Bug 441001
| Summary: | mkinitrd doesn't add cryptsetup for root partition | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Stefan Becker <chemobejk> | ||||||
| Component: | mkinitrd | Assignee: | Peter Jones <pjones> | ||||||
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | high | Docs Contact: | |||||||
| Priority: | low | ||||||||
| Version: | rawhide | CC: | dcantrell, wtogami | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | i386 | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | mkinitrd-6.0.43-1.fc9.i386 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2008-04-18 15:19:29 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
|
Description
Stefan Becker
2008-04-04 21:53:21 UTC
This is a known bug. It will be fixed in mkinitrd-6.0.42, which will hopefully be built this weekend. The bug was basically that only the first LV would get luksOpen called. Since you also have swap on LV you hit it. Retried with mkinitrd-6.0.43-1.fc9.i386 It now writes cryptsetup commands for both LVs into the init script. So booting works OK now. Sorry to nitpick: The order of the cryptsetup commands is not really nice for resuming from hibernation: you first have to enter the password for the root partition, but that isn't required. I.e. init now has: echo Setting up disk encryption: /dev/mapper/VolGroup00-LogVol03 cryptsetup luksOpen /dev/mapper/VolGroup00-LogVol03 luks-VolGroup00-LogVol03 echo Setting up disk encryption: /dev/mapper/VolGroup00-LogVol01 cryptsetup luksOpen /dev/mapper/VolGroup00-LogVol01 luks-VolGroup00-LogVol01 resume /dev/mapper/luks-VolGroup00-LogVol01 echo Creating root device. mkrootdev -t ext3 -o defaults,ro /dev/mapper/luks-VolGroup00-LogVol03 but it should read instead: echo Setting up disk encryption: /dev/mapper/VolGroup00-LogVol01 cryptsetup luksOpen /dev/mapper/VolGroup00-LogVol01 luks-VolGroup00-LogVol01 resume /dev/mapper/luks-VolGroup00-LogVol01 echo Setting up disk encryption: /dev/mapper/VolGroup00-LogVol03 cryptsetup luksOpen /dev/mapper/VolGroup00-LogVol03 luks-VolGroup00-LogVol03 echo Creating root device. mkrootdev -t ext3 -o defaults,ro /dev/mapper/luks-VolGroup00-LogVol03 So mkinitrd should first dump the cryptsetup for swap, then the resume command and then the rest of the cryptsetup commands. While browsing the mkinitrd code for a possible solution I noticed a variable
name typo:
# fgrep -n cryptopart /sbin/mkinitrd
72:ncryptoparts=0
718: eval cryptoparts${ncryptoparts}='"'/dev/$slavedev $dmname'"'
719: let ncryptoparts++
1791:for cryptdev in ${!cryptopart@} ; do
The variable name in line 718 must be "cryptopart", i.e. without the trailing "s".
Created attachment 301770 [details]
unlock & resume from encrypted swap before anything else
The attached patch is my implementation proposal. I have verified it on my
laptop.
Created attachment 302226 [details]
unlock & resume from encrypted swap before anything else
Updated patch against mkinitrd 6.0.45
As the original issue is solved I'm closing this one. Opened bug #443082 for the order of unlocking & resuming. |