Package: cryptsetup-initramfs Version: 2:2.4.3-1ubuntu1.1 Severity: important Tags: upstream d-i X-Debbugs-Cc: ny...@doramail.com
Dear Maintainer, This is a repost of the same bug report I submitted to Ubuntu maintainers on https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/2031499 and that seems to have been left as is. I am now hitting the same issue on Debian Bookworm. update-initramfs does not generate entries of initrd's /cryptroot/crypttab in the same order as system's /etc/crypttab, when entries tagged as "initramfs" are placed before entries that are not, or that are detected as necessary to unlock the root partition. This is a problem if partitions automatically detected as needed depends on a partition that is not detected as necessary; even if it actually is. For examples, see system's /etc/crypttab below: # <target name> <source device> <key file> <options> keyring UUID=abcdefg none luks,initramfs swap /dev/xps-nicmel/swap legacy luks,keyscript=/etc/luks-key.sh Turns to initrd's /cryptroot/crypttab: swap /dev/mapper/xps--nicmel-swap legacy luks,keyscript=/etc/luks-key.sh keyring UUID=abcdefg none luks,initramfs The swap partition gets its key from the script luks-key.sh, which itself reads it from keyring. update-initramfs cannot detect this dependency and places swap as to be decrypted first. Decryption will fail at boot because it won't find the necessary key. I could work around the problem by modifying /usr/share/initramfs- tools/hooks/cryptroot from 177 generate_initrd_crypttab() { 178 local devnos usage IFS="$(printf '\t\n ')" 179 mkdir -- "$DESTDIR/cryptroot" 180 true >"$DESTDIR/cryptroot/targets" 181 182 { 183 if devnos="$(get_mnt_devno /)"; then 184 if [ -n "$devnos" ]; then 185 usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos 186 fi 187 else 188 cryptsetup_message "WARNING: Couldn't determine root device" 189 fi 190 191 if devnos="$(get_resume_devno)" && [ -n "$devnos" ]; then 192 usage=resume foreach_cryptdev crypttab_find_and_print_entry $devnos 193 fi 194 195 if devnos="$(get_mnt_devno /usr)" && [ -n "$devnos" ]; then 196 usage="" foreach_cryptdev crypttab_find_and_print_entry $devnos 197 fi 198 199 # add crypttab entries with the 'initramfs' option set 200 crypttab_foreach_entry crypttab_print_initramfs_entry 201 } 3>"$DESTDIR/cryptroot/crypttab" 202 rm -f "$DESTDIR/cryptroot/targets" 203 } to generate_initrd_crypttab() { 178 local devnos usage IFS="$(printf '\t\n ')" 179 mkdir -- "$DESTDIR/cryptroot" 180 true >"$DESTDIR/cryptroot/targets" 181 182 { 183 # add crypttab entries with the 'initramfs' option set 184 crypttab_foreach_entry crypttab_print_initramfs_entry 185 186 if devnos="$(get_mnt_devno /)"; then 187 if [ -n "$devnos" ]; then 188 usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos 189 fi 190 else 191 cryptsetup_message "WARNING: Couldn't determine root device" 192 fi 193 194 if devnos="$(get_resume_devno)" && [ -n "$devnos" ]; then 195 usage=resume foreach_cryptdev crypttab_find_and_print_entry $devnos 196 fi 197 198 if devnos="$(get_mnt_devno /usr)" && [ -n "$devnos" ]; then 199 usage="" foreach_cryptdev crypttab_find_and_print_entry $devnos 200 fi 201 } 3>"$DESTDIR/cryptroot/crypttab" 202 rm -f "$DESTDIR/cryptroot/targets" 203 } i.e. moving line 200 to line 183, so that "initramfs"-tagged entries are generated before other entries. Of course this is a quick and dirty fix and won't stand many other scenarios. A possible quick fix includes an order field in options section of /etc/crypttab, or preserving entries order of system's crypttab. A better one would be a dependency option, e.g. depends=keyring in the example above: keyring UUID=abcdefg none luks,initramfs swap /dev/xps-nicmel/swap legacy luks,keyscript=/etc/luks- key.sh,depends=keyring -- Package-specific info: -- /proc/cmdline BOOT_IMAGE=/vmlinuz-6.2.0-35-generic root=ZFS=xps-nicmel/ubuntu-22.04 ro quiet splash resume=UUID=dd6ea7ab-5651-4d11-ae2c-b02869051ea3 vt.handoff=1 -- /etc/crypttab # <target name> <source device> <key file> <options> keyring UUID=ab96a60d-94e8-40cf-b6e8-e29d30a5b5ec none luks,initramfs #ubuntu-22.04 /dev/xps-nicmel/ubuntu-22.04 none luks nvme0n1p10 /dev/nvme0n1p10 xps-nicmel luks,initramfs,keyscript=/etc/luks-key.sh nvme0n1p11 /dev/nvme0n1p11 xps-nicmel luks,initramfs,keyscript=/etc/luks-key.sh nvme0n1p12 /dev/nvme0n1p12 xps-nicmel luks,initramfs,keyscript=/etc/luks-key.sh nvme0n1p13 /dev/nvme0n1p13 xps-nicmel luks,initramfs,keyscript=/etc/luks-key.sh nvme0n1p16 /dev/nvme0n1p16 xps-nicmel luks,initramfs,keyscript=/etc/luks-key.sh nvme0n1p17 /dev/nvme0n1p17 xps-nicmel luks,initramfs,keyscript=/etc/luks-key.sh nvme0n1p18 /dev/nvme0n1p18 xps-nicmel luks,initramfs,keyscript=/etc/luks-key.sh #nvme0n1p19 UUID=bfcda444-6b0e-414a-8cc4-9c9e4f462889 xps-nicmel luks,initramfs,keyscript=/etc/luks-key.sh #tmp /dev/xps-nicmel/tmp /etc/luks.key luks easybuild /dev/xps-nicmel/easybuild /boot/keyring/xps-nicmel.key luks swap /dev/xps-nicmel/swap xps-nicmel luks,initramfs,keyscript=/etc/luks-key.sh -- /etc/fstab # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> #/dev/mapper/ubuntu-22.04 / ext4 errors=remount-ro 0 1 # /boot was on /dev/nvme0n1p4 during installation UUID=17bb4db1-37f6-45c1-97fb-ac14ac5c0334 /boot ext4 defaults 0 2 # /boot/efi was on /dev/nvme0n1p1 during installation UUID=60F0-EFA8 /boot/efi vfat umask=0077 0 1 /dev/mapper/keyring /boot/keyring ext4 ro 0 1 #/dev/mapper/home /home ext4 defaults 0 2 #/dev/mapper/easybuild /opt/easybuild ext4 defaults 0 2 #UUID=073d294f-fe2e-4b15-b593-3e2c2b1fa718 none swap sw 0 0 #/dev/mapper/tmp /tmp ext4 defaults 0 2 #/dev/mapper/local /usr/local ext4 defaults 0 2 /dev/mapper/swap none swap sw 0 0 -- lsmod Module Size Used by rfcomm 98304 4 vboxnetadp 28672 0 vboxnetflt 32768 0 vboxdrv 638976 2 vboxnetadp,vboxnetflt ccm 20480 6 nfnetlink 24576 0 cmac 16384 2 algif_hash 20480 1 algif_skcipher 16384 1 af_alg 32768 6 algif_hash,algif_skcipher bnep 32768 2 binfmt_misc 24576 1 snd_hda_codec_hdmi 94208 1 mei_hdcp 28672 0 mei_pxp 20480 0 snd_sof_pci_intel_tgl 16384 0 snd_sof_intel_hda_common 188416 1 snd_sof_pci_intel_tgl soundwire_intel 57344 1 snd_sof_intel_hda_common soundwire_generic_allocation 16384 1 soundwire_intel soundwire_cadence 40960 1 soundwire_intel pmt_telemetry 16384 0 snd_sof_intel_hda 24576 1 snd_sof_intel_hda_common pmt_class 16384 1 pmt_telemetry intel_rapl_msr 20480 0 snd_sof_pci 24576 2 snd_sof_intel_hda_common,snd_sof_pci_intel_tgl snd_sof_xtensa_dsp 16384 1 snd_sof_intel_hda_common dell_laptop 36864 0 nls_iso8859_1 16384 1 snd_sof 311296 3 snd_sof_pci,snd_sof_intel_hda_common,snd_sof_intel_hda dell_smm_hwmon 24576 0 snd_sof_utils 20480 1 snd_sof snd_soc_hdac_hda 24576 1 snd_sof_intel_hda_common snd_hda_ext_core 36864 3 snd_sof_intel_hda_common,snd_soc_hdac_hda,snd_sof_intel_hda x86_pkg_temp_thermal 20480 0 snd_soc_acpi_intel_match 81920 2 snd_sof_intel_hda_common,snd_sof_pci_intel_tgl snd_soc_acpi 16384 2 snd_soc_acpi_intel_match,snd_sof_intel_hda_common intel_powerclamp 24576 0 soundwire_bus 110592 3 soundwire_intel,soundwire_generic_allocation,soundwire_cadence coretemp 24576 0 snd_ctl_led 24576 0 snd_soc_core 417792 4 soundwire_intel,snd_sof,snd_sof_intel_hda_common,snd_soc_hdac_hda rapl 20480 0 snd_hda_codec_realtek 192512 1 intel_cstate 24576 0 snd_hda_codec_generic 118784 1 snd_hda_codec_realtek snd_compress 28672 1 snd_soc_core ac97_bus 16384 1 snd_soc_core btusb 69632 0 typec_displayport 20480 0 snd_pcm_dmaengine 20480 1 snd_soc_core serio_raw 20480 0 dell_wmi_sysman 49152 0 btrtl 28672 1 btusb dell_wmi_ddv 20480 0 dell_wmi 28672 1 dell_laptop btbcm 24576 1 btusb snd_hda_intel 61440 5 snd_intel_dspcfg 36864 3 snd_hda_intel,snd_sof,snd_sof_intel_hda_common btintel 53248 1 btusb firmware_attributes_class 16384 1 dell_wmi_sysman snd_usb_audio 425984 0 btmtk 16384 1 btusb snd_intel_sdw_acpi 20480 2 snd_sof_intel_hda_common,snd_intel_dspcfg dell_smbios 28672 2 dell_wmi,dell_laptop snd_usbmidi_lib 53248 1 snd_usb_audio snd_hda_codec 204800 6 snd_hda_codec_generic,snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec_realtek,snd_soc_hdac_hda,snd_sof_intel_hda uvcvideo 139264 0 bluetooth 1040384 34 btrtl,btmtk,btintel,btbcm,bnep,btusb,rfcomm snd_seq_midi 20480 0 cmdlinepart 16384 0 snd_seq_midi_event 16384 1 snd_seq_midi videobuf2_vmalloc 20480 1 uvcvideo dcdbas 28672 1 dell_smbios snd_hda_core 135168 9 snd_hda_codec_generic,snd_hda_codec_hdmi,snd_hda_intel,snd_hda_ext_core,snd_hda_codec,snd_hda_codec_realtek,snd_sof_intel_hda_common,snd_soc_hdac_hda,snd_sof_intel_hda iwlmvm 729088 0 spi_nor 131072 0 videobuf2_memops 20480 1 videobuf2_vmalloc snd_rawmidi 53248 2 snd_seq_midi,snd_usbmidi_lib ecdh_generic 16384 1 bluetooth dell_wmi_descriptor 20480 2 dell_wmi,dell_smbios snd_hwdep 20480 2 snd_usb_audio,snd_hda_codec wmi_bmof 16384 0 ledtrig_audio 16384 4 snd_ctl_led,snd_hda_codec_generic,dell_wmi,dell_laptop mei_me 57344 2 ecc 45056 1 ecdh_generic mtd 98304 3 spi_nor,cmdlinepart snd_pcm 192512 13 snd_hda_codec_hdmi,snd_hda_intel,snd_usb_audio,snd_hda_codec,soundwire_intel,snd_sof,snd_sof_intel_hda_common,snd_compress,snd_soc_core,snd_sof_utils,snd_hda_core,snd_pcm_dmaengine hid_multitouch 36864 0 videobuf2_v4l2 36864 1 uvcvideo mac80211 1617920 1 iwlmvm snd_seq 94208 2 snd_seq_midi,snd_seq_midi_event mei 167936 5 mei_hdcp,mei_pxp,mei_me videodev 323584 2 videobuf2_v4l2,uvcvideo snd_seq_device 16384 3 snd_seq,snd_seq_midi,snd_rawmidi libarc4 16384 1 mac80211 snd_timer 49152 2 snd_seq,snd_pcm videobuf2_common 86016 4 videobuf2_vmalloc,videobuf2_v4l2,uvcvideo,videobuf2_memops hid_sensor_gyro_3d 20480 0 hid_sensor_magn_3d 20480 1 hid_sensor_incl_3d 20480 0 snd 135168 26 snd_ctl_led,snd_hda_codec_generic,snd_seq,snd_seq_device,snd_hda_codec_hdmi,snd_hwdep,snd_hda_intel,snd_usb_audio,snd_usbmidi_lib,snd_hda_codec,snd_hda_codec_realtek,snd_sof,snd_timer,snd_compress,snd_soc_core,snd_pcm,snd_rawmidi hid_sensor_custom_intel_hinge 16384 0 hid_sensor_als 20480 1 hid_sensor_rotation 20480 0 hid_sensor_accel_3d 20480 1 iwlwifi 569344 1 iwlmvm mc 81920 5 videodev,snd_usb_audio,videobuf2_v4l2,uvcvideo,videobuf2_common input_leds 16384 0 hid_sensor_trigger 20480 15 hid_sensor_gyro_3d,hid_sensor_custom_intel_hinge,hid_sensor_incl_3d,hid_sensor_als,hid_sensor_accel_3d,hid_sensor_magn_3d,hid_sensor_rotation soundcore 16384 2 snd_ctl_led,snd industrialio_triggered_buffer 16384 1 hid_sensor_trigger kfifo_buf 16384 1 industrialio_triggered_buffer cfg80211 1241088 3 iwlmvm,iwlwifi,mac80211 hid_sensor_iio_common 28672 8 hid_sensor_gyro_3d,hid_sensor_trigger,hid_sensor_custom_intel_hinge,hid_sensor_incl_3d,hid_sensor_als,hid_sensor_accel_3d,hid_sensor_magn_3d,hid_sensor_rotation joydev 32768 0 industrialio 126976 13 industrialio_triggered_buffer,hid_sensor_gyro_3d,hid_sensor_trigger,hid_sensor_custom_intel_hinge,hid_sensor_incl_3d,kfifo_buf,hid_sensor_als,hid_sensor_accel_3d,hid_sensor_magn_3d,hid_sensor_rotation processor_thermal_device_pci_legacy 16384 0 processor_thermal_device 24576 1 processor_thermal_device_pci_legacy processor_thermal_rfim 28672 1 processor_thermal_device processor_thermal_mbox 16384 2 processor_thermal_rfim,processor_thermal_device intel_vsec 20480 0 processor_thermal_rapl 20480 1 processor_thermal_device intel_rapl_common 40960 2 intel_rapl_msr,processor_thermal_rapl intel_skl_int3472_tps68470 20480 0 intel_soc_dts_iosf 20480 1 processor_thermal_device_pci_legacy igen6_edac 24576 0 tps68470_regulator 16384 0 int3403_thermal 20480 0 soc_button_array 20480 0 clk_tps68470 16384 0 intel_hid 24576 0 int340x_thermal_zone 20480 2 int3403_thermal,processor_thermal_device mac_hid 16384 0 int3400_thermal 24576 0 intel_skl_int3472_discrete 20480 0 acpi_tad 20480 0 acpi_pad 184320 0 sparse_keymap 16384 2 intel_hid,dell_wmi acpi_thermal_rel 16384 1 int3400_thermal sch_fq_codel 24576 1 kvm_intel 503808 0 kvm 1347584 1 kvm_intel irqbypass 16384 1 kvm msr 16384 0 parport_pc 53248 0 ppdev 24576 0 lp 28672 0 parport 73728 3 parport_pc,lp,ppdev efi_pstore 16384 0 ip_tables 36864 0 x_tables 65536 1 ip_tables autofs4 57344 2 dm_crypt 65536 10 raid10 73728 0 raid456 192512 0 async_raid6_recov 24576 1 raid456 async_memcpy 20480 2 raid456,async_raid6_recov async_pq 24576 2 raid456,async_raid6_recov async_xor 20480 3 async_pq,raid456,async_raid6_recov async_tx 20480 5 async_pq,async_memcpy,async_xor,raid456,async_raid6_recov xor 24576 1 async_xor hid_cmedia 16384 0 raid6_pq 126976 3 async_pq,raid456,async_raid6_recov libcrc32c 16384 1 raid456 raid1 57344 0 raid0 24576 0 multipath 20480 0 linear 20480 0 r8153_ecm 16384 0 cdc_ether 24576 1 r8153_ecm usbnet 65536 2 r8153_ecm,cdc_ether zfs 4603904 13 zunicode 352256 1 zfs hid_plantronics 20480 0 zzstd 589824 1 zfs zlua 229376 1 zfs zavl 24576 1 zfs icp 368640 1 zfs zcommon 131072 2 zfs,icp znvpair 135168 2 zfs,zcommon spl 163840 6 zfs,icp,zzstd,znvpair,zcommon,zavl r8152 139264 1 r8153_ecm mii 20480 2 usbnet,r8152 hid_sensor_custom 28672 0 hid_sensor_hub 28672 10 hid_sensor_gyro_3d,hid_sensor_trigger,hid_sensor_iio_common,hid_sensor_custom_intel_hinge,hid_sensor_incl_3d,hid_sensor_als,hid_sensor_accel_3d,hid_sensor_magn_3d,hid_sensor_rotation,hid_sensor_custom intel_ishtp_hid 32768 0 i915 3899392 48 drm_buddy 20480 1 i915 i2c_algo_bit 16384 1 i915 ttm 110592 1 i915 drm_display_helper 212992 1 i915 cec 94208 2 drm_display_helper,i915 rc_core 77824 1 cec crct10dif_pclmul 16384 1 wacom 159744 0 crc32_pclmul 16384 0 drm_kms_helper 249856 2 drm_display_helper,i915 usbhid 73728 1 wacom polyval_clmulni 16384 0 syscopyarea 16384 1 drm_kms_helper polyval_generic 16384 1 polyval_clmulni sysfillrect 20480 1 drm_kms_helper hid_generic 16384 0 ghash_clmulni_intel 16384 0 nvme 61440 14 sysimgblt 20480 1 drm_kms_helper sha512_ssse3 53248 0 aesni_intel 397312 27 rtsx_pci_sdmmc 36864 0 crypto_simd 20480 1 aesni_intel nvme_core 204800 18 nvme intel_lpss_pci 28672 0 i2c_i801 40960 0 spi_intel_pci 16384 0 intel_ish_ipc 32768 0 ucsi_acpi 16384 0 intel_lpss 16384 1 intel_lpss_pci cryptd 28672 13 crypto_simd,ghash_clmulni_intel psmouse 212992 0 i2c_smbus 20480 1 i2c_i801 xhci_pci 24576 0 rtsx_pci 135168 1 rtsx_pci_sdmmc typec_ucsi 53248 1 ucsi_acpi spi_intel 32768 1 spi_intel_pci nvme_common 28672 1 nvme_core drm 696320 24 typec_displayport,drm_kms_helper,drm_display_helper,drm_buddy,i915,ttm thunderbolt 425984 0 intel_ishtp 61440 2 intel_ishtp_hid,intel_ish_ipc idma64 20480 0 i2c_hid_acpi 16384 0 xhci_pci_renesas 20480 1 xhci_pci typec 106496 2 typec_displayport,typec_ucsi i2c_hid 40960 1 i2c_hid_acpi hid 176128 11 i2c_hid,hid_cmedia,wacom,usbhid,hid_multitouch,hid_sensor_hub,intel_ishtp_hid,hid_generic,hid_plantronics video 69632 3 dell_wmi,dell_laptop,i915 wmi 40960 7 dell_wmi_sysman,video,dell_wmi_ddv,dell_wmi,wmi_bmof,dell_smbios,dell_wmi_descriptor pinctrl_tigerlake 32768 2 -- System Information: Debian Release: bookworm/sid APT prefers jammy-updates APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500, 'jammy'), (100, 'jammy-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.2.0-35-generic (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages cryptsetup-initramfs depends on: ii busybox-initramfs 1:1.30.1-7ubuntu3 ii cryptsetup 2:2.4.3-1ubuntu1.1 ii debconf [debconf-2.0] 1.5.79ubuntu1 ii initramfs-tools [linux-initramfs-tool] 0.140ubuntu13.4 Versions of packages cryptsetup-initramfs recommends: ii console-setup 1.205ubuntu3 ii kbd 2.3.0-3ubuntu4.22.04 ii plymouth 0.9.5+git20211018-1ubuntu3 cryptsetup-initramfs suggests no packages. -- no debconf information
