[Bug 1813943] [NEW] Upgrading LUKS+ZFS root pool on Ubuntu 18.04 to 18.10 can lead to a system unable to boot.
Strntydog
1813943 at bugs.launchpad.net
Wed Jan 30 14:01:03 UTC 2019
Public bug reported:
Upgrading from Ubuntu 18.04 to 18.10 when using LUKS encrypted root
volumes for ZFS can lead to a system that is unable to boot.
To reproduce, have a LUKS+ZFS setup with the root volume encrypted
working in 18.04 and upgrade to 18.10. When the initramfs is generated,
the following warning may be emitted. Which means that its more than
likely the next reboot will not work because the initramfs will not be
able to map the encrypted volumes.
cryptsetup: WARNING: The initramfs image may not contain cryptsetup binaries
nor crypto modules. If that's on purpose, you may want to uninstall the
'cryptsetup-initramfs' package in order to disable the cryptsetup initramfs
integration and avoid this warning.
The problem is that in 18.04 and prior, if the cryptsetup did not know
how to deal with the filesystem, it would emit a warning, but include
the necessary stuff to map the encrypted volumes. In 18.10 if cryptsetup
can not identify the filesystem, then no encrypted volume support is
included in the initramfs.
There is a fix.
Add the option initramfs to /etc/crypttab. like so:
zfs-mirror-1 /dev/disk/by-id/ata-TS256GMSA370_B961490027-part2 none luks,discard,initramfs
zfs-mirror-2 /dev/disk/by-id/ata-TS256GMSA370_B961490030-part2 none luks,discard,initramfs
This forces the initramfs to map theseroot volumes even if cryptsetup
doesn't understand the underlying file system. This seems to only be
required for the root pool.
** Affects: cryptsetup (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1813943
Title:
Upgrading LUKS+ZFS root pool on Ubuntu 18.04 to 18.10 can lead to a
system unable to boot.
Status in cryptsetup package in Ubuntu:
New
Bug description:
Upgrading from Ubuntu 18.04 to 18.10 when using LUKS encrypted root
volumes for ZFS can lead to a system that is unable to boot.
To reproduce, have a LUKS+ZFS setup with the root volume encrypted
working in 18.04 and upgrade to 18.10. When the initramfs is
generated, the following warning may be emitted. Which means that its
more than likely the next reboot will not work because the initramfs
will not be able to map the encrypted volumes.
cryptsetup: WARNING: The initramfs image may not contain cryptsetup binaries
nor crypto modules. If that's on purpose, you may want to uninstall the
'cryptsetup-initramfs' package in order to disable the cryptsetup initramfs
integration and avoid this warning.
The problem is that in 18.04 and prior, if the cryptsetup did not know
how to deal with the filesystem, it would emit a warning, but include
the necessary stuff to map the encrypted volumes. In 18.10 if
cryptsetup can not identify the filesystem, then no encrypted volume
support is included in the initramfs.
There is a fix.
Add the option initramfs to /etc/crypttab. like so:
zfs-mirror-1 /dev/disk/by-id/ata-TS256GMSA370_B961490027-part2 none luks,discard,initramfs
zfs-mirror-2 /dev/disk/by-id/ata-TS256GMSA370_B961490030-part2 none luks,discard,initramfs
This forces the initramfs to map theseroot volumes even if cryptsetup
doesn't understand the underlying file system. This seems to only be
required for the root pool.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1813943/+subscriptions
More information about the foundations-bugs
mailing list