Results 1 to 9 of 9

Thread: Add encrypted device to encrypted BTRFS filesystem

  1. #1

    Question Add encrypted device to encrypted BTRFS filesystem

    The filesystem is encrypted since the installation.
    I want to add a device to later on turn it into a RAID.

    I already tried this:
    - create new encrypted partition via YasT (LUKS1)
    - btrfs dev add /dev/mapper/{…} /

    Then I rebooted, but it seems the decryption gets stuck. Booted a rescue disk, removed the new device from the BTRFS, and the system boots again just fine.

    I used the same password to encrypt I used for the first device.
    Help?

  2. #2
    Join Date
    Sep 2012
    Posts
    7,856

    Default Re: Add encrypted device to encrypted BTRFS filesystem

    Quote Originally Posted by iDesmI View Post
    it seems the decryption gets stuck
    What makes you think so?
    Help?
    To offer any help you need to at least show something from your system that demonstrates the problem - logs, screenshot, photo - and provide details at which point it happens. We do not even know whether you are talking about root filesystem or not. If it is root, you would need to recreate initrd at the very least to make it aware of new encrypted partition.

  3. #3

    Default Re: Add encrypted device to encrypted BTRFS filesystem

    Quote Originally Posted by arvidjaar View Post
    What makes you think so?
    The fact that it doesn't get past the loading screen, even after 20 minutes. Also, my disks don't make reading noise as they always do otherwise.

    you need to at least show something from your system that demonstrates the problem - logs, screenshot, photo - and provide details at which point it happens.
    I'm going to post photos since I don't know what are relevant logs for this case.
    In order:
    I insert the password for the first partition.

    I insert the password for the second partition.

    Everything's okay till now.

    Here's I type the password once to unlock the swap partition, but the password is used for cr_root as well without additional input.

    And this is the last screen I see. Doesn't get through.

    The filesystem is root. All I actually did was to open YaST Boot Loader and confirm new settings without changing anything. Does that recreate initrd as well or only runs grub2-mkconfig?

  4. #4
    Join Date
    Sep 2012
    Posts
    7,856

    Default Re: Add encrypted device to encrypted BTRFS filesystem

    Quote Originally Posted by iDesmI View Post
    The filesystem is root. All I actually did was to open YaST Boot Loader and confirm new settings without changing anything. Does that recreate initrd as well
    no
    or only runs grub2-mkconfig?
    Yes.

    To see more boot with "plymouth.enable=0" on kernel command line, this will show what systemd is waiting for. But if it is root filesystem, then the first step is to run mkinitrd. It may not be enough, depending on how smart dracut is, but we'll see.

  5. #5

    Default Re: Add encrypted device to encrypted BTRFS filesystem

    Quote Originally Posted by arvidjaar View Post
    To see more boot with "plymouth.enable=0" on kernel command line, this will show what systemd is waiting for. But if it is root filesystem, then the first step is to run mkinitrd. It may not be enough, depending on how smart dracut is, but we'll see.
    I did as suggested. Added a device, run mkinitrd, run grub2-mkconfig, reboot.




    Please tell me if there are relevant logs I could share.

  6. #6

    Default Re: Add encrypted device to encrypted BTRFS filesystem


  7. #7

    Default Re: Add encrypted device to encrypted BTRFS filesystem

    Quote Originally Posted by Svyatko View Post
    /etc/crypttab
    Code:
    cr_root /dev/disk/by-uuid/bb26fb93-6b78-4760-9cc0-94133cc11223 none x-initrd.attach
    cr_swap /dev/disk/by-uuid/0ca54c5e-a5b3-436f-975e-80af9cdc98a3
    The recently added disk's UUID isn't displayed.
    Here my /run/initramfs/rdsosreport.txt

  8. #8
    Join Date
    Sep 2012
    Posts
    7,856

    Default Re: Add encrypted device to encrypted BTRFS filesystem

    Quote Originally Posted by iDesmI View Post
    The recently added disk's UUID isn't displayed.
    And how are we supposed to know which device was recently added?
    This is probably
    Code:
    /dev/sda1: UUID="15b32c81-b723-43b3-bea5-7aa8a5e45901" TYPE="crypto_LUKS" PARTUUID="84493e6c-74b5-4ac0-b738-3f5ef3d53988"
    dracut itself knows that it has to wait for this device
    Code:
    [    5.895866] suse dracut-cmdline[207]: Using kernel command line parameters: rd.driver.pre=btrfs rd.luks.uuid=luks-15b32c81-b723-43b3-bea5-7aa8a5e45901 rd.luks.uuid=luks-0ca54c5e-a5b3-436f-975e-80af9cdc98a3 rd.luks.uuid=luks-bb26fb93-6b78-4760-9cc0-94133cc11223 root=/dev/mapper/cr_root rootfstype=btrfs
    but systemd is not aware of this stored command line and so it does not generate corresponding unit to activate it
    Code:
    [    7.563758] suse dracut-initqueue[473]: Failed to start systemd-cryptsetup@luks\x2d15b32c81\x2db723\x2d43b3\x2dbea5\x2d7aa8a5e45901.service: Unit systemd-cryptsetup@luks\x2d15b32c81\x2db723\x2d43b3\x2dbea5\x2d7aa8a5e45901.service not found.
    You should add your LUKS device to /etc/crypttab, I would use the same options as for the original root device, and generate initrd again.

  9. #9

    Default Re: Add encrypted device to encrypted BTRFS filesystem

    Quote Originally Posted by arvidjaar View Post
    You should add your LUKS device to /etc/crypttab, I would use the same options as for the original root device, and generate initrd again.
    Done and worked!
    The final table is:
    Code:
    cr_root  UUID=bb26fb93-6b78-4760-9cc0-94133cc11223  none  x-initrd.attach
    cr_root1 UUID=15b32c81-b723-43b3-bea5-7aa8a5e45901  none  x-initrd.attach
    cr_swap  UUID=0ca54c5e-a5b3-436f-975e-80af9cdc98a3
    Solved. Thank you!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •