[Nottingham] Problem with encrypted swap on Ubuntu Server 16.04
Jason Irwin
jasonirwin73 at gmail.com
Sat Nov 5 11:27:33 UTC 2016
TLDR: Why does cryptswap create /dev/mapper/cryptswap1, rather than the
swap partition that pre-exists and do I need to keep both in /etc/fstab?
Last night I upgraded me server to 16.04 (RAID 1 with LVM). At reboot, it
stalled with the message:
Please enter passphrase for disk cryptswap1 on none!
This halted the boot process and while any random key-mashing could get
past it, it did present something of a problem.There's a few bugs* about it
and after some head scratching I did manage to get around it.
My /etc/crypttab started out like this:
# <target name> <source device> <key file> <options>
cryptswap1 /dev/md-0 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
I know that source device is wrong from a simple "ls /dev/mapper":
crw------- 1 root root 10, 236 Nov 5 01:00 control
lrwxrwxrwx 1 root root 7 Nov 5 01:00 primary-home -> ../dm-2
lrwxrwxrwx 1 root root 7 Nov 5 01:00 primary-root -> ../dm-0
lrwxrwxrwx 1 root root 7 Nov 5 01:00 primary-swap -> ../dm-1
Great, it's trying to use my root partition! So I updated /etc/crypttab:
# <target name> <source device> <key file> <options>
cryptswap1 /dev/mapper/primary-swap /dev/urandom
swap,cipher=aes-cbc-essiv:sha256
I then started the crypt swap with "sudo cryptdisks_start cryptswap1" and
saw a new device appear:
crw------- 1 root root 10, 236 Nov 5 01:00 control
lrwxrwxrwx 1 root root 7 Nov 5 01:00 cryptswap1 -> ../dm-3
lrwxrwxrwx 1 root root 7 Nov 5 01:00 primary-home -> ../dm-2
lrwxrwxrwx 1 root root 7 Nov 5 01:00 primary-root -> ../dm-0
lrwxrwxrwx 1 root root 7 Nov 5 01:00 primary-swap -> ../dm-1
However, "swapon" still failed with some moaning about and inability to
read the header. Checking /etc/fstab revealed a potential problem:
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc nodev,noexec,nosuid 0 0
/dev/mapper/primary-root / ext4 errors=remount-ro 0 1
/dev/mapper/primary-home /home ext4 defaults 0 2
/dev/mapper/primary-swap none swap sw 0 0
/dev/mapper/cryptswap1 none swap sw 0 0
Two swaps? Commenting out /dev/mapper/primary-swap seemed to solve it and
booting now proceeds A-OK.
Great, it's fixed. I think.
Why this new device? Why not just use /dev/mapper/primary-swap?
And is it *really* fixed or just working by fluke?
Do I need to restore /dev/mapper/primary-swap and run two swaps somehow?
I've tried to find some documentation and either not succeeded or simply
failed to understand (my excuse is the painkillers).
Disclaimer: This has been steadily upgraded from 12.04 and I don't recall
string encrypted swap, but I deffo have encrypted home.
Yours in befuddlement,
Jason
* Seemingly related bugs:
1. https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1453738
2. https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/953875
3. https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1449555
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/nottingham/attachments/20161105/9a84f48d/attachment.html>
More information about the Nottingham
mailing list