Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Not being prompted for password to unlock root partition

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
SuperDuperUser
Posts: 1
Joined: 2018-02-22 22:08

Not being prompted for password to unlock root partition

#1 Post by SuperDuperUser »

So I've been trying to get dual boot with Windows and Debian working on my laptop. Currently my setup is sda4 is the boot partition, sda5 is a LUCKS encrypted volume that has sda5_crypt, my root partition, and sda6 is a LUKS encrypted volume that has sda6_crypt, my home partition. Unfortunately, I expanded a Windows partition in Windows and it broke the GRUBS configuration. I used a Debian installation disk to update GRUBS and I can now access the menu with the different OS options. But when I select Debian, it does not prompt me for my sda5 LUKS password and spits back:

Code: Select all

alert: dev/mapper/sda5_crypt not found. Dropping to a shell!
Using "ls /dev/mapper/" I can see that sda5_crypt is not mounted, only sda6_crypt (for which I am prompted for a password). I've tried to unlock sda5_crypt but when I try to unlock it using "cryptsetup /dev/sda5 sda5_crypt", I'm asked for my password, but then I get back:

Code: Select all

Cannot use device /dev/sda5 which is in use (already mapped or mounted).
I try to unmount /dev/sda5 using "umount /dev/sda5" but then I get

Code: Select all

umount: can't umount /dev/sda5: Invalid argument
I assume this is because GRUB is trying to mount my root file without actually decrypting my LUKS partition. Currently my GRUB commands for Debian are:

Code: Select all

setparams 'Debian GNU/Linux'

    load_video

    insmod gzio

    if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi

    insmod part_gpt

    insmod ext2

    set root='hd0,gpt4'

    if [ x$feature_platform_search_hint = xy ]; then

    search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=achi0,gpt4 (then a bunch of numbers that I'd rather not have to type out)

    else

    search --no-floppy --fs-uuid --set=root (those numbers again)

    fi

    echo 'Loading Linux 4.9.0-5-amd64...'

    linux /vmlinuz-4.9.0-5-amd64 root=/dev/mapper/sda5_crypt ro quiet

    echo 'Loading initial ramdisk...'

    initrd /initrd.img-4.9.0-5amd64
The ArchLinux wiki mentions needing "cryptdevice=/dev/mapper/MyVol-lvroot:root" in front of "root=/dev/mapper/root", but I'm not sure if the formatting would remain the same, or how to add it to the GRUB commands.

Any assistance in this would be greatly appreciated.

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Not being prompted for password to unlock root partition

#2 Post by p.H »

SuperDuperUser wrote:alert: dev/mapper/sda5_crypt not found. Dropping to a shell!
Does it drop to the rescue shell or the initramfs shell (busybox) ?
SuperDuperUser wrote:Using "ls /dev/mapper/" I can see that sda5_crypt is not mounted
Don't you mean "not present" ? "mounted" has a different meaning, and you cannot tell whether a device is mounted just by looking into /dev.
SuperDuperUser wrote:when I try to unlock it using "cryptsetup /dev/sda5 sda5_crypt", I'm asked for my password
I don't think so. This command is not correct. Opening a LUKS device is done by a command such as

Code: Select all

cryptsetup luksOpen /dev/sda5 sda5_crypt
SuperDuperUser wrote:only sda6_crypt (for which I am prompted for a password)
When are you prompted for a password ?
SuperDuperUser wrote:I assume this is because GRUB is trying to mount my root file without actually decrypting my LUKS partition
No. GRUB does not try to mount anything, and at this stage it has finished its job.
Please post the output of the following commands :

Code: Select all

blkid
dmsetup info
cryptsetup status sda5_crypt
cryptsetup status sda6_crypt
df
cat /etc/crypttab
cat /etc/fstab
I know you are reluctant to copy UUIDs, but please post at least the few first characters.

Post Reply