dracut
dracut copied to clipboard
dracutdevs
crypttab name with "LVM" cause false negative when looking for LUKS-encrypted partitions
Describe the bug From what I've seen, the name chosen in /etc/crypttab for the resulting encrypted block device can be anything. The man page for crypttab doesn't say anything about what the name should or should not be. So, I went ahead and chose "cr_ZuleSysLVM" because I named the computer "Zule", and the LVM that lives inside the encrypted partition is called "ZuleSys".
Everything works fine except when the kernel gets updated and dracut makes new initrds for all installed kernels. After that, I am not prompted for my decryption password and the system will not boot.
My solution from there was to boot using the installation DVD, open the encrypted partition, then set up and do a chroot so I could manually run dracut again. That always works fine but is rather inconvenient.
My lsblk:
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 298.1G 0 disk
├─sda1 8:1 0 250M 0 part /boot
└─sda2 8:2 0 297.9G 0 part
└─cr_ZuleSysLVM 254:0 0 297.9G 0 crypt
├─ZuleSys-Root 254:1 0 30G 0 lvm /
├─ZuleSys-Home 254:2 0 259.9G 0 lvm /home
└─ZuleSys-Swap 254:3 0 8G 0 lvm [SWAP]
sr0 11:0 1 1024M 0 rom
My blkid:
/dev/sda1: LABEL="ZuleBoot" UUID="480bf83c-0505-4405-adbb-a9be37f32baf" TYPE="ext2" PTTYPE="dos" PARTUUID="000057e4-01"
/dev/sda2: UUID="f820119e-0e89-4743-ba34-e0d0172b2251" TYPE="crypto_LUKS" PARTUUID="000057e4-02"
/dev/mapper/cr_ZuleSysLVM: UUID="yGxlJr-wBM7-sth8-zxFj-7m1t-GhHO-3KLdcD" TYPE="LVM2_member"
/dev/mapper/ZuleSys-Root: LABEL="ZuleRoot" UUID="0bf2b9fc-d734-49c5-b682-628b7af9e7d4" TYPE="ext4"
/dev/mapper/ZuleSys-Home: LABEL="ZuleHome" UUID="435dd7fa-b73f-434a-b4f3-8c06404db37a" TYPE="ext4"
/dev/mapper/ZuleSys-Swap: UUID="717c0dd2-2032-4286-a908-296726be6f01" TYPE="swap"
My /etc/crypttab:
cr_ZuleSysLVM /dev/disk/by-uuid/f820119e-0e89-4743-ba34-e0d0172b2251 none luks
What I have discovered is the the presence of the upper-case letters "LVM" in the crypttab name cause dracut to think it's an LVM partition and not a LUKS encrypted one. Since dracut doesn't find any LUKS partitions, it doesn't include anything for them in initrd. The two troublesome lines of bash script are in dracut-functions.sh. They are both:
[[ -f $_dm/uuid && $(<$_dm/uuid) =~ LVM-* ]] || return 1
These lines are in functions check_vol_slaves() and check_vol_slaves_all().
When booting using the installation DVD, it doesn't read the installed crypttab, so it makes up its own name, such as "cr_auto-2". That's why it all works from there.
dracut's debug output shows several occurances like these:
/usr/lib/dracut/dracut-functions.sh@575(check_vol_slaves): [[ CRYPT-LUKS1-f820119e0e894743ba34e0d0172b2251-cr_ZuleSysLVM =~ LVM-* ]]
and
/usr/lib/dracut/dracut-functions.sh@593(check_vol_slaves_all): [[ CRYPT-LUKS1-f820119e0e894743ba34e0d0172b2251-cr_ZuleSysLVM =~ LVM-* ]]
Once I modified my /etc/crypttab name to "cr_ZuleSys", booted with the installation DVD again, and re-built all initrds, it all works fine. That got rid of the troublesome "LVM" from everything. From the installed system, dracut now includes all crypt hooks required for successful booting.
Distribution used openSUSE Leap 15.2
Dracut version dracut-049.1+suse.183.g7282fe92-lp152.2.15.1.x86_64 I'm sure many other versions do the same thing
Init system systemd
To Reproduce Use the upper-case letters "LVM" in your /etc/crypttab name, not just at the end.
Expected behavior I expected any arbitrary name in crypttab to work. I've never seen any indication of limits to this name.
