[opensuse-factory] [Leap 42.1] [LUKS password at boot]
Hi, I just installed leap on bare metal for the first time and ran into the problem that I can not enter the password for my encrypted partitions. To be more precise: No keyboard action possible. installation: from usb (iso x86_64 build 265) modifications: "nomodeset" and partitions, rest is default tested boot types: uefi (tried secure and normal) and bios keyboard: usb partitions: (only uefi setup): /boot/efi FAT /boot ext2 lvm (encrypted) for /, /home, swap,... history: This setup worked fine in 13.1 and 13.2. additional info: If boot parameter "silent" and "quiet" is removed, I can see on console correct anouncement of usb keyboard when replugged. So usb subsystem is recognising keyboard. Tested with different keyboards, but no interaction possible. Anybody an idea? 0x90 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Zitat von Olaf Hering <olaf@aepfle.de>:
Try to boot with "plymouth.enable=0".
Added this as kernel parameter, but console/password promt still does not allow any keyboard interaction. btw. even changing numlock status does not work -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
31.10.2015 00:14, 0x90 пишет:
Hi,
I just installed leap on bare metal for the first time and ran into the problem that I can not enter the password for my encrypted partitions. To be more precise: No keyboard action possible.
root partition or user partitions? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Zitat von Andrei Borzenkov <arvidjaar@gmail.com>:
root partition or user partitions?
All partitions exept /boot/efi and /boot are encrypted. It does not answer my question. I did not ask which partitions were encrypted - I asked with which partitions you had problems entering
31.10.2015 12:31, 0x90 пишет: password. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Zitat von Andrei Borzenkov <arvidjaar@gmail.com>:
Zitat von Andrei Borzenkov <arvidjaar@gmail.com>:
root partition or user partitions?
All partitions exept /boot/efi and /boot are encrypted. It does not answer my question. I did not ask which partitions were encrypted - I asked with which partitions you had problems entering
31.10.2015 12:31, 0x90 пишет: password.
As described in initial post: encrypted lvm with / (root), /home (user partition), swap and other irrelevant stuff. So my problem is to decrypt/enter password for the lvm container at boot. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
31.10.2015 13:04, 0x90 пишет:
Zitat von Andrei Borzenkov <arvidjaar@gmail.com>:
Zitat von Andrei Borzenkov <arvidjaar@gmail.com>:
root partition or user partitions?
All partitions exept /boot/efi and /boot are encrypted. It does not answer my question. I did not ask which partitions were encrypted - I asked with which partitions you had problems entering
31.10.2015 12:31, 0x90 пишет: password.
As described in initial post: encrypted lvm with / (root), /home (user partition), swap and other irrelevant stuff. So my problem is to decrypt/enter password for the lvm container at boot.
Can you use keyboard in dracut at all? Try various rd.break=XXX values (see dracut.kernel man page for list). I am not sure about exact timings in case of systemd, but I think rd.break=pre-mount should stop before attempting to mount root (and hence open encrypted container). -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Zitat von Andrei Borzenkov <arvidjaar@gmail.com>:
Can you use keyboard in dracut at all? Try various rd.break=XXX values (see dracut.kernel man page for list). I am not sure about exact timings in case of systemd, but I think rd.break=pre-mount should stop before attempting to mount root (and hence open encrypted container).
I tested several combinations of rd.xxx parameter, but it seems that I can not use keyboard in dracut. With bios boot I can get a dracut shell, after some minutes. But still no keyboard interaction. In 13.2 dracut shell gets up faster and works with bios boot aswell with uefi. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
31.10.2015 16:00, 0x90 пишет:
Zitat von Andrei Borzenkov <arvidjaar@gmail.com>:
Can you use keyboard in dracut at all? Try various rd.break=XXX values (see dracut.kernel man page for list). I am not sure about exact timings in case of systemd, but I think rd.break=pre-mount should stop before attempting to mount root (and hence open encrypted container).
I tested several combinations of rd.xxx parameter, but it seems that I can not use keyboard in dracut. With bios boot I can get a dracut shell, after some minutes. But still no keyboard interaction. In 13.2 dracut shell gets up faster and works with bios boot aswell with uefi.
So it is probably unrelated to "LUKS password" at all. Please show lsinitrd output. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Zitat von Andrei Borzenkov <arvidjaar@gmail.com>:
31.10.2015 16:00, 0x90 пишет:
Zitat von Andrei Borzenkov <arvidjaar@gmail.com>:
Can you use keyboard in dracut at all? Try various rd.break=XXX values (see dracut.kernel man page for list). I am not sure about exact timings in case of systemd, but I think rd.break=pre-mount should stop before attempting to mount root (and hence open encrypted container).
I tested several combinations of rd.xxx parameter, but it seems that I can not use keyboard in dracut. With bios boot I can get a dracut shell, after some minutes. But still no keyboard interaction. In 13.2 dracut shell gets up faster and works with bios boot aswell with uefi.
So it is probably unrelated to "LUKS password" at all. Please show lsinitrd output.
Sorry for the late answer, but it took time to get an old pc with ps/2 and a ps/2 keyboard. Now I have installed leap build 265 on that pc with ps/2 and keyboard interaction is possible! But only from the ps/2 keyboard, not the usb one. As mentioned in the first post usb driver seems to be loaded, because it posts "USB disconnect" and "New USB device found[...]" when replugging usb keyboard. And what to mention: LUKS is an irrelevant part on this issue. Even a fresh install without any encrypted partitions shows the problem that usb keyboard at dracut is not working. It would be kind if somebody can confirm that. attachment: output of lsinitrd
On Saturday 2015-10-31 14:00, 0x90 wrote:
Zitat von Andrei Borzenkov <arvidjaar@gmail.com>:
Can you use keyboard in dracut at all? Try various rd.break=XXX values (see dracut.kernel man page for list). I am not sure about exact timings in case of systemd, but I think rd.break=pre-mount should stop before attempting to mount root (and hence open encrypted container).
I tested several combinations of rd.xxx parameter, but it seems that
rd.break=initqueue If you cannot type at the shell, perhaps the HID/USB kernel modules (if applicable) are not loaded. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Zitat von Jan Engelhardt <jengelh@inai.de>:
On Saturday 2015-10-31 14:00, 0x90 wrote:
Zitat von Andrei Borzenkov <arvidjaar@gmail.com>:
Can you use keyboard in dracut at all? Try various rd.break=XXX values (see dracut.kernel man page for list). I am not sure about exact timings in case of systemd, but I think rd.break=pre-mount should stop before attempting to mount root (and hence open encrypted container).
I tested several combinations of rd.xxx parameter, but it seems that
rd.break=initqueue
If you cannot type at the shell, perhaps the HID/USB kernel modules (if applicable) are not loaded.
That parameter does not work either. Console displays log messages from usb and hid. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Friday, October 30, 2015 09:14:47 PM 0x90 wrote:
I just installed leap on bare metal for the first time and ran into the problem that I can not enter the password for my encrypted partitions. To be more precise: No keyboard action possible.
installation: from usb (iso x86_64 build 265)
I had that problem up through Beta1, though it was fixed by RC1. The problem was because one of the USB drivers was missing from the "initrd". You seem to have a similar problem. You need to find what driver is missing, then force that into the "initrd". You should also file a bug report. The missing driver is in the system, for otherwise you would not have been able to install. But if it is not in the "initrd", then you cannot use USB devices for the encryption key. Suggestion: Boot the install DVD. Get to a command line (either boot in rescue mode, or use CTRL-ALT-F2 to get a command line). Then use "lsmod" to get a list of loaded modules. Put that list into a file. While booted to the DVD, mount your "/boot" somewhere, and run "lsinitrd" on the "initrd" file. Put that into another file. Then try to find which modules were actually loaded (the "lsmod" output) that were not in the initrd. Among those, try to find which might be relevant to a USB device. If you find the culprit, you can edit "/usr/lib/dracut/modules.d/90kernel-modules/module-setup.sh" to force that module into the "initrd". -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
31.10.2015 17:03, Neil Rickert пишет:
Then try to find which modules were actually loaded (the "lsmod" output) that were not in the initrd. Among those, try to find which might be relevant to a USB device. If you find the culprit, you can edit "/usr/lib/dracut/modules.d/90kernel-modules/module-setup.sh" to force that module into the "initrd".
You should not edit installed script; there is /etc/dracut.conf.d for this. See man dracut.conf for add_drivers or force_drivers. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Zitat von Neil Rickert <nrickert@ameritech.net>:
On Friday, October 30, 2015 09:14:47 PM 0x90 wrote:
I just installed leap on bare metal for the first time and ran into the problem that I can not enter the password for my encrypted partitions. To be more precise: No keyboard action possible.
installation: from usb (iso x86_64 build 265)
I had that problem up through Beta1, though it was fixed by RC1.
The problem was because one of the USB drivers was missing from the "initrd". You seem to have a similar problem. You need to find what driver is missing, then force that into the "initrd". You should also file a bug report.
The missing driver is in the system, for otherwise you would not have been able to install. But if it is not in the "initrd", then you cannot use USB devices for the encryption key.
Suggestion: Boot the install DVD. Get to a command line (either boot in rescue mode, or use CTRL-ALT-F2 to get a command line). Then use "lsmod" to get a list of loaded modules. Put that list into a file.
While booted to the DVD, mount your "/boot" somewhere, and run "lsinitrd" on the "initrd" file. Put that into another file.
Then try to find which modules were actually loaded (the "lsmod" output) that were not in the initrd. Among those, try to find which might be relevant to a USB device. If you find the culprit, you can edit "/usr/lib/dracut/modules.d/90kernel-modules/module-setup.sh" to force that module into the "initrd".
Thank you Neil! That was the right direction. I got a ps/2 pc, so I was able to debug easier. (ps/2 keyboard does work in dracut) workaround: dracut --force --add-drivers hid_logitech_hidpp The "hid-logitech-dj" driver was installed but obviously "hid-logitech-hidpp" is also needed. So hopefully "only" logitech users who use encrypted fs run into that problem. Now there is only the mysterios influence left that 13.2 also is some kind affected after leap was installed. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-11-01 01:35, 0x90 wrote:
Now there is only the mysterios influence left that 13.2 also is some kind affected after leap was installed.
How do you boot it? If it is the same boot code... I mean, if 13.2 is booted via grub installed by Leap, that would explain it, perhaps. :-? - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlY1d+gACgkQja8UbcUWM1ytiwD+MMgLLyxFu3ZhaVXRmZ7Pmoc3 pkIzjsNF05Qozjg1DRoA/RInHdyQq+OtchTmgQVXVN+AaeQXlW5gjd/OuQJ0Wch6 =blI0 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Zitat von "Carlos E. R." <robin.listas@telefonica.net>:
On 2015-11-01 01:35, 0x90 wrote:
Now there is only the mysterios influence left that 13.2 also is some kind affected after leap was installed.
How do you boot it? If it is the same boot code... I mean, if 13.2 is booted via grub installed by Leap, that would explain it, perhaps. :-?
No, it is a fresh install, so different bootloader. 13.2 and leap was not installed at the same time. Between installations hard disk was erased. Up to now I thought dd if=/dev/zero of=/dev/sdX and a shutdown afterwards should produce a "virgin" system, but obviously it does not. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 2015-11-01 10:50, 0x90 wrote:
No, it is a fresh install, so different bootloader. 13.2 and leap was not installed at the same time. Between installations hard disk was erased. Up to now I thought dd if=/dev/zero of=/dev/sdX and a shutdown afterwards should produce a "virgin" system, but obviously it does not.
Yes, it does a complete erasure of the disk, provided you point it to the disk and not to a partition. What remains is the chip in the computer that holds some UEFI data, or another disk. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Zitat von "Carlos E. R." <robin.listas@telefonica.net>:
On 2015-11-01 10:50, 0x90 wrote:
No, it is a fresh install, so different bootloader. 13.2 and leap was not installed at the same time. Between installations hard disk was erased. Up to now I thought dd if=/dev/zero of=/dev/sdX and a shutdown afterwards should produce a "virgin" system, but obviously it does not.
Yes, it does a complete erasure of the disk, provided you point it to the disk and not to a partition.
What remains is the chip in the computer that holds some UEFI data, or another disk.
To minimize side effects I always do a fresh install and remove unnecessary parts. So all other controllers and disks are unplugged. I filed another bug report. https://bugzilla.opensuse.org/show_bug.cgi?id=953037 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
01.11.2015 03:35, 0x90 пишет:
Zitat von Neil Rickert <nrickert@ameritech.net>:
On Friday, October 30, 2015 09:14:47 PM 0x90 wrote:
I just installed leap on bare metal for the first time and ran into the problem that I can not enter the password for my encrypted partitions. To be more precise: No keyboard action possible.
installation: from usb (iso x86_64 build 265)
I had that problem up through Beta1, though it was fixed by RC1.
The problem was because one of the USB drivers was missing from the "initrd". You seem to have a similar problem. You need to find what driver is missing, then force that into the "initrd". You should also file a bug report.
The missing driver is in the system, for otherwise you would not have been able to install. But if it is not in the "initrd", then you cannot use USB devices for the encryption key.
Suggestion: Boot the install DVD. Get to a command line (either boot in rescue mode, or use CTRL-ALT-F2 to get a command line). Then use "lsmod" to get a list of loaded modules. Put that list into a file.
While booted to the DVD, mount your "/boot" somewhere, and run "lsinitrd" on the "initrd" file. Put that into another file.
Then try to find which modules were actually loaded (the "lsmod" output) that were not in the initrd. Among those, try to find which might be relevant to a USB device. If you find the culprit, you can edit "/usr/lib/dracut/modules.d/90kernel-modules/module-setup.sh" to force that module into the "initrd".
Thank you Neil! That was the right direction. I got a ps/2 pc, so I was able to debug easier. (ps/2 keyboard does work in dracut)
workaround: dracut --force --add-drivers hid_logitech_hidpp
Create file in /etc/dracut.conf.d and place add_drivers (or may be even force_drivers) there, like force_drivers+=" hid_logitech_hidpp " This will ensure it will be included in the future.
The "hid-logitech-dj" driver was installed but obviously "hid-logitech-hidpp" is also needed. So hopefully "only" logitech users who use encrypted fs run into that problem.
Now there is only the mysterios influence left that 13.2 also is some kind affected after leap was installed.
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Zitat von Andrei Borzenkov <arvidjaar@gmail.com>:
01.11.2015 03:35, 0x90 пишет:
Zitat von Neil Rickert <nrickert@ameritech.net>:
On Friday, October 30, 2015 09:14:47 PM 0x90 wrote:
I just installed leap on bare metal for the first time and ran into the problem that I can not enter the password for my encrypted partitions. To be more precise: No keyboard action possible.
installation: from usb (iso x86_64 build 265)
I had that problem up through Beta1, though it was fixed by RC1.
The problem was because one of the USB drivers was missing from the "initrd". You seem to have a similar problem. You need to find what driver is missing, then force that into the "initrd". You should also file a bug report.
The missing driver is in the system, for otherwise you would not have been able to install. But if it is not in the "initrd", then you cannot use USB devices for the encryption key.
Suggestion: Boot the install DVD. Get to a command line (either boot in rescue mode, or use CTRL-ALT-F2 to get a command line). Then use "lsmod" to get a list of loaded modules. Put that list into a file.
While booted to the DVD, mount your "/boot" somewhere, and run "lsinitrd" on the "initrd" file. Put that into another file.
Then try to find which modules were actually loaded (the "lsmod" output) that were not in the initrd. Among those, try to find which might be relevant to a USB device. If you find the culprit, you can edit "/usr/lib/dracut/modules.d/90kernel-modules/module-setup.sh" to force that module into the "initrd".
Thank you Neil! That was the right direction. I got a ps/2 pc, so I was able to debug easier. (ps/2 keyboard does work in dracut)
workaround: dracut --force --add-drivers hid_logitech_hidpp
Create file in /etc/dracut.conf.d and place add_drivers (or may be even force_drivers) there, like
force_drivers+=" hid_logitech_hidpp "
This will ensure it will be included in the future.
Thank you for the hint. But by now it is more interesting getting it work during installation.
The "hid-logitech-dj" driver was installed but obviously "hid-logitech-hidpp" is also needed. So hopefully "only" logitech users who use encrypted fs run into that problem.
Now there is only the mysterios influence left that 13.2 also is some kind affected after leap was installed.
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
01.11.2015 12:55, 0x90 пишет:
Zitat von Andrei Borzenkov <arvidjaar@gmail.com>:
01.11.2015 03:35, 0x90 пишет:
Zitat von Neil Rickert <nrickert@ameritech.net>:
On Friday, October 30, 2015 09:14:47 PM 0x90 wrote:
I just installed leap on bare metal for the first time and ran into the problem that I can not enter the password for my encrypted partitions. To be more precise: No keyboard action possible.
installation: from usb (iso x86_64 build 265)
I had that problem up through Beta1, though it was fixed by RC1.
The problem was because one of the USB drivers was missing from the "initrd". You seem to have a similar problem. You need to find what driver is missing, then force that into the "initrd". You should also file a bug report.
The missing driver is in the system, for otherwise you would not have been able to install. But if it is not in the "initrd", then you cannot use USB devices for the encryption key.
Suggestion: Boot the install DVD. Get to a command line (either boot in rescue mode, or use CTRL-ALT-F2 to get a command line). Then use "lsmod" to get a list of loaded modules. Put that list into a file.
While booted to the DVD, mount your "/boot" somewhere, and run "lsinitrd" on the "initrd" file. Put that into another file.
Then try to find which modules were actually loaded (the "lsmod" output) that were not in the initrd. Among those, try to find which might be relevant to a USB device. If you find the culprit, you can edit "/usr/lib/dracut/modules.d/90kernel-modules/module-setup.sh" to force that module into the "initrd".
Thank you Neil! That was the right direction. I got a ps/2 pc, so I was able to debug easier. (ps/2 keyboard does work in dracut)
workaround: dracut --force --add-drivers hid_logitech_hidpp
Create file in /etc/dracut.conf.d and place add_drivers (or may be even force_drivers) there, like
force_drivers+=" hid_logitech_hidpp "
This will ensure it will be included in the future.
Thank you for the hint. But by now it is more interesting getting it work during installation.
Sure; but as workaround you can boot any live image, create this file and rebuild initrd. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
01.11.2015 03:35, 0x90 пишет:
workaround: dracut --force --add-drivers hid_logitech_hidpp
Please open bug report for it and mention it here. I'm not sure what is the "correct" solution. Including everything rather defeats the purpose of kernel/initrd modularization. OTOH we cannot even be sure next boot will have the same keyboard as was used during initrd creation, so device detection is not sufficient as well. I am afraid we'll have to bite the bullet and include all keyboard drivers, at least in case of encrypted root. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Zitat von Andrei Borzenkov <arvidjaar@gmail.com>:
01.11.2015 03:35, 0x90 пишет:
workaround: dracut --force --add-drivers hid_logitech_hidpp
Please open bug report for it and mention it here.
https://bugzilla.opensuse.org/show_bug.cgi?id=953035
I'm not sure what is the "correct" solution. Including everything rather defeats the purpose of kernel/initrd modularization. OTOH we cannot even be sure next boot will have the same keyboard as was used during initrd creation, so device detection is not sufficient as well. I am afraid we'll have to bite the bullet and include all keyboard drivers, at least in case of encrypted root.
ack, but not only encrypted root, also if there is at least one encrypted partition that is beeing mounted at boot. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (6)
-
0x90 -
Andrei Borzenkov -
Carlos E. R. -
Jan Engelhardt -
Neil Rickert -
Olaf Hering