[Bug 2081700] Re: Can't boot from encrypted volume after initramfs-tools=0.142ubuntu25.3 update

Benjamin Drung 2081700 at bugs.launchpad.net
Tue Sep 24 09:52:38 UTC 2024 

Steps to reproduce:

```
rm -rf foo && mkdir foo
/usr/lib/dracut/dracut-install -v -D foo -o -m 842 adiantum aegis128 aegis128-aesni aesni-intel aes_ti af_alg algif_aead algif_hash algif_rng algif_skcipher ansi_cprng aria-aesni-avx2-x86_64 aria-aesni-avx-x86_64 aria_generic aria-gfni-avx512-x86_64 async_memcpy async_pq async_raid6_recov async_tx async_xor authenc authencesn blake2b_generic blowfish_common blowfish_generic blowfish-x86_64 camellia-aesni-avx2 camellia-aesni-avx-x86_64 camellia_generic camellia-x86_64 cast5-avx-x86_64 cast5_generic cast6-avx-x86_64 cast6_generic cast_common ccm chacha20poly1305 chacha_generic chacha-x86_64 cmac crc32_generic crc32-pclmul crct10dif-pclmul cryptd crypto_engine crypto_simd crypto_user curve25519-generic curve25519-x86_64 des3_ede-x86_64 des_generic dm-cache dm-cache-smq dm_crypt dm_mirror dm_mod dm_raid dm_snapshot dm-thin-pool =drivers/gpu/drm/tiny =drivers/platform/x86 drm_privacy_screen_register ecc ecdh_generic ecdsa_generic echainiv ecrdsa_generic efifb essiv fan fbcon fcrypt fuse ghash-clmulni-intel hctr2 keywrap lrw lz4 lz4hc md4 michael_mic nhpoly1305 nhpoly1305-avx2 nhpoly1305-sse2 pcbc pcrypt pkcs7_test_key pkcs8_key_parser poly1305_generic poly1305-x86_64 polyval-clmulni polyval-generic raid0 raid1 raid10 raid456 rmd160 -s serpent-avx2 serpent-avx-x86_64 serpent_generic serpent-sse2-x86_64 sha1-ssse3 sha256-ssse3 simplefb sm2_generic sm3 sm3-avx-x86_64 sm3_generic sm4 sm4-aesni-avx2-x86_64 sm4-aesni-avx-x86_64 sm4_generic streebog_generic tcrypt thermal twofish-avx-x86_64 twofish_common twofish_generic twofish-x86_64 twofish-x86_64-3way vboxvideo vesafb vga16fb virtio-gpu vmac wp512 xcbc xctr xor xxhash_generic zstd
find foo -type f
```

Nothing is copied to the target directory. This also happens for dracut-
install 103-1ubuntu2!

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to initramfs-tools in Ubuntu.
Matching subscriptions: dracut
https://bugs.launchpad.net/bugs/2081700

Title:
  Can't boot from encrypted volume after initramfs-tools=0.142ubuntu25.3
  update

Status in initramfs-tools package in Ubuntu:
  New

Bug description:
  # Expected
  After an update to `initramfs-tools` from 0.142ubuntu25.2 to 0.142ubuntu25.3 I can boot my system from an encrypted root volume.

  # What happened instead
  After an update to `initramfs-tools` from 0.142ubuntu25.2 to 0.142ubuntu25.3, I could no longer boot my system.

  The error I was getting is this after entering the correct password:

  ```
  device-mapper: table: 252:0: crypt: unknown target type
  device-mapper: ioctl: error adding target to table
  device-mapper: reload ioctl on test (252:0) failed: Invalid argument
  ```

  I managed to add set -x to the initramfs scripts, which showed me the
  command it uses that leads to this error:

  ```
  /sbin/cryptsetup -T1 --allow-discards '--type=luks' '--key-file=-' open -- /dev/nvme0n1p3 test
  ```

  And my `/etc/crypttab` looks like this:

  ```
  test UUID=9a6218aa-6e36-4f0d-8567-770af1274240 none luks,discard
  ```

  I also tried to add "break" to the kernel line and set up luks
  manually via the initramfs shell, which led to the same error.

  After quite a significant amount of time randomly trying to load
  modules without success, I decided to check what had changed after my
  last successful boot in terms of packages. One of the few upgrades was
  the one mentioned at the beginning. So I downgraded `initramfs-tools`
  back to 0.142ubuntu25.2, it regenerated the image, and the system
  booted successfully.

  Below you can find additional data about my setup.

  I use an LVM setup on top of a luks-encrypted volume. Here is the
  overall layout:

  ```
  /dev/nvme0n1p2 on /boot type ext4
  /dev/nvme0n1p1 on /boot/efi type vfat
  ```

  Here is the data about my luks setup:

  ```
  # cryptsetup luksDump /dev/nvme0n1p3
  <...skipped...>
  Data segments:
    0: crypt
          offset: 16777216 [bytes]
          length: (whole device)
          cipher: aes-xts-plain64
          sector: 512 [bytes]

  Keyslots:
    0: luks2
          Key:        512 bits
          Priority:   normal
          Cipher:     aes-xts-plain64
          Cipher key: 512 bits
          PBKDF:      argon2id
  <...skipped...>
  ```

  Link to the changes in the broken version of the package:  
  https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/0.142ubuntu25.3

  Kernel versions I tried it with: 6.8.0-44-generic and 6.8.0-45-generic
  OS: Ubuntu 24.04.1 LTS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2081700/+subscriptions

More information about the foundations-bugs mailing list