After an upgrade, when the boot process comes to start /etc/init.d/dmcrypt, is stalls and the only way I have found to gracefully get back control over the machine is to start a reboot by pressing <CTRL>+<ALT>+<DEL> (<CTRL>+<c> does not abort that init script to continue boot). (I cannot exactly tell after which upgrade, because I had the machine suspend-to-disk-ing instead of rebooting for some weeks, and it is only hit on a boot process.)
My system setup is as follows:
- I have a root partition and a swap partition used for suspend-to-disk, which are LUKS-encrypted and which I decrypt with an initcpio hook. That works without problems.
- For completeness and to be able to just-boot the system in case the initcpio fails or is not present (my kernel is compiled such a way to haave all necessary modules needed to start up compiled in) those partitions are also specified in /etc/conf.d/dmcrypt. - I have a swap partition to be used as "normal" swap which has plain encryption and gets re-created on each boot
.
My /etc/conf.d/dmcrypt is:
dmcrypt_key_timeout=1
dmcrypt_retries=5
swap=swap
source='/dev/disk/by-label/cryptswap'
options='--type plain --allow-discards --offset=16384 --cipher=aes-cbc-essiv:sha256'
key=/dev/urandom
pre_mount='mkswap -L swap /dev/mapper/swap'
target=swsusp
source=/dev/sda5
options='--allow-discards --type luks'
target=btrfs_root
source='/dev/sda6'
options='--allow-discards --type luks'
When the system boots and I don't skip the dmcrypt service, it prints that it is creating that swapfile (I cannot paste the output here literally because I am now on the running system; and when I let the error happen I cannot reach a running system, so I cannot copypaste it) with the options and stalls. It does not print that it uses /dev/urandom as key(file).
A manual invocation of
cryptsetup create --key-file=/dev/urandom --type plain --allow-discards --offset=16384 --cipher=aes-cbc-essiv:sha256 swap /dev/disk/by-label/cryptswap
mkswap -L swap /dev/mapper/swap
produces no errors and the expected output
Setting up swapspace version 1, size = 8 GiB (8589930496 bytes)
LABEL=swap, UUID=0ccce488-621b-42f7-9c3f-dcf6b3eb3100
Anyone an idea what might be wrong? An idea how to hunt it down/ debug it?
Package versions:
- openrc: 0.43.5-1
- cryptsetup: 2.4.0-1
- cryptsetup-openrc: 20210505-4