Forum: >>> Magnum BBS <<<

Re: Trouble/bug with initramfs-tools adding encrypted swap partition

From Hans@21:1/5 to All on Wed Apr 24 08:40:01 2024

This is a multi-part message in MIME format.

Am Dienstag, 23. April 2024, 22:26:17 CEST schrieb Richard:
Hi Richard,

this is, what I am doing when this happens:

1. booting into a live system (any new is working, I prefer kali-linux)

2. If you are using encrypted filesystems, open it. But you have to name it like it is named in /
etc/crypttab of the defective system

3. Now mount the device with root-filesystem to /mnt

4. If you have /boot as a separated partition, mount it to /mnt/boot

5. Now mount needed system directories to /mnt
mount --bind /sys /mnt/sys
mount --bind /proc /mnt/proc
mount --bind /dev /mnt/dev

6. If everything is mounted correct, you can chroot into the mounted system
chroot /mnt

7. Now you can create a new initrd
update-initramfs -u

8. exit the chroot and reboot.

--------------------

Note:

1. if you have encrypted filesystems, check in the chroot the files

/etc/crypttab
/etc/cryptsetup-initramfs/conf-hook

In conf-hook check the last line, the parm "ASKPASS=Y" should be commented out.

2. You can check the UUID of every partition with the command
blkid /dev/sda1
and compare it with the entries in /etc/fstab, /etc/crypttab and everywhere else it is used.

3. In chroot, you can of course also create a new initrd, using
update-initramfs -c -k all

4. Please remember, when you have encrypted partitions, then the UUID of the device is other,
than the partitions, you later mount. Example:

blkid /dev/sda3
UUID=1234556-dfre-3456.............

Now
cryptsetup luksOpen /dev/sda3 crypt_sda3
blkid /dev/mapper/crypt_sda3
UUID=9876g54-765g-87hg............

Watch this, when changing any UUIDs in /etc/fstab or anywhere else.

Last but not least: Hope this helps, good luck!

Best

Hans

<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>Am Dienstag, 23. April 2024, 22:26:17 CEST schrieb Richard:
Hi Richard,
 this is, what I am doing when this happens:
 1. booting into a live system (any new is working, I prefer kali-linux)
 2. If you are using encrypted filesystems, open it. But you have to name it like it is named in /etc/crypttab of the defective system
 3. Now mount the device with root-filesystem to /mnt 
 4. If you have /boot as a separated partition, mount it to /mnt/boot
 5. Now mount needed system directories to /mnt
    mount --bind /sys /mnt/sys
    mount --bind /proc /mnt/proc
    mount --bind /dev /mnt/dev
 6. If everything is mounted correct, you can chroot into the mounted system
    chroot /mnt
 7. Now you can create a new initrd
    update-initramfs -u
 
8. exit the chroot and reboot.
 <hr />
 Note:
 1. if you have encrypted filesystems, check in the chroot the files
 /etc/crypttab
/etc/cryptsetup-initramfs/conf-hook 
 In conf-hook check the last line, the parm "ASKPASS=Y" should be commented out.
 2. You can check the UUID of every partition with the command
    blkid /dev/sda1 
and compare it with the entries in /etc/fstab, /etc/crypttab and everywhere else it is used.
 3. In chroot, you can of course also create a new initrd, using 
    update-initramfs -c -k all
 4. Please remember, when you have encrypted partitions, then the UUID of the device is other, than the partitions, you later mount. Example:
 blkid /dev/sda3
UUID=1234556-dfre-3456.............
 Now
cryptsetup luksOpen /dev/sda3 crypt_sda3
blkid /dev/mapper/crypt_sda3
UUID=9876g54-765g-87hg............
 Watch this, when changing any UUIDs in /etc/fstab or anywhere else.
 Last but not least: Hope this helps, good luck!
 Best
 Hans
    
 </body>
</html>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Michel Verdier@21:1/5 to Richard on Wed Apr 24 09:40:02 2024

On 2024-04-23, Richard wrote:

luks-775ea946-6797-4c4d-a042-72924309f3d2 UUID=775ea946-6797-4c4d-a042-72924309f3d2 /crypto_keyfile.bin luks,keyscript=/bin/cat
luks-78362aa3-760c-41de-b911-6531b684e3f7 UUID=78362aa3-760c-41de-b911-6531b684e3f7 /crypto_keyfile.bin luks,keyscript=/bin/cat

initramfs extract line from /etc/crypttab to create its own crypttab
as you have seen in main/cryptroot/crypttab, and only for rootfs, not for
swap

Now, is this a bug in the package or am I missing something? And how do I create a working initramfs now?

swap is usually mounted after rootfs is mounted, thus using
/etc/crypttab. If you want to resume from swap you have to follow
paragraph 2.2.1 on
https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption

If you don't need to resume you can follow the much easier chapter 1 on
the same url, using /dev/urandom as a keyfile.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Plume
  Sun Sep 14 09:34:52 2025
  from Uk via Raw
- Gretchiie
  Sun Sep 14 06:07:30 2025
  from Derry, Nh via Telnet
- Thlc
  Sat Sep 13 17:11:34 2025
  from Rognac, France via Telnet
- Thlc
  Sat Sep 13 17:04:03 2025
  from Rognac, France via Telnet
- Thlc
  Sat Sep 13 16:32:19 2025
  from Rognac, France via SSH
- Thlc
  Sat Sep 13 15:41:11 2025
  from Rognac, France via SSH
- Thlc
  Sat Sep 13 07:56:03 2025
  from Rognac, France via SSH
- Gretchiie
  Sat Sep 13 07:22:10 2025
  from Derry, Nh via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	546
Nodes:	16 (0 / 16)
Uptime:	165:39:45
Calls:	10,385
Calls today:	2
Files:	14,057
Messages:	6,416,525

Re: Trouble/bug with initramfs-tools adding encrypted swap partition

Who's Online

Recent Visitors

System Info