summaryrefslogtreecommitdiffstats
path: root/debian/README.debug
diff options
context:
space:
mode:
Diffstat (limited to 'debian/README.debug')
-rw-r--r--debian/README.debug72
1 files changed, 72 insertions, 0 deletions
diff --git a/debian/README.debug b/debian/README.debug
new file mode 100644
index 0000000..7a627bf
--- /dev/null
+++ b/debian/README.debug
@@ -0,0 +1,72 @@
+Debugging Cryptsetup issues
+===========================
+
+Cryptsetup is responsible for unlocking dm-crypt devices. The cryptsetup Debian
+provide a whole slew of helper scripts that integrate cryptsetup into the
+Debian operating system. The most important ones are the `cryptdisks` init
+script and the `cryptroot` initramfs scripts, both implementing support for the
+`/etc/crypttab` configuration file and for automatic unlocking of encrypted
+devices during the boot process.
+
+This page collects information on debugging different features of the Debian
+cryptsetup packages in case of problems.
+
+Debug cryptroot initramfs script
+--------------------------------
+
+In order to debug the cryptroot initramfs script during initramfs stage, the
+following steps are required:
+
+* Boot into the initramfs rescue shell by adding `break=premount` as kernel
+ option during boot
+
+ In grub, this can be done interactively from the grub boot menu: `<E>` to
+ edit, and `<Ctrl>+<X>` to boot once you've edited the kernel line.
+
+ See <https://help.ubuntu.com/community/Grub2/Troubleshooting#Editing_the_GRUB_2_Menu_During_Boot>
+ for details.
+
+* Append `-x` to the shebang (first line) of cryptroot initramfs script:
+
+ sed -i -e '1s,^#!/bin/sh,& -x,' /scripts/local-top/cryptroot
+
+* Run the cryptroot initramfs script manually, redirecting output to a log file:
+
+ /scripts/local-top/cryptroot 2>&1 | tee /run/initramfs/cryptroot.debug
+
+ **Please note:** if the boot process is broken, you might need to mount an
+ external storage device (e.g. a USB flash drive) inside the initramfs and
+ redirect the output to a log files on this external device.
+
+* Continue the boot process (by pressing `<Ctrl>+<D>`) and save a copy of the
+ debug log file to `/run/initramfs/cryptroot.debug`. The content of `/run/`
+ will be lost after reboot.
+
+Sometimes, debugging the initramfs directly can be helpful as well. See
+<https://wiki.debian.org/InitramfsDebug#Saving_debug_information> for details.
+
+Gather debugging information in the initramfs rescue shell
+----------------------------------------------------------
+
+Useful commands to gather information from initramfs rescue shell:
+
+* Check for device-mapper support (these directories/symlinks exist only if
+ kernel has device-mapper support):
+
+ ls -l /sys/class/misc/device-mapper /sys/devices/virtual/misc/device-mapper
+
+* Check whether dm-crypt kernel module is loaded:
+
+ lsmod | grep dm-crypt
+
+* Display cryptroot configuration and list loaded kernel modules:
+
+ cat /cryptroot/crypttab
+ lsmod
+
+* Gather information about the available block devices:
+
+ blkid
+ ls -l /dev/disk/by-*/
+
+ -- Jonas Meurer <jonas@freesources.org>, Wed 25 Dec 2019 02:58:00 PM CET
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-01 11:04:25 +0000