Not being prompted for password to unlock root partition

Kernels & Hardware, configuring network, installing services

Not being prompted for password to unlock root partition

Postby SuperDuperUser » 2018-02-22 22:12

So I've been trying to get dual boot with Windows and Debian working on my laptop. Currently my setup is sda4 is the boot partition, sda5 is a LUCKS encrypted volume that has sda5_crypt, my root partition, and sda6 is a LUKS encrypted volume that has sda6_crypt, my home partition. Unfortunately, I expanded a Windows partition in Windows and it broke the GRUBS configuration. I used a Debian installation disk to update GRUBS and I can now access the menu with the different OS options. But when I select Debian, it does not prompt me for my sda5 LUKS password and spits back:

Code: Select all
alert: dev/mapper/sda5_crypt not found. Dropping to a shell!


Using "ls /dev/mapper/" I can see that sda5_crypt is not mounted, only sda6_crypt (for which I am prompted for a password). I've tried to unlock sda5_crypt but when I try to unlock it using "cryptsetup /dev/sda5 sda5_crypt", I'm asked for my password, but then I get back:

Code: Select all
Cannot use device /dev/sda5 which is in use (already mapped or mounted).


I try to unmount /dev/sda5 using "umount /dev/sda5" but then I get

Code: Select all
umount: can't umount /dev/sda5: Invalid argument


I assume this is because GRUB is trying to mount my root file without actually decrypting my LUKS partition. Currently my GRUB commands for Debian are:

Code: Select all
setparams 'Debian GNU/Linux'

    load_video

    insmod gzio

    if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi

    insmod part_gpt

    insmod ext2

    set root='hd0,gpt4'

    if [ x$feature_platform_search_hint = xy ]; then

    search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=achi0,gpt4 (then a bunch of numbers that I'd rather not have to type out)

    else

    search --no-floppy --fs-uuid --set=root (those numbers again)

    fi

    echo 'Loading Linux 4.9.0-5-amd64...'

    linux /vmlinuz-4.9.0-5-amd64 root=/dev/mapper/sda5_crypt ro quiet

    echo 'Loading initial ramdisk...'

    initrd /initrd.img-4.9.0-5amd64


The ArchLinux wiki mentions needing "cryptdevice=/dev/mapper/MyVol-lvroot:root" in front of "root=/dev/mapper/root", but I'm not sure if the formatting would remain the same, or how to add it to the GRUB commands.

Any assistance in this would be greatly appreciated.
SuperDuperUser
 
Posts: 1
Joined: 2018-02-22 22:08

Re: Not being prompted for password to unlock root partition

Postby p.H » 2018-02-23 18:10

SuperDuperUser wrote:alert: dev/mapper/sda5_crypt not found. Dropping to a shell!

Does it drop to the rescue shell or the initramfs shell (busybox) ?
SuperDuperUser wrote:Using "ls /dev/mapper/" I can see that sda5_crypt is not mounted

Don't you mean "not present" ? "mounted" has a different meaning, and you cannot tell whether a device is mounted just by looking into /dev.
SuperDuperUser wrote:when I try to unlock it using "cryptsetup /dev/sda5 sda5_crypt", I'm asked for my password

I don't think so. This command is not correct. Opening a LUKS device is done by a command such as
Code: Select all
cryptsetup luksOpen /dev/sda5 sda5_crypt

SuperDuperUser wrote:only sda6_crypt (for which I am prompted for a password)

When are you prompted for a password ?
SuperDuperUser wrote:I assume this is because GRUB is trying to mount my root file without actually decrypting my LUKS partition

No. GRUB does not try to mount anything, and at this stage it has finished its job.
Please post the output of the following commands :
Code: Select all
blkid
dmsetup info
cryptsetup status sda5_crypt
cryptsetup status sda6_crypt
df
cat /etc/crypttab
cat /etc/fstab

I know you are reluctant to copy UUIDs, but please post at least the few first characters.
p.H
 
Posts: 398
Joined: 2017-09-17 07:12


Return to System configuration

Who is online

Users browsing this forum: No registered users and 6 guests

fashionable