Erro temporizado ao aguardar dispositivo de troca criptografado

0

OS: Parábola GNU / Linux Libre, uma versão GNU do Arch.

Eu consegui criptografar minha partição raiz, mas não tenho certeza sobre como criptografar minha partição swap. Eu sei que as partições swap estão se tornando antiquadas e que os arquivos swap são preferidos, mas o btrfs ainda não suporta isso.

lsblk

NAME          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda             8:0    0 223.6G  0 disk  
├─sda2          8:2    0 221.1G  0 part  
│ └─cryptroot 254:0    0 221.1G  0 crypt /
├─sda3          8:3    0     2G  0 part  
│ └─cryptswap 254:1    0     2G  0 crypt 
└─sda1          8:1    0   512M  0 part  /boot

/ etc / fstab

# /dev/mapper/cryptroot
UUID=0126cb9b-d3aa-4f05-a39a-71682fa847bb       /               btrfs           rw,relatime,ssd,space_cache,subvolid=5,subvol=/ 0 0

# /dev/sda1
UUID=6F37-84A2          /boot           vfat            rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro      0 2

# /dev/mapper/cryptswap
UUID=aef00636-0183-48d1-ab87-8f6653a30dd8       none            swap            defaults        0 0

/boot/loader/entries/parabola.conf

title Parabola GNU/Linux-libre
linux /vmlinuz-linux-libre
initrd /initramfs-linux-libre.img
options rd.luks.uuid=c6b69115-15c6-4561-9691-fc4a05ac9622 rd.luks.name=c6b69115-15c6-4561-9691-fc4a05ac9622=cryptroot rd.luks.options=quiet rw root=/dev/mapper/cryptroot

/ etc / crypttab

# crypttab: mappings for encrypted partitions
#
# Each mapped device will be created in /dev/mapper, so your /etc/fstab
# should use the /dev/mapper/<name> paths for encrypted devices.
#
# The Parabola specific syntax has been deprecated, see crypttab(5) for the
# new supported syntax.
#
# NOTE: Do not list your root (/) partition here, it must be set up
#       beforehand by the initramfs (/etc/mkinitcpio.conf).

# <name>       <device>                                                     <password>              <options>
cryptswap      /dev/disk/by-id/ata-PH4-CE240_511160905070017677-part3       /dev/urandom            swap

journalctl -b

Dec 22 23:35:54 MyComputer mkswap[341]: Setting up swapspace version 1, size = 2 GiB (2147459072 bytes)
Dec 22 23:35:54 MyComputer mkswap[341]: no label, UUID=c965e98e-b011-4e40-aef3-bb84d58d7a08
Dec 22 23:35:54 MyComputer systemd[1]: Started Cryptography Setup for swap.
Dec 22 23:35:54 MyComputer systemd[1]: Reached target Encrypted Volumes.
Dec 22 23:35:54 MyComputer systemd[1]: Found device /dev/mapper/swap.
Dec 22 23:37:23 MyComputer systemd[1]: dev-disk-by\x2duuid-aef00636\x2d0183\x2d48d1\x2dab87\x2d8f6653a30dd8.device: Job dev-disk-by\x2duuid-aef00636\x2d0183\x2d48d1\x2dab87\x2d8f6653a30dd8.device/start timed out.
Dec 22 23:37:23 MyComputer systemd[1]: Timed out waiting for device dev-disk-by\x2duuid-aef00636\x2d0183\x2d48d1\x2dab87\x2d8f6653a30dd8.device.
Dec 22 23:37:23 MyComputer systemd[1]: Dependency failed for /dev/disk/by-uuid/aef00636-0183-48d1-ab87-8f6653a30dd8.
Dec 22 23:37:23 MyComputer systemd[1]: Dependency failed for Swap.
Dec 22 23:37:23 MyComputer systemd[1]: swap.target: Job swap.target/start failed with result 'dependency'.
Dec 22 23:37:23 MyComputer systemd[1]: dev-disk-by\x2duuid-aef00636\x2d0183\x2d48d1\x2dab87\x2d8f6653a30dd8.swap: Job dev-disk-by\x2duuid-aef00636\x2d0183\x2d48d1\x2dab87\x2d8f6653a30dd8.swap/start failed with result 'dependency'.
Dec 22 23:37:23 MyComputer systemd[1]: dev-disk-by\x2duuid-aef00636\x2d0183\x2d48d1\x2dab87\x2d8f6653a30dd8.device: Job dev-disk-by\x2duuid-aef00636\x2d0183\x2d48d1\x2dab87\x2d8f6653a30dd8.device/start failed with result 'timeout'.
Dec 22 23:37:23 MyComputer systemd[1]: Mounting Temporary Directory...
Dec 22 23:37:23 MyComputer systemd[1]: Mounted Temporary Directory.
Dec 22 23:37:23 MyComputer systemd[1]: Reached target Local File Systems.
Dec 22 23:37:23 MyComputer systemd[1]: Starting Create Volatile Files and Directories...
Dec 22 23:37:23 MyComputer systemd[1]: Started Create Volatile Files and Directories.
Dec 22 23:37:23 MyComputer systemd[1]: Starting Update UTMP about System Boot/Shutdown...
Dec 22 23:37:23 MyComputer systemd[1]: Started Update UTMP about System Boot/Shutdown.
Dec 22 23:37:23 MyComputer systemd[1]: Reached target System Initialization.
Dec 22 23:37:23 MyComputer systemd[1]: Started Daily Cleanup of Temporary Directories.
Dec 22 23:37:23 MyComputer systemd[1]: Started Daily verification of password and group files.
Dec 22 23:37:23 MyComputer systemd[1]: Listening on D-Bus System Message Bus Socket.
Dec 22 23:37:23 MyComputer systemd[1]: Reached target Sockets.
Dec 22 23:37:23 MyComputer systemd[1]: Reached target Basic System.
Dec 22 23:37:23 MyComputer systemd[1]: Starting Save/Restore Sound Card State...
Dec 22 23:37:23 MyComputer systemd[1]: Starting dhcpcd on enp4s0...
Dec 22 23:37:23 MyComputer systemd[1]: Starting Login Service...
Dec 22 23:37:23 MyComputer systemd[1]: Started D-Bus System Message Bus.
...
Dec 24 00:00:09 MyComputer systemd[1]: Started Update man-db cache.
Dec 24 00:01:36 MyComputer systemd[1]: dev-disk-by\x2duuid-aef00636\x2d0183\x2d48d1\x2dab87\x2d8f6653a30dd8.device: Job dev-disk-by\x2duuid-aef00636\x2d0183\x2d48d1\x2dab87\x2d8f6653a30dd8.device/start timed out.
Dec 24 00:01:36 MyComputer systemd[1]: Timed out waiting for device dev-disk-by\x2duuid-aef00636\x2d0183\x2d48d1\x2dab87\x2d8f6653a30dd8.device.
Dec 24 00:01:36 MyComputer systemd[1]: Dependency failed for /dev/disk/by-uuid/aef00636-0183-48d1-ab87-8f6653a30dd8.
Dec 24 00:01:36 MyComputer systemd[1]: dev-disk-by\x2duuid-aef00636\x2d0183\x2d48d1\x2dab87\x2d8f6653a30dd8.swap: Job dev-disk-by\x2duuid-aef00636\x2d0183\x2d48d1\x2dab87\x2d8f6653a30dd8.swap/start failed with result 'dependency'.
Dec 24 00:01:36 MyComputer systemd[1]: dev-disk-by\x2duuid-aef00636\x2d0183\x2d48d1\x2dab87\x2d8f6653a30dd8.device: Job dev-disk-by\x2duuid-aef00636\x2d0183\x2d48d1\x2dab87\x2d8f6653a30dd8.device/start failed with result 'timeout'.

[Atualização]

Novas informações vieram à luz. Parece que o que deveria ter sido a partição swap criptografada não é reconhecida.

[Atualização]

Eutenteioseguintecomomesmoresultadoacima:

partedrm3mkpartprimaryext2-2GiB100%(Ignore)quitddif=/dev/urandomof=/dev/sda3bs=1Mcryptsetup-v-yluksFormat/dev/sda3YEScryptsetupopen/dev/sda3cryptswapmkswap/dev/mapper/cryptswapswapon/dev/mapper/cryptswap

[Atualização]

CriptografarapartiçãocomoacimanaversãoLiveMATEdaParabolaretornaumerro.

1root@parabolaiso/#cryptsetup-y-vluksFormat/dev/sda3--debug:(#cryptsetup1.7.3processing"cryptsetup -y -v luksFormat /dev/sda3 --debug"
# Running command luksFormat.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.

WARNING!
========
This will overwrite data on /dev/sda3 irrevocably.

Are you sure? (Type uppercase yes): YES
# Allocating crypt device /dev/sda3 context.
# Trying to open and read device /dev/sda3 with direct-io.
# Initialising device-mapper backend library.
# Timeout set to 0 miliseconds.
# Iteration time set to 2000 milliseconds.
# Interactive passphrase entry requested.
Enter passphrase: 
Verify passphrase: 
# Formatting device /dev/sda3 as type LUKS1.
# Crypto backend (gcrypt 1.7.5) initialized in cryptsetup library version 1.7.3.
# Detected kernel Linux 4.8.6-gnu-1 x86_64.
# Topology: IO (512/0), offset = 0; Required alignment is 1048576 bytes.
# Checking if cipher aes-xts-plain64 is usable.
# Userspace crypto wrapper cannot use aes-xts-plain64 (-95).
# Using dmcrypt to access keyslot area.
# Calculated device size is 1 sectors (RW), offset 0.
# dm version   [ opencount flush ]   [16384] (*1)
# dm versions   [ opencount flush ]   [16384] (*1)
# Device-mapper backend running with UDEV support enabled.
# DM-UUID is CRYPT-TEMP-temporary-cryptsetup-10670
# dm versions   [ opencount flush ]   [16384] (*1)
# Device-mapper backend running with UDEV support enabled.
# Udev cookie 0xd4d2344 (semid 65536) created
# Udev cookie 0xd4d2344 (semid 65536) incremented to 1
# Udev cookie 0xd4d2344 (semid 65536) incremented to 2
# Udev cookie 0xd4d2344 (semid 65536) assigned to CREATE task(0) with flags DISABLE_SUBSYSTEM_RULES DISABLE_DISK_RULES DISABLE_OTHER_RULES         (0xe)
# dm create temporary-cryptsetup-10670 CRYPT-TEMP-temporary-cryptsetup-10670 [ opencount flush ]   [16384] (*1)
# dm reload temporary-cryptsetup-10670  [ opencount flush readonly ]   [16384] (*1)
device-mapper: reload ioctl on temporary-cryptsetup-10670 failed: Invalid argument
# Udev cookie 0xd4d2344 (semid 65536) decremented to 1
# Udev cookie 0xd4d2344 (semid 65536) incremented to 2
# Udev cookie 0xd4d2344 (semid 65536) assigned to REMOVE task(2) with flags DISABLE_SUBSYSTEM_RULES DISABLE_DISK_RULES DISABLE_OTHER_RULES         (0xe)
# dm remove temporary-cryptsetup-10670  [ opencount flush readonly ]   [16384] (*1)
# temporary-cryptsetup-10670: Stacking NODE_DEL [verify_udev]
# Udev cookie 0xd4d2344 (semid 65536) decremented to 0
# Udev cookie 0xd4d2344 (semid 65536) waiting for zero
# Udev cookie 0xd4d2344 (semid 65536) destroyed
# temporary-cryptsetup-10670: Processing NODE_DEL [verify_udev]
# dm versions   [ opencount flush ]   [16384] (*1)
# Device-mapper backend running with UDEV support enabled.
Failed to setup dm-crypt key mapping for device /dev/sda3.
Check that kernel supports aes-xts-plain64 cipher (check syslog for more info).
# Releasing crypt device /dev/sda3 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code 5: Input/output error

[Atualização]

Na verdade, resolvi usando o systemd-swap (melhor que nada) e esperarei que o btrfs suporte a troca real.

    
por Folatt 24.12.2016 / 17:44

1 resposta

1

Seria mais simples criar um contêiner criptografado e configurar ambos / e trocar com o LVM.

Assim:

sda1  boot
sda2  LUKS-crypt
    LVM
        root-LV
        swap-LV

Então você só precisa de uma chave para abri-la, permitindo que você pule o crypttab completamente.

    
por 27.12.2016 / 08:09