Description of problem: Partitions using luks are not enabled. During the boot the password is requested but the process is never completed. The partitions were ready and are used by other distributions. Version-Release number of selected component (if applicable): Mageia 9 Alpha 1 How reproducible: Steps to Reproduce: 1. Have an encrypted partition with luks. 2. Edit the /etc/crypttab file Here is the Crypttab file of the computer where the problem is occurring. grandaj3 UUID=f38b3c67-8271-47de-b68f-66013b7ac89f none luks,check=ext4 home4b UUID=bb4504aa-f000-4066-9a94-66fd0c585957 none luks,check=ext4 comum4b UUID=6d51d1ae-197a-463a-8eba-749f453e4e0c none luks,check=ext4 OpenSuse Tumbleweed automatically creates a /etc /crypttab file with a slightly different format but it doesn't work either. cr-auto-1 UUID=f38b3c67-8271-47de-b68f-66013b7ac89f cr-auto-3 UUID=6d51d1ae-197a-463a-8eba-749f453e4e0c cr-auto-2 UUID=bb4504aa-f000-4066-9a94-66fd0c585957 3. Reboot the computer. It asks for the password but never concludes the boot.
QA Contact: security => (none)Component: Security => RPM Packages
Component: RPM Packages => Installer
Thank you Gilberto for the report, and DavidW for his admin corrections. Pity our encryptation guru is presently off-line. Assigning to the Mageia Tools people re the Installer.
Assignee: bugsquad => mageiatools
I just tested creating adding an encrypted file system to an existing m9 vb install using diskdrake. # cat /etc/crypttab crypt_sdb1 UUID=26e4e697-c875-4749-920c-699b1ef4a965 It's working, but with one problem. The boot appeared to freeze. The prompt to enter the passphrase didn't appear until I pressed a key. Once it did appear, after entering the passphrase it worked properly and the data in the partition is accessible. [root@x9v ~]# grep sdb /proc/mounts /dev/mapper/crypt_sdb1 /data ext4 rw,noatime 0 0 [root@x9v ~]# cryptsetup status crypt_sdb1 /dev/mapper/crypt_sdb1 is active and is in use. type: LUKS2 cipher: aes-xts-benbi keysize: 512 bits key location: keyring device: /dev/sdb1 sector size: 512 offset: 32768 sectors size: 33508904 sectors mode: read/write Note this was before sddm started, the passphrase prompt was in text mode, not using a gui dialog such as pinentry-qt I'll test creating the encrypted file system during install, but expect it will have the same problem.
CC: (none) => davidwhodgins
As usual, I'd removed "splash quiet" from the boot options to see what was going on.
Tested a new plasma install using defaults for almost everything and cryptsetup is working as expected. It included properly using a gui for entering the passphrase.
I didn't add the online repos for the test in comment 4, just the Mageia-9-alpha1-x86_64.iso. The following crypt related packages were installed ... # rpm -q -a|grep -e pine -e crypt|sort crypto-policies-20210917-1.mga9 cryptsetup-2.5.0-1.mga9 lib64bd_crypto2-2.28-1.mga9 lib64cryptopp8-8.6.0-1.mga9 lib64cryptsetup12-2.5.0-1.mga9 lib64gcrypt20-1.10.1-1.mga9 lib64xcrypt1-4.4.30-1.mga9 pinentry-1.2.1-1.mga9 pinentry-qt5-1.2.1-1.mga9
[root@x9v ~]# systemctl status systemd-cryptsetup@crypt_sdb1.service ● systemd-cryptsetup@crypt_sdb1.service - Cryptography Setup for crypt_sdb1 Loaded: loaded (/etc/crypttab; generated) Active: active (exited) since Wed 2022-11-30 15:42:35 EST; 8min ago Docs: man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8) Process: 579 ExecStart=/usr/lib/systemd/systemd-cryptsetup attach crypt_sdb1 /dev/disk/by-uuid/5bfe3a21-ff91-4604-85cf-0ac690f77548 (code=exited, status=0/SUCCESS) Main PID: 579 (code=exited, status=0/SUCCESS) CPU: 4.029s Nov 30 15:42:25 x9v.hodgins.homeip.net systemd[1]: Starting systemd-cryptsetup@crypt_sdb1.service... Nov 30 15:42:33 x9v.hodgins.homeip.net systemd-cryptsetup[579]: Set cipher aes, mode xts-benbi, key size 512 bits for device /dev/disk/by-uuid/5bfe3a21-ff91-4604-85cf-0ac690f77548. Nov 30 15:42:35 x9v.hodgins.homeip.net systemd[1]: Finished systemd-cryptsetup@crypt_sdb1.service.
See https://bugzilla.redhat.com/show_bug.cgi?id=2133884
Severity: normal => criticalSummary: Luks does not mount encrypted partitions. => Luks does not mount encrypted partitions. openssl fails due to missing /etc/crypto-policies/backends/opensslcnf.configPriority: Normal => release_blocker
can U still reproduce this? Just did a install with exactly this setup.
CC: (none) => mageia
In an m9 x86_64 vb guest, added a second hard drive and created an encrypted partition on it using diskdrake. [root@x9v ~]# cat /etc/crypttab crypt_sdb1 UUID=652e11e1-33d4-4c77-a7bd-f55094d9e320 [root@x9v ~]# grep crypt /etc/fstab /dev/mapper/crypt_sdb1 /encrypted ext4 noatime 0 0 On reboot, it asks for the password and mounts it. [dave@x9v ~]$ mount|grep crypt /dev/mapper/crypt_sdb1 on /encrypted type ext4 (rw,noatime) [dave@x9v ~]$ ll /encrypted/ total 16 drwx------ 2 root root 16384 Jun 6 15:43 lost+found/ Virtually inserted the m9 x86_64 beta2 iso image to the cd drive and booted to the installer. Selected install, custom partitioning. Selected the existing root partition (none-encrypted) as /. Selected the encrypted partition on the second drive and selected the Use button. Then selected the partition and gave it a mount point. Stopped the install at the point where it's asking for which partitions to format. The /etc/crypto-policies/backends/opensslcnf.config file is present in the installer and in the m9 x86_64 vb guest. Closing as fixed. Regarding the message asking for the passphrase not showing in a text boot, it does show, but there are messages shown after it that make it hard to notice.
Status: NEW => RESOLVEDResolution: (none) => FIXED