[Bug 556931] New: Unable to boot when using non-root encrypted lvm volume (e.g. with home)
http://bugzilla.novell.com/show_bug.cgi?id=556931 http://bugzilla.novell.com/show_bug.cgi?id=556931#c0 Summary: Unable to boot when using non-root encrypted lvm volume (e.g. with home) Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: x86-64 OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Basesystem AssignedTo: lnussel@novell.com ReportedBy: llipavsky@novell.com QAContact: qa@suse.de Found By: Component Test Blocker: --- Created an attachment (id=328475) --> (http://bugzilla.novell.com/attachment.cgi?id=328475) dmesg This is reproducible bug I created following partition schema: /dev/sda1 ext2 128MB /boot /dev/sda2 for LVM (*) /dev/sda3 for LVM - ENCRYPTED (in yast) I created lvm group system on sda2 and (*) group encrypted on sda3 I created volume root in group system and mounted it as / (*)I created volume data in group encrypted and mounted it as /data Steps marked with (*) were done in installed system, if done during installation, result is same and installation fails. So to be able to reproduce in more debug-friendly way, do (*) in installed system When I reboot the system, I get error (I don't remember it ATM, will reboot and add the error message as comment) and I get to the "filesystem repair" shell: 1. I was not asked for password to the encrypted partition during the boot 2. /dev/system exists, but /dev/encrypted does not! This is probably the problem, system wanted to check filesystem on /data before the partition got initialized (so no decrytion and LVM group initialization has been processed yet) If I comment-out the related line in fstab, system boots again fstab: /dev/system/root / ext4 acl,user_xattr 1 1 /dev/disk/by-id/ata-WDC_WD3200YS-01PGB0_WD-WCAPD5288773-part1 /boot ext2 acl,user_xattr 1 2 proc /proc proc defaults 0 0 sysfs /sys sysfs noauto 0 0 debugfs /sys/kernel/debug debugfs noauto 0 0 usbfs /proc/bus/usb usbfs noauto 0 0 devpts /dev/pts devpts mode=0620,gid=5 0 0 /dev/encr/data /data ext4 acl,user_xattr 1 2 (last line is the troublemaker) This issue does not happen when the partition is not encrypted! -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=556931
http://bugzilla.novell.com/show_bug.cgi?id=556931#c1
--- Comment #1 from Lukas Lipavsky
http://bugzilla.novell.com/show_bug.cgi?id=556931
http://bugzilla.novell.com/show_bug.cgi?id=556931#c2
--- Comment #2 from Lukas Lipavsky
http://bugzilla.novell.com/show_bug.cgi?id=556931
http://bugzilla.novell.com/show_bug.cgi?id=556931#c3
--- Comment #3 from Lukas Lipavsky
http://bugzilla.novell.com/show_bug.cgi?id=556931
http://bugzilla.novell.com/show_bug.cgi?id=556931#c4
Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=556931
http://bugzilla.novell.com/show_bug.cgi?id=556931#c5
Lukas Lipavsky
it's stupid fsck failing due to non-existing device. add nofail to the mount options to skip fsck. boot.crypto will do it later then.
Nofail helped, but the /data is not mounted during boot (since it's decrypted after the fstab is processed)
Alternatively chkconfig boot.crypto-early on to unlock the device before fsck.
Yes, this does solve the problem, thanks!
You should also set timeout=0 in crypttab then to avoid the fsck failure in case of timeout.
Didn't try yet (and need to leave now)
However either method may not work depending on whether sda3 contains the luks volume and then lvm or first lvm and then luks. We'd need some kind of probe/unlock/fsck/mount loop during boot to really resolve such problems. So how is the setup? sda3->luks->lvm or sda3-lvm->luks?
encrypted partition sda3, than this partition is used in "normal" lvm group, so I think that it is "sda3->luks->lvm" -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=556931
http://bugzilla.novell.com/show_bug.cgi?id=556931#c6
--- Comment #6 from Ludwig Nussel
(In reply to comment #4)
it's stupid fsck failing due to non-existing device. add nofail to the mount options to skip fsck. boot.crypto will do it later then.
Nofail helped, but the /data is not mounted during boot (since it's decrypted after the fstab is processed)
I overlooked that. After thinking about it I know it can't work :-) boot.crypto looks for the unlocked device in fstab but it's not there, just the lvm volumes it contains. Therefore boot.crypto-early is the only way to activate such devices. I'll try to get a patch upstream that makes fsck honor the nofail option itself so we don't need to skip fsck entirely. If that gets rejected fstype 'auto' would work too. Arvin: boot.crypto-early skips devices that don't exist yet so it should be safe to have yast just enable both init scripts. To avoid a warning message the 'noearly' option could be used for all crypto volumes that don't sit directly on top of a physical device but that's not mandatory. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=556931
http://bugzilla.novell.com/show_bug.cgi?id=556931#c
Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=556931
http://bugzilla.novell.com/show_bug.cgi?id=556931#c
Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=556931
http://bugzilla.novell.com/show_bug.cgi?id=556931#c7
Arvin Schnell
participants (1)
-
bugzilla_noreply@novell.com