Bug#926689: cryptsetup-initramfs: config lines in grub.cfg for cryptodisk/luks and other modules missing
This appears to be the same as #1028301, for which I've attached upstream patchs. Ben. -- Ben Hutchings The two most common things in the universe are hydrogen and stupidity. signature.asc Description: This is a digitally signed message part
Bug#926689: cryptsetup-initramfs: config lines in grub.cfg for cryptodisk/luks and other modules missing
Package: grub-common Version: 2.06-2 Followup-For: Bug #926689 Dear Maintainer, I want to second OP's report, and add a related issue. I have run into two problems with grub 2.06-2: * LUKS2 metadata support is not compiled in. This is a simple fix, simply requiring that luks2 be added to GRUB_MODULES in debian/build-efi-images. * grub-install installs the modular EFI image into the EFI system partition. This image lacks the modules required for GRUB_ENABLE_CRYPTODISK=y support to work, so the user is dumped into the rescue shell. Whatever logic that previously resulted in the monolithic image being installed is broken. -- Package-specific info: *** BEGIN /proc/mounts /dev/mapper/nausicaamain-root / ext4 rw,relatime,errors=remount-ro 0 0 /dev/nvme0n1p2 /boot/efi vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 0 /dev/mapper/nausicaamain-home /home ext4 rw,relatime 0 0 /dev/mapper/nausicaawork /work ext4 rw,relatime,stripe=256 0 0 /dev/mapper/nausicaawork /home/krose/work ext4 rw,relatime,stripe=256 0 0 *** END /proc/mounts *** BEGIN /boot/grub/grub.cfg # # DO NOT EDIT THIS FILE # # It is automatically generated by grub-mkconfig using templates # from /etc/grub.d and settings from /etc/default/grub # ### BEGIN /etc/grub.d/00_header ### if [ -s $prefix/grubenv ]; then set have_grubenv=true load_env fi if [ "${next_entry}" ] ; then set default="${next_entry}" set next_entry= save_env next_entry set boot_once=true else set default="0" fi if [ x"${feature_menuentry_id}" = xy ]; then menuentry_id_option="--id" else menuentry_id_option="" fi export menuentry_id_option if [ "${prev_saved_entry}" ]; then set saved_entry="${prev_saved_entry}" save_env saved_entry set prev_saved_entry= save_env prev_saved_entry set boot_once=true fi function savedefault { if [ -z "${boot_once}" ]; then saved_entry="${chosen}" save_env saved_entry fi } function load_video { if [ x$feature_all_video_module = xy ]; then insmod all_video else insmod efi_gop insmod efi_uga insmod ieee1275_fb insmod vbe insmod vga insmod video_bochs insmod video_cirrus fi } terminal_input console terminal_output console if [ "${recordfail}" = 1 ] ; then set timeout=30 else if [ x$feature_timeout_style = xy ] ; then set timeout_style=menu set timeout=5 # Fallback normal timeout code in case the timeout_style feature is # unavailable. else set timeout=5 fi fi ### END /etc/grub.d/00_header ### ### BEGIN /etc/grub.d/05_debian_theme ### set menu_color_normal=cyan/blue set menu_color_highlight=white/blue ### END /etc/grub.d/05_debian_theme ### ### BEGIN /etc/grub.d/10_linux ### function gfxmode { set gfxpayload="${1}" } set linux_gfx_mode= export linux_gfx_mode menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-5ff05376-4105-4d5a-9d08-3c19a187bf5f' { load_video insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod lvm insmod ext2 set root='lvmid/CHS1Km-Ej3O-BzCE-jjRr-FTAW-z7Z1-fxfjQO/OLHIBB-fUee-zo0b-AJY9-fxrl-1qT1-H9TOZU' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint='lvmid/CHS1Km-Ej3O-BzCE-jjRr-FTAW-z7Z1-fxfjQO/OLHIBB-fUee-zo0b-AJY9-fxrl-1qT1-H9TOZU' 5ff05376-4105-4d5a-9d08-3c19a187bf5f else search --no-floppy --fs-uuid --set=root 5ff05376-4105-4d5a-9d08-3c19a187bf5f fi echo'Loading Linux 5.16.0-5-amd64 ...' linux /boot/vmlinuz-5.16.0-5-amd64 root=/dev/mapper/nausicaamain-root ro cryptdevice=UUID=5bc07e8a-6a75-4d68-925b-8c107abf2ed0:lvm mitigations=off ip=192.168.32.7::192.168.32.1:255.255.255.0::enp6s0:off noirqdebug add_efi_memmap echo'Loading initial ramdisk ...' initrd /boot/initrd.img-5.16.0-5-amd64 } submenu 'Advanced options for Debian GNU/Linux' $menuentry_id_option 'gnulinux-advanced-5ff05376-4105-4d5a-9d08-3c19a187bf5f' { menuentry 'Debian GNU/Linux, with Linux 5.16.0-5-amd64' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.16.0-5-amd64-advanced-5ff05376-4105-4d5a-9d08-3c19a187bf5f' { load_video insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod lvm insmod ext2 set root='lvmid/CHS1Km-Ej3O-BzCE-jjRr-FTAW-z7Z1-fxfjQO/OLHIBB-fUee-zo0b-AJY9-fxrl-1qT1-H9TOZU' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint='lvmid/CHS1Km-Ej3O-BzCE-jjRr-FTAW-z7Z1-fxfjQO/OLHIBB-fUee-zo0b-AJY9-fxrl-1qT1-H9TOZU' 5ff05376-4105-4d5a-9d08-3c19a187bf5f
Bug#926689: [pkg-cryptsetup-devel] Bug#926689: cryptsetup-initramfs: config lines in grub.cfg for cryptodisk/luks and other modules missing
Control: reassign -1 grub2-common Control: merge-1 924151 Hi, On Mon, 08 Apr 2019 at 20:19:47 -0400, Gabriel Filion wrote: > Package: cryptsetup > Version: 2:2.1.0-2 > […] > I found out that some configuration lines are missing in all options that get > generated inside grub.cfg. > > Here's a diff between the grub configuration that was generated while in > rescue > mode (in a chroot inside the device that gets used for / ) vs. generated while > the system is running: > > -8<8<8<--- > $ diff -burN ~/grub.cfg /boot/grub/grub.cfg > --- /home/gabster/grub.cfg2019-04-08 19:20:24.000726392 -0400 > +++ /boot/grub/grub.cfg 2019-04-08 19:37:00.360714287 -0400 /boot/grub/grub.cfg is not generated by src:cryptsetup. Reassigning accordingly, and merging with #924151. Cheers, -- Guilhem. signature.asc Description: PGP signature
Bug#926689: cryptsetup-initramfs: config lines in grub.cfg for cryptodisk/luks and other modules missing
Package: cryptsetup Version: 2:2.1.0-2 Severity: grave Justification: renders package unusable Hello, I've rebooted my computer this morning and the password prompt to unlock the crypto device would not appear before grub would search for the lvm device inside. This means that the system was not booting and I was getting dropped in the grub rescue prompt. The only way that I could bring the system back was by using the "Rescue mode" with the debian stretch installer. I have all files, including /boot, in one partition, and I use grub to unlock the crypto in order for it to find kernel and boot options. If this seems like a case that wouldn't affect most users, please don't hesitate to demote the severity. I found out that some configuration lines are missing in all options that get generated inside grub.cfg. Here's a diff between the grub configuration that was generated while in rescue mode (in a chroot inside the device that gets used for / ) vs. generated while the system is running: -8<8<8<--- $ diff -burN ~/grub.cfg /boot/grub/grub.cfg --- /home/gabster/grub.cfg 2019-04-08 19:20:24.000726392 -0400 +++ /boot/grub/grub.cfg 2019-04-08 19:37:00.360714287 -0400 @@ -58,15 +58,8 @@ if [ x$feature_default_font_path = xy ] ; then font=unicode else -insmod part_msdos -insmod cryptodisk -insmod luks -insmod gcry_rijndael -insmod gcry_rijndael -insmod gcry_sha256 insmod lvm insmod ext2 -cryptomount -u f100e85eb832489a9e97f1a9661a0c45 set root='lvmid/RfBQnU-gtRN-m55o-zwRA-L433-esRb-UpOa0w/lEtX5E-aBNo-0ngD-TwvX-3qrY-OxNF-DaG8T4' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint='lvmid/RfBQnU-gtRN-m55o-zwRA-L433-esRb-UpOa0w/lEtX5E-aBNo-0ngD-TwvX-3qrY-OxNF-DaG8T4' f8c6cb03-667e-46fc-b531-eb30a2558d74 @@ -81,7 +74,7 @@ load_video insmod gfxterm set locale_dir=$prefix/locale - set lang=C + set lang=en_CA insmod gettext fi terminal_output gfxterm ->8>8>8--- (I've abbreviated the diff since all the rest is just repetition of missing "insmod" and "cryptomount" lines for all options. for some reason those lines are not added when running the system after decrypting the disk properly, but they are present when the grub.conf file is generated in the chroot in rescue mode. since the same versions of software are used in both cases, I can only presume that something is different in the mounts currently available, or some other kernel setting that might differ.. Heres a listing of mounts (which are mostly things that come from the kernel -- you can also see the debian stretch usb key that saved me :P ) -8<8<8<--- $ mount sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) udev on /dev type devtmpfs (rw,nosuid,relatime,size=8053524k,nr_inodes=2013381,mode=755) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=1614472k,mode=755) /dev/mapper/host-root on / type ext4 (rw,relatime,errors=remount-ro,stripe=8191) securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev) tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k) tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755) cgroup2 on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,name=systemd) pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime) bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700) cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio) cgroup on /sys/fs/cgroup/rdma type cgroup (rw,nosuid,nodev,noexec,relatime,rdma) cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event) cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio) cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids) systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=25,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=12208) debugfs on /sys/kernel/debug type debugfs (rw,relatime) hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M) mque