[Bug 2084251] Re: Only single LUKS device unlocked on boot

Steve Langasek 2084251 at bugs.launchpad.net
Wed Oct 16 18:57:20 UTC 2024 

On Wed, Oct 16, 2024 at 04:25:46PM -0000, Eugene San wrote:
> While I agree that moving systemd-cryptsetup to 'recommended' (or even
> 'depends') is the solution, it doesn't solve the issue with installs
> using LiveCDs.

We are discussing a stable release update to systemd which would raise
systemd-cryptsetup back to a Recommends.  This is expected to have the
effect that when doing an online install, the "new" recommends will cause
systemd-cryptsetup to be pulled in prior to first boot of the target system. 
It will also ensure that systems installed with earlier Ubuntu releases will
have systemd-cryptsetup automatically present.

> Install ISOs must be updated to make systems with separate encrypted
> /home bootable and systems with 2+ encrypted volumes usable.

Which of these is an option available in the current installer?  I'm aware
of options for full-disk encryption only, using a single LUKS volume.

> Which project should be added to the loop to initiate discussion
> regarding new ISOs?

This is not something that will happen.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/2084251

Title:
  Only single LUKS device unlocked on boot

Status in cryptsetup package in Ubuntu:
  Invalid
Status in systemd package in Ubuntu:
  Triaged
Status in cryptsetup source package in Oracular:
  Invalid
Status in systemd source package in Oracular:
  Triaged

Bug description:
  Hi,

  I just upgraded from Noble to Oracular. It seems post-upgrade, only a
  single LUKS device is decrypted on boot.

  My `/etc/crypttab` is as follows:

  | nvme0n1p3_crypt UUID=c82c8c6c-e363-473f-a655-a325d4e6cf3b none luks,discard
  | nvme0n1p4_crypt UUID=3de219b7-3e0c-437b-a0eb-d3cb8087d74e none luks,discard

  `lsblk -o +UUID` showing UUIDs:

  | ├─nvme0n1p3         259:3    0   384G  0 part                               c82c8c6c-e363-473f-a655-a325d4e6cf3b
  | │ └─nvme0n1p3_crypt 252:0    0   384G  0 crypt /                            f48e2583-013f-474c-9f57-5deabef8d833
  | └─nvme0n1p4         259:4    0 546.8G  0 part                               3de219b7-3e0c-437b-a0eb-d3cb8087d74e
  |   └─nvme0n1p4_crypt 252:1    0 546.7G  0 crypt /home                        dfea2d4c-f43e-4ef9-8938-3255f7987dfa

  I can confirm that the `crypttab` entry is correct because I can run
  `cryptdisks_start nvme0n1p4_crypt` on the recovery prompt and it
  decrypts it.

  I haven't yet tried downgrading `cryptsetup`, will give that a try
  tomorrow.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/2084251/+subscriptions

More information about the foundations-bugs mailing list