lv0 /boot/key_temp luks i guess the problem here is that /boot is not mounted. try the following: - boot with boot parameter set to 'break' in grub - when the initramfs emergency shell is started, mount /boot: (initramfs) mount -t ext2 /dev/XXX /boot - try to unlock the crypted rootfs manually: (initramfs) cryptsetup --key-file=/boo/key_temp luksOpen /dev/mapper/lg0-lv0 lg0-lv0_crypt if that works, you should change your /etc/crypttab to use the passdev keyscript in order to mount the /boot filesystem: lg0-lv0_crypt /dev/mapper/lg0-lv0 /dev/XXX:/key_temp luks,keyscript=/lib/cryptsetup/scripts/passdev and regnerate your initramfs. for more information the see the section '10. the "passdev" keyscript' in /usr/share/doc/cryptsetup/README.initramfs.gz > 4) update-initramfs -u ALL that's never a good idea. better update the initramfs only for one kernel first and later if everything works as expected, update the others. you should have a backup of the old initramfs at initrd.img.bak though (i.e /boot/initrd.img-$(uname -r).bak). try booting with this old initramfs by adding '.bak' to the path of your initramfs in grub. greetings, jonas
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
