Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Intermitent boot issue due to encryption

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
undesign
Posts: 108
Joined: 2015-05-27 09:03
Has thanked: 8 times
Been thanked: 8 times

Intermitent boot issue due to encryption

#1 Post by undesign »

Randomly (about 15 - 20% of the cases) the boot process crashes like it is shown in the picture: "Failed to start Cryptography Setup".
The solution is to simply press Ctrl-Alt-Del.
This happens on a laptop with the following setup (two physical hard drives, both encrypted):
# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 238.5G 0 disk
├─sda1 8:1 0 487M 0 part /boot
├─sda2 8:2 0 1K 0 part
└─sda5 8:5 0 238G 0 part
└─sda5_crypt 254:0 0 238G 0 crypt
├─vg-swap 254:1 0 9.3G 0 lvm [SWAP]
└─vg-root 254:2 0 228.7G 0 lvm /
sdb 8:16 0 1.8T 0 disk
└─sdb1 8:17 0 1.8T 0 part
└─storage 254:3 0 1.8T 0 crypt /mnt/storage
sr0 11:0 1 1024M 0 rom
So, there are two hard drives, first (sda) is encrypted with a password, the second (sdb) is encrypted with a file (in order not to be asked for a password).

I have another laptop that has only one HDD for Linux and there are no problems.
Attachments
boot.jpg
boot.jpg (459.16 KiB) Viewed 28022 times

Aki
Global Moderator
Global Moderator
Posts: 2816
Joined: 2014-07-20 18:12
Location: Europe
Has thanked: 68 times
Been thanked: 382 times

Re: Intermitent boot issue due to encryption

#2 Post by Aki »

Hello,
It looks like the kernel cannot setup the volume group (VG) of disk /dev/sda5 using the Logical Volume Manager (LVM). The root encrypted partition is probably activated using the before mentioned VG, isn't it ? You can collect more clues through the system logs: you can use the command showed in the sent screen dump when the boot stops.
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄⠀

undesign
Posts: 108
Joined: 2015-05-27 09:03
Has thanked: 8 times
Been thanked: 8 times

Re: Intermitent boot issue due to encryption

#3 Post by undesign »

Hi,
It didn't happened anymore, but I still watch it.

Aki
Global Moderator
Global Moderator
Posts: 2816
Joined: 2014-07-20 18:12
Location: Europe
Has thanked: 68 times
Been thanked: 382 times

Re: Intermitent boot issue due to encryption

#4 Post by Aki »

Hello undesign,
undesign wrote: 2021-10-09 09:02 Hi, It didn't happened anymore, but I still watch it.
Thanks for the update.
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄⠀

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Intermitent boot issue due to encryption

#5 Post by p.H »

undesign wrote: 2021-09-25 07:53 The solution is to simply press Ctrl-Alt-Del.
No, this is not a solution but a mere temporary workaround (until next time).
A step towards a real solution would be to type the root password to start the emergency shell and investigate.
Can you show the contents of /etc/crypttab ?
Aki wrote: 2021-09-25 10:09 It looks like the kernel cannot setup the volume group (VG) of disk /dev/sda5
Nonsense.
The kernel does not setup LVM. LVM is managed in userland.
The messages at the top of the screen are normal with encrypted LVM.
/dev/sda5 does not contain a VG. It contains a encrypted volume. The messages in the screen shot indicate that the volume is successfully unlocked.

I suspect that the failure is due to the other encrypted volume when the disk names are swapped because /etc/crypttab wrongly specifies /dev/sdb1 instead of UUID=<luks-uuid-of-sdb1>.

undesign
Posts: 108
Joined: 2015-05-27 09:03
Has thanked: 8 times
Been thanked: 8 times

Re: Intermitent boot issue due to encryption

#6 Post by undesign »

cat /etc/crypttab
sda5_crypt UUID=508fffdf-0225-40e0-92e1-a82647f4fd6d none luks,discard
storage /dev/sdb1 /etc/crypttab-storage.key luks
sda5_crypt is the LV where / and swap are stored (vg-root and vg-swap). The sda5_crypt is accessible via a password. storage is encrypted via a key file and no password is required.
cat /etc/fstab
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/vg-root / btrfs relatime,ssd,compress=zstd 0 0
# /boot was on /dev/sda1 during installation
UUID=93f5bc35-2593-401c-8f65-1e714be35a42 /boot ext4 defaults 0 2
/dev/mapper/vg-swap none swap sw 0 0
/dev/mapper/storage /mnt/storage ext4 rw,noatime,data=ordered 0 0
/boot is not encrypted. Everything else is encrypted.

I repeat: the issue did not happend anymore, most likely because of a kernel update.

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Intermitent boot issue due to encryption

#7 Post by p.H »

undesign wrote: 2021-10-13 07:27 storage /dev/sdb1 /etc/crypttab-storage.key luks
As I suspected in my previous reply, the failure happens because /etc/crypttab specifies /dev/sdb1 instead of UUID=<luks-uuid-of-sdb1>.
Replace /dev/sdb1 with UUID=<luks-uuid-of-sdb1> like in the line for sda5_crypt. You can find the UUID with

Code: Select all

blkid /dev/sdb1
undesign wrote: 2021-10-13 07:27 I repeat: the issue did not happend anymore, most likely because of a kernel update.
Or by pure luck. I'd rather rely on UUIDs than luck.
I repeat: /dev/sd* ordering is not reliable, and this is by design.

undesign
Posts: 108
Joined: 2015-05-27 09:03
Has thanked: 8 times
Been thanked: 8 times

Re: Intermitent boot issue due to encryption

#8 Post by undesign »

Thank you!
But the question is why it worked flawlessly with Debian 10 and why it gave a few fails with Debian 11.0?

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Intermitent boot issue due to encryption

#9 Post by p.H »

I already replied : luck. /dev/sd* are not persistent by design and some kernel changes made it worse.

undesign
Posts: 108
Joined: 2015-05-27 09:03
Has thanked: 8 times
Been thanked: 8 times

Re: Intermitent boot issue due to encryption

#10 Post by undesign »

It happened again. The error message in the logs is:
"Failed to load superblock on device /dev/sdb1: invalid argument"

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Intermitent boot issue due to encryption

#11 Post by p.H »

Message from what program/service/subsystem ? In what logs ?
Did you replace /dev/sdb1 with its UUID in /etc/crypttab as I suggested ?

undesign
Posts: 108
Joined: 2015-05-27 09:03
Has thanked: 8 times
Been thanked: 8 times

Re: Intermitent boot issue due to encryption

#12 Post by undesign »

In system logs.
Yes, I did implement your suggestion, now I have to wait some time, because this is/was an intermittent issue. Until now it didn't happen, but the time was short.

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Intermitent boot issue due to encryption

#13 Post by p.H »

Can you show the log with surrounding lines ?
undesign wrote: 2021-10-22 21:23 Yes, I did implement your suggestion
Before of after this latest occurrence ?

undesign
Posts: 108
Joined: 2015-05-27 09:03
Has thanked: 8 times
Been thanked: 8 times

Re: Intermitent boot issue due to encryption

#14 Post by undesign »

After. A few days ago I implemented your suggestion. Now I wait to see if this will happen again or not.
I will post the picture if this will happen again. I confess that I'm too lazy to shrink the image to less than 500k as this forum requires.

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Intermitent boot issue due to encryption

#15 Post by p.H »

Why post a picture ? Didn't you wrote it was in a system log ?

undesign
Posts: 108
Joined: 2015-05-27 09:03
Has thanked: 8 times
Been thanked: 8 times

Re: Intermitent boot issue due to encryption

#16 Post by undesign »

I think it is dmesg. After a normal reboot, I can't find the messages anymore. And now I searched for "superblock" in all logs.
If you think that error message is important, I will post here the picture.

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Intermitent boot issue due to encryption

#17 Post by p.H »

dmesg prints only kernel messages from the current boot. You can find older kernel messages in /var/log/kern.*.
Please post plain text, not pictures.

undesign
Posts: 108
Joined: 2015-05-27 09:03
Has thanked: 8 times
Been thanked: 8 times

Re: Intermitent boot issue due to encryption

#18 Post by undesign »

Next time I will try to save the errors in a file via redirect.
But hopefully it will not be the case.

undesign
Posts: 108
Joined: 2015-05-27 09:03
Has thanked: 8 times
Been thanked: 8 times

Re: Intermitent boot issue due to encryption

#19 Post by undesign »

Attached is the image with the error. I put it here, maybe it will help others in the future.
Meanwhile, I installed a Dell 9020m machine in a similar configuration and I took into consideration the suggestion to use UUIDs and not device paths.

Thanks @p.H again!

From my point of view this topic can be closed.
Attachments
IMG_20211015_123058-1.jpg
IMG_20211015_123058-1.jpg (496.63 KiB) Viewed 24213 times

Post Reply