[SOLVED] Luks encrypted partition fail to mount on boot

[SkilleR666]

Hello,

I'm currently on Debian Sid. I decided to convert my /home (who is on dedicaded hdd) to luks2 without formatting (with cryptsetup-reencrypt --new).

So that's what i've do in order :
Boot into Debian Live
Then type the command>
- e2fsck -f /dev/sdc3
- resize2fs -M /dev/sdc3
- cryptsetup-reencrypt --verbose --debug --new --reduce-device-size=64M --cipher=aes-xts-plain64 --key-size=512 --hash=sha512 --type=luks2 --pbkdf=argon2id --pbkdf-force-iterations=50000 --pbkdf-memory=1048576 --pbkdf-parallel=4 --use-random /dev/sdc3
- cryptsetup luksOpen /dev/sdc3 home-encrypted
- resize2fs /dev/mapper/home-encrypted
- mount /dev/mapper/home-encrypted /mnt/home-encrypted

Then i checked that everything is fine on the partition, that the case.

Getting the uuid :
lsblk -o name,uuid,mountpoint
NAME UUID MOUNTPOINT
sda
├─sda1 da13dd96-8f92-4f4c-8a47-2fc611656194 /
└─sda6 38d301c1-4164-4349-a130-b769d49d274a [SWAP]
sdb
└─sdb1 2aa2ca11-f123-47ad-90cb-ed0f631ab251 /home/unknown/Temporaire
sde 2019-11-16-10-31-18-00
├─sde1 2019-11-16-10-31-18-00
└─sde2 DEB0-0001
sdh
└─sdh3 2d82b084-e9c2-497b-a285-63203860b148
└─home-encrypted 0d248680-8417-4f9e-9d9b-8218d90be52f /home
sdi
└─sdi1 04eb6f31-8725-4f02-a20b-603a1235e0e7 /mnt/USB_BACKUP

sda1 is the root filesystem, sda6 is the swap, sdb1 is for temporary, sdeX is just my card reader, sdh3 is my home, and sdi1 is my usb backup.

Now i have to modify fstab/crypttab, so i added into :
fstab>
UUID=0d248680-8417-4f9e-9d9b-8218d90be52f /home ext4 defaults,errors=remount-ro 0 1

crypttab :
home-encrypted UUID=0d248680-8417-4f9e-9d9b-8218d90be52f none luks

Now updating initramfs :
- mount /dev/sda1 /mnt/sda1
- mount --bind /dev /mnt/sda1/dev
- mount --bind /dev/pts /mnt/sda1/dev/pts
- mount --bind /proc /mnt/sda1/proc
- mount --bind /sys /mnt/sda1/sys
- chroot /mnt/sda1
- update-initramfs -u -k all

The problem is when i restart the computer, it always launch a fsck on home-encrypted.
I tried a e2fsck -f /dev/mapper/home-encrypted to check if there is problem, nothing

Then, after the fsck, later on boot, i have this error :
DEPEND^[[0m] Dependency failed for ^[[0;1;39mCryp…aphy Setup for home-encrypted^[[0m.
DEPEND^[[0m] Dependency failed for ^[[0;1;39mLocal Encrypted Volumes^[[0m.
DEPEND^[[0m] Dependency failed for ^[[0;1;39m/dev/mapper/home-encrypted^[[0m.
DEPEND^[[0m] Dependency failed for ^[[0;1;39m/home^[[0m.
DEPEND^[[0m] Dependency failed for ^[[0;1;39mLocal File Systems^[[0m.

And after that debian boot in rescue mode. Never asked for password of home partition.

So far, my workaround is to boot without "/dev/mapper/home-encrypted" into fstab, go into first TTY, and type :
- cryptsetup luksOpen /dev/sdc3 home-encrypted
- mount /dev/mapper/home-encrypted /home

And i go back into ctrl+alt+F7, and loggin is fine...

I tried to do a "update-initramfs -u -k all" into my real system (thinking my chroot have failed), but the result is exactly the same.

Sorry for the long text, but i prefer giving all the info directly. Thanks by advance

[p.H]

fstab>UUID=0d248680-8417-4f9e-9d9b-8218d90be52f /home ext4 defaults,errors=remount-ro 0 1

You do not need to use the filesystem UUID in fstab, you can use the device-mapper name /dev/mapper/home-encrypted instead.

crypttab :home-encrypted UUID=0d248680-8417-4f9e-9d9b-8218d90be52f none luks

Not good. crypttab must use the LUKS container (sdc3/sdh3) UUID, not the filesystem UUID.

The problem is when i restart the computer, it always launch a fsck on home-encrypted.

Surprising, because at this time the volume is not available yet.

Now updating initramfs

Pointless. This encrypted volume is not opened by the initramfs. Only /, /usr, hibernation swap and volumes with the option "initramfs" in crypttab are.

[SkilleR666]

Hi p.H,

Thanks for all this information, that was very helpeful and informative

Problem solved !