3

I had fresh install of Ubuntu 24.04 with ZFS and a 8GB swap partition automatically made by the Ubuntu installer, as /dev/nvme0n1p3.

I upgraded to 24.10 and the swap is not available after reboot. It seems swapon cannot find the encrypted partition. What went wrong during the upgrade?

My /etc/fstab is unmodified since the fresh install:

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
/dev/disk/by-id/dm-uuid-CRYPT-PLAIN-dm_crypt-0 none swap sw 0 0
# Use `zfs list` for current zfs mount info
# bpool none defaults 0 0
# Use `zfs list` for current zfs mount info
# rpool none defaults 0 0
# Use `zfs list` for current zfs mount info
# rpool / defaults 0 0
# Use `zfs list` for current zfs mount info
# rpool none defaults 0 0
# Use `zfs list` for current zfs mount info
# rpool /root defaults 0 0
# Use `zfs list` for current zfs mount info
# rpool /home defaults 0 0
# Use `zfs list` for current zfs mount info
# bpool /boot defaults 0 0
# /boot/efi was on /dev/nvme0n1p1 during curtin installation
/dev/disk/by-uuid/6DA7-371B /boot/efi vfat defaults 0 1

And my /etc/crypttab:

dm_crypt-0 PARTUUID=d5018485-33be-40b8-80a1-9adb3c96ff16 /dev/urandom swap,initramfs

In /etc/crypttab I tried to replace the ID PARTUUID=d5018485-33be-40b8-80a1-9adb3c96ff16 by /dev/nvme0n1p3 but it didn't solve the problem after rebooting.

I also tried to add these options: swap,initramfs,plain,cipher=aes-xts-plain64,size=256

$ sudo blkid: (I'm not showing the many loop devices)

/dev/nvme0n1p1: UUID="6DA7-371B" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="604b52dd-b0fc-43d8-8661-3dcb64869220"
/dev/nvme0n1p4: LABEL="rpool" UUID="15673004915406136913" UUID_SUB="7631777870671497537" BLOCK_SIZE="4096" TYPE="zfs_member" PARTUUID="2157f054-6832-42fb-8032-8d2fb89b235b"
/dev/nvme0n1p2: LABEL="bpool" UUID="8036775395222734905" UUID_SUB="16758030276404416519" BLOCK_SIZE="4096" TYPE="zfs_member" PARTUUID="ec3c6766-9115-4fa6-b9d4-793d092a7bb4"
/dev/mapper/keystore-rpool: LABEL="keystore-rpool" UUID="bda5d08f-4300-4ecf-9dd1-9c6958d53738" BLOCK_SIZE="4096" TYPE="ext4"
/dev/nvme0n1p3: PARTUUID="d5018485-33be-40b8-80a1-9adb3c96ff16"
/dev/zd0: UUID="2586988a-ff8b-4fdf-96c1-dd1532b1eb90" TYPE="crypto_LUKS"

$ sudo swapon -a
swapon: cannot open /dev/disk/by-id/dm-uuid-CRYPT-PLAIN-dm_crypt-0: No such file or directory

$ sudo update-initramfs -u -k all
update-initramfs: Generating /boot/initrd.img-6.11.0-9-generic
cryptsetup: ERROR: dm_crypt-0: Source mismatch
device-mapper: table ioctl on dm_crypt-0  failed: No such device or address
Command failed.
cryptsetup: WARNING: Couldn't determine cipher modules to load for dm_crypt-0
mkinitramfs: copy_file: config '/etc/zfs/vdev_id.conf' not found
mkinitramfs: copy_file: config '/etc/zfs/initramfs-tools-load-key' not found
mkinitramfs: copy_file: config '/etc/zfs/initramfs-tools-load-key.d/' not found
update-initramfs: Generating /boot/initrd.img-6.8.0-48-generic
cryptsetup: ERROR: dm_crypt-0: Source mismatch
device-mapper: table ioctl on dm_crypt-0  failed: No such device or address
Command failed.
cryptsetup: WARNING: Couldn't determine cipher modules to load for dm_crypt-0
mkinitramfs: copy_file: config '/etc/zfs/vdev_id.conf' not found
mkinitramfs: copy_file: config '/etc/zfs/initramfs-tools-load-key' not found
mkinitramfs: copy_file: config '/etc/zfs/initramfs-tools-load-key.d/' not found

$ sudo fdisk -l /dev/nvme0n1
Disk /dev/nvme0n1: 3,64 TiB, 4000787030016 bytes, 7814037168 sectors
Disk model: CT4000P3SSD8                            
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 8B4A35DE-55EE-4ECA-99B3-E52D0FAC4A75

Device            Start        End    Sectors  Size Type
/dev/nvme0n1p1     2048    2203647    2201600    1G EFI System
/dev/nvme0n1p2  2203648    6397951    4194304    2G Linux filesystem
/dev/nvme0n1p3  6397952   23175167   16777216    8G Linux filesystem
/dev/nvme0n1p4 23175168 7814033407 7790858240  3,6T Linux filesystem

$ lsblk -o +PATH,UUID,PARTUUID
NAME             MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS                         PATH                       UUID                                 PARTUUID
zd0              230:0    0    20M  0 disk                                      /dev/zd0                   2586988a-ff8b-4fdf-96c1-dd1532b1eb90 
└─keystore-rpool 252:0    0     4M  0 crypt /run/keystore/rpool                 /dev/mapper/keystore-rpool bda5d08f-4300-4ecf-9dd1-9c6958d53738 
nvme0n1          259:0    0   3,6T  0 disk                                      /dev/nvme0n1                                                    
├─nvme0n1p1      259:1    0     1G  0 part  /boot/efi                           /dev/nvme0n1p1             6DA7-371B                            604b52dd-b0fc-43d8-8661-3dcb64869220
├─nvme0n1p2      259:2    0     2G  0 part                                      /dev/nvme0n1p2             8036775395222734905                  ec3c6766-9115-4fa6-b9d4-793d092a7bb4
├─nvme0n1p3      259:3    0     8G  0 part                                      /dev/nvme0n1p3                                                  d5018485-33be-40b8-80a1-9adb3c96ff16
└─nvme0n1p4      259:4    0   3,6T  0 part                                      /dev/nvme0n1p4             15673004915406136913                 2157f054-6832-42fb-8032-8d2fb89b235b

$ ls -al /dev/mapper/
crw-------  1 root root 10, 236 Nov 15 22:55 control
lrwxrwxrwx  1 root root       7 Nov 15 22:55 keystore-rpool -> ../dm-0

$ ls -al /dev/disk/by-uuid/
lrwxrwxrwx  1 root root  15 Nov 15 22:54 15673004915406136913 -> ../../nvme0n1p4
lrwxrwxrwx  1 root root   9 Nov 15 22:54 2586988a-ff8b-4fdf-96c1-dd1532b1eb90 -> ../../zd0
lrwxrwxrwx  1 root root  15 Nov 15 22:54 6DA7-371B -> ../../nvme0n1p1
lrwxrwxrwx  1 root root  15 Nov 15 22:54 8036775395222734905 -> ../../nvme0n1p2
lrwxrwxrwx  1 root root  10 Nov 15 22:55 bda5d08f-4300-4ecf-9dd1-9c6958d53738 -> ../../dm-0

$ ls -al /dev/block/
lrwxrwxrwx  1 root root    6 Nov 15 22:55 230:0 -> ../zd0
lrwxrwxrwx  1 root root    7 Nov 15 22:55 252:0 -> ../dm-0
lrwxrwxrwx  1 root root   10 Nov 15 22:55 259:0 -> ../nvme0n1
lrwxrwxrwx  1 root root   12 Nov 15 22:55 259:1 -> ../nvme0n1p1
lrwxrwxrwx  1 root root   12 Nov 15 22:55 259:2 -> ../nvme0n1p2
lrwxrwxrwx  1 root root   12 Nov 15 22:55 259:3 -> ../nvme0n1p3
lrwxrwxrwx  1 root root   12 Nov 15 22:55 259:4 -> ../nvme0n1p4

$ sudo parted /dev/nvme0n1 unit GB print free
Model: CT4000P3SSD8 (nvme)
Disk /dev/nvme0n1: 4001GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags: 

Number  Start   End     Size    File system  Name  Flags
        0,00GB  0,00GB  0,00GB  Free Space
 1      0,00GB  1,13GB  1,13GB  fat32              boot, esp
 2      1,13GB  3,28GB  2,15GB  zfs
 3      3,28GB  11,9GB  8,59GB
 4      11,9GB  4001GB  3989GB  zfs
        4001GB  4001GB  0,00GB  Free Space

Also, I don't know if it is related but during boot, when prompted for the (ZFS encrypted) disk password, I have the following warning: cryptsetup: WARNING: Option 'size' missing in crypttab for plain dm-crypt mapping dm_crypt-0. Please read /usr/share/doc/cryptsetup-initramfs/README.initramfs.gz and add the correct 'size' option to your crypttab(5).

Victor
  • 9,244

2 Answers2

2

Since you don't have any swap, cat /proc/swaps should have no swap listed.

And since your swap partition isn't being mounted, the files /dev/mapper/dm_crypt-0 and /dev/dm-1 should be missing.

Therefore, let's map the partition manually and see if it survives a reboot since your /etc/fstab and /etc/crypttab appear to be correct.

Inspect the status of the encrypted partition. It should return blank:

sudo cryptsetup status dm_crypt-0

Manually create a mapping of the partition. You should be prompted for your passphrase:

sudo cryptsetup open --type plain --cipher aes-xts-plain64 --key-size 256 --sector-size 512 /dev/nvme0n1p3 dm_crypt-0

Check the status of the mapping:

sudo cryptsetup status dm_crypt-0

Create a swap filesystem inside the mapped partition and enable it:

sudo mkswap /dev/mapper/dm_crypt-0
sudo swapon -a

Regarding the warning at boot: cryptsetup: WARNING: Option 'size' missing in crypttab for plain dm-crypt mapping dm_crypt-0., edit your /etc/crypttab file as follows:

dm_crypt-0 PARTUUID=d5018485-33be-40b8-80a1-9adb3c96ff16 /dev/urandom swap,initramfs,plain,cipher=aes-xts-plain64,size=256,sector-size=512

If you notice, I added the options plain, cipher=aes-xts-plain64, size=256, & sector-size=512. This will suppress all warnings at boot after you update your initramfs.

Next, update initramfs:

sudo update-initramfs -u -k all

Hopefully, this should survive a reboot.

mpboden
  • 3,046
2

OK, i did a few tests so let's resolve your problem.

  1. Regarding

    Also, I don't know if it is related but during boot, when prompted for the (ZFS encrypted) disk password, I have the following warning: cryptsetup: WARNING: Option 'size' missing in crypttab for plain dm-crypt mapping dm_crypt-0. Please read /usr/share/doc/cryptsetup-initramfs/README.initramfs.gz and add the correct 'size' option to your crypttab(5).

    I think it is related, check this README entry (from cryptsetup FAQ):

    • 3.2 My dm-crypt mapping suddenly stopped when upgrading cryptsetup.
      The default cipher, hash or mode may have changed (the mode changed from 1.0.x to 1.1.x). See under "Issues With Specific Versions of cryptsetup".

    Don't be fooled by the official repo's versions - according to Ubuntu 24.04 cryptsetup publishing history underlying (original) cryptsetup package changed between v2.6.1 (2:2.6.1-4ubuntu3 - oldest version used in Ubuntu 24.04) and v2.7.0 (2:2.7.0-1ubuntu4.1 - last version in Ubuntu 24.04) - exactly 29.02.2024 with the introduction of 2:2.7.0-1ubuntu1 cryptsetup package. The available diff proves my point:

    -CS_STR_WITH([plain-hash],   [password hashing function for plain mode], [ripemd160])
+CS_STR_WITH([plain-hash],   [password hashing function for plain mode], [sha256])
 CS_STR_WITH([plain-cipher], [cipher for plain mode], [aes])
-CS_STR_WITH([plain-mode],   [cipher mode for plain mode], [cbc-essiv:sha256])
+CS_STR_WITH([plain-mode],   [cipher mode for plain mode], [xts-plain64])
 CS_NUM_WITH([plain-keybits],[key length in bits for plain mode], [256])

    Since you obviously lost the mapping ("cannot open /dev/disk/by-id/dm-uuid-CRYPT-PLAIN-dm_crypt-0: No such file or directory") - I think it may be the case.

  2. Regarding

    I also tried to add these options: swap,initramfs,plain,cipher=aes-xts-plain64,size=256

    Assuming you tried to "save" your old swap partition by specifying default cipher and keysize - aes-xts-plain64 is the new default. And you should've tried the old one :)

  3. Resolution:

    Add the following options to your crypttab (plain is not needed as the swap option implies it): cipher=aes-cbc-essiv:sha256,size=256,hash=ripemd160,swap - I advise to also include nofail,noearly, but it's up to you.

    Of course since we're talking about swap - feel free to simply recreate it with the new (better) defaults - and note, that cryptsetup maintainers advise to explicitly set the cipher, hash and size in /etc/crypttab when using plain encryption.

mrd83
  • 121