blob: 7a627bf26f723e982c2921cbbb52545c8bf4e809 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
Debugging Cryptsetup issues
===========================
Cryptsetup is responsible for unlocking dm-crypt devices. The cryptsetup Debian
provide a whole slew of helper scripts that integrate cryptsetup into the
Debian operating system. The most important ones are the `cryptdisks` init
script and the `cryptroot` initramfs scripts, both implementing support for the
`/etc/crypttab` configuration file and for automatic unlocking of encrypted
devices during the boot process.
This page collects information on debugging different features of the Debian
cryptsetup packages in case of problems.
Debug cryptroot initramfs script
--------------------------------
In order to debug the cryptroot initramfs script during initramfs stage, the
following steps are required:
* Boot into the initramfs rescue shell by adding `break=premount` as kernel
option during boot
In grub, this can be done interactively from the grub boot menu: `<E>` to
edit, and `<Ctrl>+<X>` to boot once you've edited the kernel line.
See <https://help.ubuntu.com/community/Grub2/Troubleshooting#Editing_the_GRUB_2_Menu_During_Boot>
for details.
* Append `-x` to the shebang (first line) of cryptroot initramfs script:
sed -i -e '1s,^#!/bin/sh,& -x,' /scripts/local-top/cryptroot
* Run the cryptroot initramfs script manually, redirecting output to a log file:
/scripts/local-top/cryptroot 2>&1 | tee /run/initramfs/cryptroot.debug
**Please note:** if the boot process is broken, you might need to mount an
external storage device (e.g. a USB flash drive) inside the initramfs and
redirect the output to a log files on this external device.
* Continue the boot process (by pressing `<Ctrl>+<D>`) and save a copy of the
debug log file to `/run/initramfs/cryptroot.debug`. The content of `/run/`
will be lost after reboot.
Sometimes, debugging the initramfs directly can be helpful as well. See
<https://wiki.debian.org/InitramfsDebug#Saving_debug_information> for details.
Gather debugging information in the initramfs rescue shell
----------------------------------------------------------
Useful commands to gather information from initramfs rescue shell:
* Check for device-mapper support (these directories/symlinks exist only if
kernel has device-mapper support):
ls -l /sys/class/misc/device-mapper /sys/devices/virtual/misc/device-mapper
* Check whether dm-crypt kernel module is loaded:
lsmod | grep dm-crypt
* Display cryptroot configuration and list loaded kernel modules:
cat /cryptroot/crypttab
lsmod
* Gather information about the available block devices:
blkid
ls -l /dev/disk/by-*/
-- Jonas Meurer <jonas@freesources.org>, Wed 25 Dec 2019 02:58:00 PM CET
|
