Intermitent boot issue due to encryption

Kernels, Network, and Services configuration
Post Reply
Message
Author
undesign
Posts: 35
Joined: 2015-05-27 09:03
Has thanked: 1 time

Intermitent boot issue due to encryption

#1 Post by undesign »

Randomly (about 15 - 20% of the cases) the boot process crashes like it is shown in the picture: "Failed to start Cryptography Setup".
The solution is to simply press Ctrl-Alt-Del.
This happens on a laptop with the following setup (two physical hard drives, both encrypted):
# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 238.5G 0 disk
├─sda1 8:1 0 487M 0 part /boot
├─sda2 8:2 0 1K 0 part
└─sda5 8:5 0 238G 0 part
└─sda5_crypt 254:0 0 238G 0 crypt
├─vg-swap 254:1 0 9.3G 0 lvm [SWAP]
└─vg-root 254:2 0 228.7G 0 lvm /
sdb 8:16 0 1.8T 0 disk
└─sdb1 8:17 0 1.8T 0 part
└─storage 254:3 0 1.8T 0 crypt /mnt/storage
sr0 11:0 1 1024M 0 rom
So, there are two hard drives, first (sda) is encrypted with a password, the second (sdb) is encrypted with a file (in order not to be asked for a password).

I have another laptop that has only one HDD for Linux and there are no problems.
Attachments
boot.jpg
boot.jpg (459.16 KiB) Viewed 4751 times

Aki
Posts: 162
Joined: 2014-07-20 18:12
Location: Europe
Been thanked: 17 times

Re: Intermitent boot issue due to encryption

#2 Post by Aki »

Hello,
It looks like the kernel cannot setup the volume group (VG) of disk /dev/sda5 using the Logical Volume Manager (LVM). The root encrypted partition is probably activated using the before mentioned VG, isn't it ? You can collect more clues through the system logs: you can use the command showed in the sent screen dump when the boot stops.
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄⠀

undesign
Posts: 35
Joined: 2015-05-27 09:03
Has thanked: 1 time

Re: Intermitent boot issue due to encryption

#3 Post by undesign »

Hi,
It didn't happened anymore, but I still watch it.

Aki
Posts: 162
Joined: 2014-07-20 18:12
Location: Europe
Been thanked: 17 times

Re: Intermitent boot issue due to encryption

#4 Post by Aki »

Hello undesign,
undesign wrote: 2021-10-09 09:02 Hi, It didn't happened anymore, but I still watch it.
Thanks for the update.
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄⠀

p.H
Posts: 2144
Joined: 2017-09-17 07:12
Has thanked: 2 times
Been thanked: 30 times

Re: Intermitent boot issue due to encryption

#5 Post by p.H »

undesign wrote: 2021-09-25 07:53 The solution is to simply press Ctrl-Alt-Del.
No, this is not a solution but a mere temporary workaround (until next time).
A step towards a real solution would be to type the root password to start the emergency shell and investigate.
Can you show the contents of /etc/crypttab ?
Aki wrote: 2021-09-25 10:09 It looks like the kernel cannot setup the volume group (VG) of disk /dev/sda5
Nonsense.
The kernel does not setup LVM. LVM is managed in userland.
The messages at the top of the screen are normal with encrypted LVM.
/dev/sda5 does not contain a VG. It contains a encrypted volume. The messages in the screen shot indicate that the volume is successfully unlocked.

I suspect that the failure is due to the other encrypted volume when the disk names are swapped because /etc/crypttab wrongly specifies /dev/sdb1 instead of UUID=<luks-uuid-of-sdb1>.

undesign
Posts: 35
Joined: 2015-05-27 09:03
Has thanked: 1 time

Re: Intermitent boot issue due to encryption

#6 Post by undesign »

cat /etc/crypttab
sda5_crypt UUID=508fffdf-0225-40e0-92e1-a82647f4fd6d none luks,discard
storage /dev/sdb1 /etc/crypttab-storage.key luks
sda5_crypt is the LV where / and swap are stored (vg-root and vg-swap). The sda5_crypt is accessible via a password. storage is encrypted via a key file and no password is required.
cat /etc/fstab
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/vg-root / btrfs relatime,ssd,compress=zstd 0 0
# /boot was on /dev/sda1 during installation
UUID=93f5bc35-2593-401c-8f65-1e714be35a42 /boot ext4 defaults 0 2
/dev/mapper/vg-swap none swap sw 0 0
/dev/mapper/storage /mnt/storage ext4 rw,noatime,data=ordered 0 0
/boot is not encrypted. Everything else is encrypted.

I repeat: the issue did not happend anymore, most likely because of a kernel update.

p.H
Posts: 2144
Joined: 2017-09-17 07:12
Has thanked: 2 times
Been thanked: 30 times

Re: Intermitent boot issue due to encryption

#7 Post by p.H »

undesign wrote: 2021-10-13 07:27 storage /dev/sdb1 /etc/crypttab-storage.key luks
As I suspected in my previous reply, the failure happens because /etc/crypttab specifies /dev/sdb1 instead of UUID=<luks-uuid-of-sdb1>.
Replace /dev/sdb1 with UUID=<luks-uuid-of-sdb1> like in the line for sda5_crypt. You can find the UUID with

Code: Select all

blkid /dev/sdb1
undesign wrote: 2021-10-13 07:27 I repeat: the issue did not happend anymore, most likely because of a kernel update.
Or by pure luck. I'd rather rely on UUIDs than luck.
I repeat: /dev/sd* ordering is not reliable, and this is by design.

undesign
Posts: 35
Joined: 2015-05-27 09:03
Has thanked: 1 time

Re: Intermitent boot issue due to encryption

#8 Post by undesign »

Thank you!
But the question is why it worked flawlessly with Debian 10 and why it gave a few fails with Debian 11.0?

p.H
Posts: 2144
Joined: 2017-09-17 07:12
Has thanked: 2 times
Been thanked: 30 times

Re: Intermitent boot issue due to encryption

#9 Post by p.H »

I already replied : luck. /dev/sd* are not persistent by design and some kernel changes made it worse.

undesign
Posts: 35
Joined: 2015-05-27 09:03
Has thanked: 1 time

Re: Intermitent boot issue due to encryption

#10 Post by undesign »

It happened again. The error message in the logs is:
"Failed to load superblock on device /dev/sdb1: invalid argument"

p.H
Posts: 2144
Joined: 2017-09-17 07:12
Has thanked: 2 times
Been thanked: 30 times

Re: Intermitent boot issue due to encryption

#11 Post by p.H »

Message from what program/service/subsystem ? In what logs ?
Did you replace /dev/sdb1 with its UUID in /etc/crypttab as I suggested ?

undesign
Posts: 35
Joined: 2015-05-27 09:03
Has thanked: 1 time

Re: Intermitent boot issue due to encryption

#12 Post by undesign »

In system logs.
Yes, I did implement your suggestion, now I have to wait some time, because this is/was an intermittent issue. Until now it didn't happen, but the time was short.

p.H
Posts: 2144
Joined: 2017-09-17 07:12
Has thanked: 2 times
Been thanked: 30 times

Re: Intermitent boot issue due to encryption

#13 Post by p.H »

Can you show the log with surrounding lines ?
undesign wrote: 2021-10-22 21:23 Yes, I did implement your suggestion
Before of after this latest occurrence ?

undesign
Posts: 35
Joined: 2015-05-27 09:03
Has thanked: 1 time

Re: Intermitent boot issue due to encryption

#14 Post by undesign »

After. A few days ago I implemented your suggestion. Now I wait to see if this will happen again or not.
I will post the picture if this will happen again. I confess that I'm too lazy to shrink the image to less than 500k as this forum requires.

p.H
Posts: 2144
Joined: 2017-09-17 07:12
Has thanked: 2 times
Been thanked: 30 times

Re: Intermitent boot issue due to encryption

#15 Post by p.H »

Why post a picture ? Didn't you wrote it was in a system log ?

undesign
Posts: 35
Joined: 2015-05-27 09:03
Has thanked: 1 time

Re: Intermitent boot issue due to encryption

#16 Post by undesign »

I think it is dmesg. After a normal reboot, I can't find the messages anymore. And now I searched for "superblock" in all logs.
If you think that error message is important, I will post here the picture.

p.H
Posts: 2144
Joined: 2017-09-17 07:12
Has thanked: 2 times
Been thanked: 30 times

Re: Intermitent boot issue due to encryption

#17 Post by p.H »

dmesg prints only kernel messages from the current boot. You can find older kernel messages in /var/log/kern.*.
Please post plain text, not pictures.

undesign
Posts: 35
Joined: 2015-05-27 09:03
Has thanked: 1 time

Re: Intermitent boot issue due to encryption

#18 Post by undesign »

Next time I will try to save the errors in a file via redirect.
But hopefully it will not be the case.

undesign
Posts: 35
Joined: 2015-05-27 09:03
Has thanked: 1 time

Re: Intermitent boot issue due to encryption

#19 Post by undesign »

Attached is the image with the error. I put it here, maybe it will help others in the future.
Meanwhile, I installed a Dell 9020m machine in a similar configuration and I took into consideration the suggestion to use UUIDs and not device paths.

Thanks @p.H again!

From my point of view this topic can be closed.
Attachments
IMG_20211015_123058-1.jpg
IMG_20211015_123058-1.jpg (496.63 KiB) Viewed 942 times

Post Reply