encrypted home issue

VampirD · December 13, 2011, 6:26pm

Hi, I have installed openSUSE 12.1 x86_64 with KDE4 on my laptop, an
Acer Aspire 5720z, all works out of the box, only one thing I want to
change, I have an encrypted home, at boot time the screen go black,
without any character or cursor to prompt for the password, how can I do
that systemd show anything?

nrickert · December 14, 2011, 4:33am

This is a request for clarification.

Do you have the “/home” partition encrypted; or do you have individual home directories encrypted.

I’m asking, because your post is not completely clear on that. I think you are talking of encrypted “/home” partition, but I’m not sure.

I have a test system with encrypted “/home” and it is working well. My guess is that your problem is not due to the encryption. On the other hand, the prompt for encryption key comes fairly early.

If your encryption is of individual home directories, then prompt for a password would not occur until somebody attempts to login. And if you happen to be having graphics problems, you might see a blank screen at that point.

Maybe you should also mention the graphic device on your computer. Somebody might recognize it as having problems.

VampirD · December 14, 2011, 2:13pm

I have my /home partition encrypted and my graphic card is an Intel x3100

nrickert · December 14, 2011, 2:44pm

Edit “/boot/grub/menu.lst”.

The kernel line probably contains something like “spash=silent” as a kernel option. Change that to “splash=verbose”. You will get a noisier boot, and perhaps what is displayed will tell you what is going wrong. Or maybe you will even see the password prompt.

I prefer a noisy boot, so I have my system setup that way already. But I’m pretty sure that the prompt for encryption key should appear even without that verbose option. So there’s probably something going wrong. Let’s hope that a verbose boot helps you find where the problem is.

VampirD · December 14, 2011, 5:51pm

no way, splash=verbose or splash disable causes the same effect,
maybe my verbose splash don’t work correctly and that is the problem -.-

robin_listas · December 14, 2011, 11:08pm

On 2011-12-14 17:51, VampirD wrote:
> no way, splash=verbose or splash disable causes the same effect, maybe
> my verbose splash don’t work correctly and that is the problem -.-

No, systemd is very quiet.

You need a service that previously was named boot.crypto, has to be enabled.

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

VampirD · December 20, 2011, 3:33pm

Still with this T_T

you mean that files?


[javierm@Asparagus]:~$ l /lib/systemd/system/crypto*
lrwxrwxrwx 1 root root 9 Nov 11 14:25
/lib/systemd/system/crypto-early.service -> /dev/null
lrwxrwxrwx 1 root root 9 Nov 11 14:25 /lib/systemd/system/crypto.service
-> /dev/null
[javierm@Asparagus]:~$

nrickert · December 20, 2011, 4:43pm

I am seeing:


% ls -l /lib/systemd/system/crypt*
lrwxrwxrwx 1 root root   9 Dec 14 08:37 /lib/systemd/system/crypto-early.service -> /dev/null
lrwxrwxrwx 1 root root   9 Dec 14 08:37 /lib/systemd/system/crypto.service -> /dev/null
-rw-r--r-- 1 root root 358 Dec  9 11:28 /lib/systemd/system/cryptsetup.target

% md5sum /lib/systemd/system/cryptsetup.target
2ca1fcc2b1b4f2f679b50840e09f77b9  /lib/systemd/system/cryptsetup.target

In addition, my setup uses:


% cat /etc/crypttab
cr_sda9         /dev/disk/by-id/ata-ST9500325AS_6VEGYD5L-part9 /dev/urandom swap
cr_sda10        /dev/disk/by-id/ata-ST9500325AS_6VEGYD5L-part10 none       none

% grep cr_sda /etc/fstab
/dev/mapper/cr_sda9  swap                 swap       defaults              0 0
/dev/mapper/cr_sda10 /home                ext4       acl,user_xattr,nofail 0 2

That’s my test install with encrypted home and encrypted swap.

On my main desktop, I am currently using an encrypted LVM, where I’m pretty sure that most of the important crypto stuff is handled from the “initrd” before the root files system is mounted.

VampirD · December 20, 2011, 5:09pm

it’s the same for me, same md5sum, same config, but the system don’t ask
for password, only the black screen that accept the password T_T

nrickert · December 20, 2011, 7:05pm

Things to try:

1: When booting, hit F5 on the grub screen, and select “sysvinit”. That should boot without using systemd. See if it works that way.

2: Comment out the “fstab” line for mounting “/home” and rename “/etc/crypttab” to something else, say “/etc/crypttab.std”.
Then see it the system boots to a normal graphic login screen. You should not try to actually login, since you won’t have a home directory that way.

My tentative guess is that the encryption is not the problem, but that some other problem is causing the screen to go blank. The idea of those tests it to check that guess. Test 1 removes “systemd” from the picture, and test 2 removes crypto from the picture.

robin_listas · December 20, 2011, 9:53pm

On 2011-12-20 15:33, VampirD wrote:
> Still with this T_T
>
>
> you mean that files?
>
>


> [javierm@Asparagus]:~$ l /lib/systemd/system/crypto*
> lrwxrwxrwx 1 root root 9 Nov 11 14:25
> /lib/systemd/system/crypto-early.service -> /dev/null
> lrwxrwxrwx 1 root root 9 Nov 11 14:25 /lib/systemd/system/crypto.service
> -> /dev/null
> [javierm@Asparagus]:~$
>

Possibly. Those are systemd files, and I’m not familiar on it. I know only
about systemv, where it is “/etc/init.d/boot.crypto”.

“chkconfig boot.crypto” will tell you if it is activated or not.

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

markgo · February 1, 2012, 7:56pm

Hi, have you found the solution?
I have similar behavior with my laptop with 12.1.
I’ve found out that when the screen is black, the system is actually waiting for the passphrase. So I just wait for this state, enter passphrase and the boot continues.
I’ve switched to sysvinit, but the behavior is the same.
From boot.msg it looks like service boot.crypto-early starts and right after that there is a line “Loading console font” and then keymap. Maybe this is what makes the screen black?

robin_listas · February 1, 2012, 10:28pm

On 2012-02-01 20:06, markgo wrote:
> I’ve found out that when the screen is black, the system is actually
> waiting for the passphrase.

I would report this as a bug.

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

markgo · February 2, 2012, 1:09pm

I’d like to dig around a bit more. It looks like this might be unrelated to partition encryption. I now remember that I’ve seen this “black screen” during first installation attempt on this laptop. I’d probably try to boot in text mode. The laptop is HP 6910P with Intel 965 express graphics. Previously I used 11.1 on it, without any such issue (though it is the first time I’m trying to encrypt partitions).

Regards,
– Mark

markgo · February 3, 2012, 9:08am

There is a report already, from 03-Nov-2011. Bug # 727978. Critical, High priority… Still “new”, not assigned :\

robin_listas · February 3, 2012, 10:18am

On 2012-02-03 09:16, markgo wrote:

> There is a report already, from 03-Nov-2011. Bug # 727978. Critical,
> High priority… Still “new”, not assigned :\

Ping it.

–
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)