LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   Problem with LUKS or USB device (http://www.linuxquestions.org/questions/linux-general-1/problem-with-luks-or-usb-device-650369/)

pendeli 06-19-2008 01:19 PM

Problem with LUKS or USB device
 
Hej! I'm new to Linux - installed a Debian etch to my laptop about 3 weeks ago, and quite happy so far...

I have a puzzling question. On my external USB hard disk, I have installed a LUKS-encrypted partition (ext3). It works well under Linux. It has two key slots, one is a password, the other one is a key file saved on my laptop. The laptop itself has encrypted root/temp/home/... using LUKS, the way that the Debian installer has set it up. Only /boot is unencrypted.

I think the encryption settings that I have used are the same for the external disk, as for the internal disk. (Except the key file, it doesn't make sense to add it as a key to the internal disk if it is stored on the encrypted bit.)

When I boot my computer, the LUKS prompt asks me for the password to the internal disk, then LUKS opens the contained partitions and the boot continues normally. Usually I leave the USB drive plugged in when I switch off my computer, so it is plugged in when it boots.

With the previous kernel, I could simply add the cryptsetup luksOpen --keyfile... line in a startup script (on entering INIT 2), then mount, and my USB drive was accessible. Now, there was a debian etch kernel upgrade last week, and with the new kernel it doesn't work any longer. However, if I unplug the drive while the computer is running, then plug it in again, now I can luksOpen and mount the partition. (There are two ways to do it, either by typing and with the key file, or by using the password prompt that comes up in GNOME. Both ways work equally well.)

I thought at first that maybe by unplugging and plugging it, some essential kernel module is automatically loaded, but looking at lsmod output shows this is not the case.

Also, with the previous kernel the boot loading script worked without the need to unplug and plug. And the fact that, upon booting, even the new kernel can unlock the root partition must mean that all the required modules are already loaded. So I'm puzzled as to why luksOpen works once for the internal disk but then doesn't work on the USB disk until I unplug and plug it. And what happens when I plug it in again so that, afterwards, it works. Any ideas?

The error message that I get from cryptsetup luksOpen when it does not work is:

Code:

device-mapper: table: 254:9: crypt: Device lookup failed
device-mapper: ioctl: error adding target to table
device-mapper: ioctl: device doesn't appear to be in the dev hash table.

Apparently the first two lines are not the problem, because I get them with the internal disk every time I boot and it still works. The third line is "abnormal".

Thank you for help! What commands/output/files should I look at to track down this pesky problem?

pendeli 06-19-2008 01:31 PM

PS If it helps, here is the script that I use to open and close the drive. It works, but with the new kernel it requires that I unplug and plug the drive first.
Code:

#!/bin/bash
NAME=0d4a7c02-6f1c-4e24-9168-4b1b67866704
PART=CA-EXTHD-4C

case "$1" in
  start)

    # check that PART appears to be a disk partition
    echo Attempting to mount $PART...
    /sbin/cryptsetup luksOpen --key-file /etc/.home.key /dev/disk/by-uuid/$NAME $PART
    /sbin/e2fsck /dev/mapper/$PART
    /bin/mount -v -t ext3 -o rw /dev/mapper/$PART /mnt/$PART
    exit 1
  ;;
  stop)
    echo Attempting to unmount $NAME
    /bin/umount -v /mnt/$PART
    /sbin/cryptsetup luksClose $PART
  ;;

  restart|force-reload)
  $0 stop || true
  $0 start
  ;;

esac


frostschutz 06-22-2008 05:43 PM

Detecting USB devices may take an arbitrary time, depending on when the USB modules are loaded (if USB support is a module), and how long it takes for USB hub and hard disk to reply to the system. It can take several seconds until all steps (including udev symlinks to the device) are done. Now if you try to cryptsetup luksOpen the drive before the USB device detection has finished, it will fail, because the device is not yet there.

If you actually really need to replug the device itself and not just wait until it's detected, then there is something wrong with setting up USB devices that are plugged in during boot on your system.

pendeli 06-23-2008 02:25 PM

Quote:

Originally Posted by frostschutz (Post 3192109)
If you actually really need to replug the device itself and not just wait until it's detected, then there is something wrong with setting up USB devices that are plugged in during boot on your system.

This is my problem, I think. How can I find out what is wrong? Or is there a way how I can monitor what Linux does when I plug in my USB drive? Because it works when I unplug and plug it, but if I just wait longer (say 20 minutes) after booting and then try the luksOpen command, it still fails. Thanks for advice!


All times are GMT -5. The time now is 07:43 AM.