On Fri, Aug 01, 2014 at 08:20:21 CEST, Milan Broz wrote: > On 08/01/2014 05:57 AM, Arno Wagner wrote: > > I just tried to upgrade my kernel from 3.10.48 to 3.14.15 > > (kernel.org). This is Debian wheezy. After the update, I > > get "Failed to access temporary keystore device." when > > trying to unlock my LUKS partitions. As far as I can tell > > I have not changed anything relevant in the kernel config, > > I just did a "make oldconfig" with the old kernel .config. Hi Milan, > > Hi, > > for some strange reason I am tempting to ask if you read > the FAQ but... ;-) I assure you, I did. The FAQ writer has never heard of this problem ;-) > Well, seriously: this happens when temporary mapped keyslot device > cannot be read (but kernel mapping was created successfully). > Not common problem, I do not even remember someone reported this... > > It seems like some udev/kernel compatibility problem (Debian > has non-standard dm/lvm udev rules btw). One more reason not to like udev. It used to be that you just created the right devices manually and things worked... > Either bad access rights to device node or device node is missing > (the second is probably the issue). > It is possible you will need to use new udev or something. > > Can you paste the command with added --debug? See below, both for 1.6.1 and 1.6.5, which unloaks without error (well, without error that gets propagated to the user), but never creates the entry in /dev/mapper/. Likely a bug in 1.6.5, as it probably should tell the user that things went wrong. > Can you try to boot Debian provided kernel - does it work? Not easily. But it does work with 3.10.51, so the 3.2.x that Debian stable is stuck at should probably work too. Come to think of it, I have /usr/src/linux pointing to a 3.4.67 source tree, as gcc kernel includes in Debian stable are really messed up with 3.5.x and later and I failed to fix it manually. (Sometimes I really wonder what the Kernel devs are thinking or whether they are thinking at all...) Could that be the problem? > (Anyway, I am using custom kernel in Debian for years without problem > but I am using unstable repo.) I usually run testing, except that I really do not want systemd, so until I am sure I can do that update without getting that atrocity, no update to jessy for me. Anyways, if we do not figure this one out, I will just stay with 3.10.x, it is a longterm-kernel after all. I just tried 3.14.15 because I have some network issues and wanted to see whether they may be gone with a newer kernel. Arno 1.6.5: # cryptsetup 1.6.5 processing # "/home/wagner/tools/cryptsetup/cryptsetup-1.6.5/src/.libs/lt-cryptsetup # --debug luksOpen /dev/md10 c1" # Running command open. # Locking memory. # Installing SIGINT/SIGTERM handler. # Unblocking interruption on signal. # Allocating crypt device /dev/md10 context. # Trying to open and read device /dev/md10. # Initialising device-mapper backend library. # Trying to load LUKS1 crypt type from device /dev/md10. # Crypto backend (gcrypt 1.5.0, flawed whirlpool) initialized. # Reading LUKS header of size 1024 from device /dev/md10 # Key length 32, device size 419430272 sectors, header size 2050 sectors. # Timeout set to 0 miliseconds. # Password retry count set to 3. # Password verification disabled. # Iteration time set to 1000 miliseconds. # Activating volume c1 [keyslot -1] using [none] passphrase. # Detected kernel Linux 3.14.15 x86_64. # dm version OF [16384] (*1) # dm versions OF [16384] (*1) # Detected dm-verity version 1.2.0. # Detected dm-crypt version 1.13.0, dm-ioctl version 4.27.0. # Device-mapper backend running with UDEV support enabled. # dm status c1 OF [16384] (*1) # Interactive passphrase entry requested. Enter passphrase for /dev/md10: # Trying to open key slot 0 [ACTIVE]. # Reading key slot 0 area. # Using userspace crypto wrapper to access keyslot area. # Releasing crypt device /dev/md10 context. # Releasing device-mapper backend. # Unlocking memory. Command failed with code 5: Input/output error 1.6.1: # cryptsetup 1.6.1 processing "cryptsetup --debug luksOpen /dev/md10 c1" # Running command open. # Locking memory. # Installing SIGINT/SIGTERM handler. # Unblocking interruption on signal. # Allocating crypt device /dev/md10 context. # Trying to open and read device /dev/md10. # Initialising device-mapper backend library. # Trying to load LUKS1 crypt type from device /dev/md10. # Crypto backend (gcrypt 1.5.0) initialized. # Reading LUKS header of size 1024 from device /dev/md10 # Key length 32, device size 419430272 sectors, header size 2050 sectors. # Timeout set to 0 miliseconds. # Password retry count set to 3. # Password verification disabled. # Iteration time set to 1000 miliseconds. # Activating volume c1 [keyslot -1] using [none] passphrase. # dm version OF [16384] (*1) # dm versions OF [16384] (*1) # Detected dm-verity version 1.2.0. # Detected dm-crypt version 1.13.0, dm-ioctl version 4.27.0. # Device-mapper backend running with UDEV support enabled. # dm status c1 OF [16384] (*1) # Interactive passphrase entry requested. Enter passphrase for /dev/md10: # Trying to open key slot 0 [ACTIVE]. # Reading key slot 0 area. # Calculated device size is 250 sectors (RW), offset 8. # DM-UUID is CRYPT-TEMP-temporary-cryptsetup-17411 # Udev cookie 0xd4dc8c7 (semid 9830400) created # Udev cookie 0xd4dc8c7 (semid 9830400) incremented to 1 # Udev cookie 0xd4dc8c7 (semid 9830400) incremented to 2 # Udev cookie 0xd4dc8c7 (semid 9830400) assigned to CREATE task(0) with # flags DISABLE_SUBSYSTEM_RULES DISABLE_DISK_RULES DISABLE_OTHER_RULES (0xe) # dm create temporary-cryptsetup-17411 CRYPT-TEMP-temporary-cryptsetup-17411 # OF [16384] (*1) # dm reload temporary-cryptsetup-17411 OFRW [16384] (*1) # dm resume temporary-cryptsetup-17411 OFRW [16384] (*1) # temporary-cryptsetup-17411: Stacking NODE_ADD (253,0) 0:6 0660 # [verify_udev] # temporary-cryptsetup-17411: Stacking NODE_READ_AHEAD 256 (flags=1) # Udev cookie 0xd4dc8c7 (semid 9830400) decremented to 1 # Udev cookie 0xd4dc8c7 (semid 9830400) waiting for zero # Udev cookie 0xd4dc8c7 (semid 9830400) destroyed # temporary-cryptsetup-17411: Processing NODE_ADD (253,0) 0:6 0660 # [verify_udev] # temporary-cryptsetup-17411: Processing NODE_READ_AHEAD 256 (flags=1) # temporary-cryptsetup-17411 (253:0): read ahead is 256 # temporary-cryptsetup-17411 (253:0): Setting read ahead to 256 Failed to access temporary keystore device. # Udev cookie 0xd4d53b6 (semid 9863168) created # Udev cookie 0xd4d53b6 (semid 9863168) incremented to 1 # Udev cookie 0xd4d53b6 (semid 9863168) incremented to 2 # Udev cookie 0xd4d53b6 (semid 9863168) assigned to REMOVE task(2) with # flags (0x0) # dm remove temporary-cryptsetup-17411 OFT [16384] (*1) # temporary-cryptsetup-17411: Stacking NODE_DEL [verify_udev] # Udev cookie 0xd4d53b6 (semid 9863168) decremented to 1 # Udev cookie 0xd4d53b6 (semid 9863168) waiting for zero # Udev cookie 0xd4d53b6 (semid 9863168) destroyed # temporary-cryptsetup-17411: Processing NODE_DEL [verify_udev] # Releasing crypt device /dev/md10 context. # Releasing device-mapper backend. # Unlocking memory. Command failed with code 5: Failed to access temporary keystore device. -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. - Plato _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
