Being a fellow pilgrim in the Way of the Penguin, I can confirm the
exact same facts as Mr. Pellegrino on clean install of Ubuntu Mate
16.04.
It appears that the swap partition is not actually encrypted at all.
Syslog shows that encryption failed, and "cryptsetup -v isLuks
/path/to/partition" shows not LUKS partition. This is so no matter which
path to the swap partition I use, including: /dev/disks/by-uuid/XXXX,
the device show by "grep /proc/swaps", or /dev/mapper/cryptswap1.
Looking at /var/log/syslog, I see that cryptsetup failed because
/dev/urandom is not available. ("grep crypt /var/log/syslog" for
details.)
Further, I notice that poweroff.target is disabled. When I enable it
(systemctl enable poweroff.target), shutdown works as expected unless
the computer has resumed from suspend.
The work around suggested by Mr. Pellegrino works, but of course that
means that swap is not encrypted, which is of course a security
vulnerability.
Here is my working theory: On boot-up, systemd tries to create an
encrypted swap, but when it cannot, systemd creates an unencrypted swap.
(Feature or bug? There would be competing considerations, so it is hard
to say.) After resume from suspend, which of course involves (on
suspend) writing RAM to swap and then (on resume) reading from swap to
RAM, the system thinks there should be an encrypted swap (because that's
what /etc/fstab and /etc/crypttab say), but can't find it and gets
confused when time comes to shutdown.
This being a security issue, it should be given attention.
** Changed in: systemd (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1594035
Title:
unable to shut down the system after suspend / resume
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1594035/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
