F27 initramfs fails to set up encrypted drives.
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 3 of 3
  1. #1
    Join Date
    Jan 2018
    Location
    NE
    Posts
    2

    Exclamation F27 initramfs fails to set up encrypted drives.

    Hello, fellow users!

    This is my first post and unfortunately, it's bad news.

    I run F27 (initially installed as F25) on a ThinkPad T460s. Overall, I'm very happy with the system, sans the odd case of graphics failures when returning from hibernation, but more the the point...

    I believe I ran a full package upgrade last time yesterday or early today (about 14 hours ago), it went fine (I believe it did, as I continued to use the system shortly afterwards) and then I left the system alone for a while. When coming back to it, the display didn't light up and I presumed it was one of those pesky graphics issues. I rebooted the system and was greeted by plymouth's password prompt for unlocking my LUKS encrypted partitions (the setup has a non-encrypted /boot and an encrypted /).

    This is where the issue starts. The system was unable to find my root partition and drops me to the initramfs emergency mode shell as the dracut user. I am able to enumerate the partitions via `blkid`, the systemctl-cryptsetup@luks{uuid}.service has failed, dracut-initqueue emits timeout warnings and ends with warning that the system could not be booted and that the root and swap partitions do not exist.

    I've found a few issues similar to this:


    However, all of the above rely on utilities available that are not in the initramfs image (dracut(8), rpm(8), lsinitrd(1)). Other dracut utilities (dracut-cmdline, dracut-cmdline-ask, dracut-emergency, dracut-initqueue, dracut-mount, dracut-pre-{mount,pivot,trigger,udev}) are available.

    /etc/fstab doesn't exist, however, /etc/fstab.empty does, and is empty;
    /etc/crypttab contains a single entry, in the form luks-{uuid of the crypt_LUKS root partition} /dev/disk/by-uuid/{uuid} none;
    booting previous kernels does not remedy the situation;

    Due to the above listed threads being a bit old, I'm not quite certain how applicable those methods are to my current situation. I would appreciate any tactic suggestions on identifying the cause of the issue and possible resolution paths.

    Thank you for reading my (excessively long) post

  2. #2
    Join Date
    Jan 2018
    Location
    NE
    Posts
    2

    Re: F27 initramfs fails to set up encrypted drives.

    A slight update on the matter.

    I decided to grab a LiveUSB issue of F27, mount the partition by hand, chroot to it and regenerate the ramfs image. However, even booting the live image leads to the same issue.

    The first log message emitted is about a firmware bug: "TSC_DEADLINE disabled due to Errata: please update microcode to version: 0xb2 (or later)"
    followed by two messages from dracut-pre-udev: rpc.idmapd: conf_reinit: open ("(null)", O_RDONLY) failed" about 4 seconds later and then 130 seconds later dracut-initqueue spits out timeout warnings like it did previously and finally drops me into the dracut emergency shell. The last warnings prior to the shell are about the paths /dev/disk/by-label/Fedora-WS-Live-27-1-6 and /run/rootfsbase not existing.

    I retried the same thing with a LiveUSB of F26 which fails similarly. dracut-pre-udev emits a warning about /run/rpcbind/rpcbind.lock lockfile not existing, then follows up with the same two open() failures and a new message (not present in the F27 LiveUSB boot) from the kernel about an OPAL subsystem failure: Error on step function: 0 with error 8194: Unknown Error.

    Considering OPAL is the drives self-encryption system, I'm now wondering - is the drive at fault here? UEFI can definitely identify it, so it's not a complete toast scenario.

    If anyone has any suggestions, I'm all ears.

  3. #3
    Join Date
    Dec 2012
    Location
    santa barbara, CA
    Posts
    911

    Re: F27 initramfs fails to set up encrypted drives.

    IMHO, the OS partition should be kept unencrypted, and always bootable without probs.

    What should be encrypted is the /home partition, with all your user data, ssh keys, etc.
    When I install the OS, I always leave what is supposed to be /home empty, i.e. nothing installed there.
    Ergo, if I have a 1TB drive, I only allocate swap (2xram) and the / partition (say 50GB) for the OS, and leave the rest unselected, empty, not part of the install.
    Once the OS is installed, I then gparted myself a new ext4 partition right there, then either use LUKS or truecrypt to encrypt it.
    Then log in as console into root, and do: cd / mv /home /home.old mkdir /home
    truecrypt /dev/sdNN /home
    password
    (remove .bash_history)
    That's it.

    This way, if I go through any security check of this new paranoid world, then I have plausible deniability. The laptop boots fine, but they'll never get to your data.
    "monsters John ... monsters from the ID..."
    "ma vule teva maar gul nol naya"

Similar Threads

  1. Replies: 0
    Last Post: 7th October 2015, 01:11 AM
  2. Replies: 2
    Last Post: 9th September 2015, 03:53 AM
  3. [SOLVED]
    Dracut Fails to Build Working Initramfs
    By jbkt23 in forum Hardware & Laptops
    Replies: 0
    Last Post: 7th January 2011, 05:25 AM
  4. reading encrypted ext3 drives from Windows
    By kilolima in forum Installation, Upgrades and Live Media
    Replies: 3
    Last Post: 11th December 2008, 04:59 PM
  5. mount & unmount encrypted drives in GDM / KDM
    By aldavies in forum Security and Privacy
    Replies: 1
    Last Post: 11th February 2008, 11:09 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •