[Bug 1155222] Re: Cryptsetup initramfs wants EVMS - Bug in /usr/share/initramfs-tools/scripts/local-top/cryptroot

Fri Mar 15 09:52:46 UTC 2013

Hi Steve,

My bootkeyscript is used to perform dual-factor authentication.
Typically, it fetches the LUKS VG key-file from an external device (i.e.
US key or SD card) which is itself LUKS encrypted - and it prompts for a
decryption passphrase for this.

It gets the UUID of the LUKS container and keyfle name from
/etc/cryptttab

So I would say this script adds a bit of recursion by opening a LUKS
container to fetch a file that is the key to the main LUKS container ;-)

It works perfectly, my 1st version dates back to 2007 and the current
version hasn't been modified since march, 2010...

That's GPL, feel free to reuse it ;-)

For udev:

# dpkg -s udev | head
Package: udev
Status: install ok installed
Priority: important
Section: admin
Installed-Size: 997
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Architecture: amd64
Multi-Arch: foreign
Version: 175-0ubuntu19

** Attachment added: "Dual-form authentication boot keyscript"
   https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1155222/+attachment/3575286/+files/bootkeyscript

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1155222

Title:
  Cryptsetup initramfs wants EVMS - Bug in /usr/share/initramfs-
  tools/scripts/local-top/cryptroot

Status in “cryptsetup” package in Ubuntu:
  Incomplete

Bug description:
  This bug has been reported upstream both to dm-crypt at saout.de and pkg-
  cryptsetup-devel at lists.alioth.debian.org

  I've recently upgraded one of my fully encrypted systems from Ubuntu
  12.10 to 13.04 Alpha, and was surprised to see my system sometimes
  fail to boot, complaining it cannot find evms_activate.

  I just checked and noticed a logic error in /usr/share/initramfs-
  tools/scripts/local-top/cryptroot : If the crypto source is
  unavailable (script line 205) it then tries to activate both LVM and
  EVMS (line 160), AND EXITS IN ERROR IF EVMS IS NOT AVAILABLE on
  system. It doesn't give a shit trying to guess whether EVMS is needed
  or not, it plain fails and exits.

  This really looks like a serious bug - that has started preventing my
  system from booting randomly at times... - and needs a fix, especially
  taking into consideration that EVMS is essentially and obsolete,
  abandoned system, that will thus be available on very few systems,
  with good chances that this bug will then be triggered...

  ProblemType: Bug
  DistroRelease: Ubuntu 13.04
  Package: cryptsetup 2:1.4.3-4ubuntu2
  ProcVersionSignature: Ubuntu 3.8.0-12.21-generic 3.8.2
  Uname: Linux 3.8.0-12-generic x86_64
  ApportVersion: 2.9.1-0ubuntu1
  Architecture: amd64
  Date: Thu Mar 14 17:37:34 2013
  InstallationDate: Installed on 2012-04-30 (318 days ago)
  InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
  MarkForUpload: True
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=fr_FR.UTF-8
   SHELL=/bin/bash
  SourcePackage: cryptsetup
  UpgradeStatus: Upgraded to raring on 2013-03-01 (13 days ago)
  crypttab:
   # <target name>	<source device>		<key file>	<options>
   c_VG1		/dev/sda6		UUID=9a0ce396-36f6-492f-b947-3fc078d5eec7:.fnix.rootkey.bin	luks,tries=1,keyscript=/usr/local/sbin/bootkeyscript

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1155222/+subscriptions