Trying and failing to get unattended boot with encrypted storage working.
My bootdrive (root) is successfully encrypted with LUKS and gets decrypted using TPM.
So the issues I'm seeing are with my other storage.
Sorry for the massive information dump, but I'm fully lost in my troubleshooting.
I need someone else eyes to find what the issue is.
I got prompted for passphrase at boot, but it won't accept the passphrase I've created the container with and when I've failed sufficiently it boots and everything is decrypted. I know this, cause i tried just feeding the prompt with "enter" (no passphrase) and after a while it's booted and disks decrypted...
Contents of "crypttab"luksUUIDsContents of "fstab" (likely not relevant, but...)Status of LUKS containersMountpointsMapperLUKS keysKeys are created using a script (relevant contents)
My bootdrive (root) is successfully encrypted with LUKS and gets decrypted using TPM.
So the issues I'm seeing are with my other storage.
Sorry for the massive information dump, but I'm fully lost in my troubleshooting.
I need someone else eyes to find what the issue is.
I got prompted for passphrase at boot, but it won't accept the passphrase I've created the container with and when I've failed sufficiently it boots and everything is decrypted. I know this, cause i tried just feeding the prompt with "enter" (no passphrase) and after a while it's booted and disks decrypted...
Code:
# blkid/dev/mapper/proxmox--vg-root: UUID="dcb851e9-c3c2-4dc6-82af-1973b935c354" BLOCK_SIZE="4096" TYPE="ext4"/dev/nvme0n1p3: UUID="e907bd9e-6c1b-42a0-b589-3c430d0e7d3b" TYPE="crypto_LUKS" PARTUUID="27a231f2-eb28-4227-a9a6-bd4c56e97f34"/dev/nvme0n1p1: UUID="F25C-70F2" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="5eef5931-c55f-4464-b360-40d4d2974395"/dev/nvme0n1p2: UUID="83133c93-6716-4dbb-a99c-23cc924bdff7" BLOCK_SIZE="1024" TYPE="ext2" PARTUUID="a56960e4-1ecb-41c1-b0f3-c30fa27edbac"/dev/sdd1: UUID="9ffced0a-19f4-4827-a9b2-f1c003b014c5" LABEL="parity" TYPE="crypto_LUKS" PARTLABEL="primary" PARTUUID="09241976-8f46-48e3-89cc-d56ba0ef11a8"/dev/nvme3n1p1: LABEL="persistent" UUID="9920428768779242411" UUID_SUB="1837294838804816630" BLOCK_SIZE="4096" TYPE="zfs_member" PARTLABEL="zfs-2462ad5e831bf733" PARTUUID="42bcba0a-c209-cd45-a3e2-edba4d9f2f7b"/dev/nvme3n1p9: PARTUUID="4e375f69-2ba9-7a43-b639-ae7954bb0397"/dev/sdb1: UUID="7be97fbc-a7a1-42cc-a150-1ceda03a3958" LABEL="disk2" TYPE="crypto_LUKS" PARTLABEL="primary" PARTUUID="885d9127-f6f4-4e93-86d0-21a3c5084361"/dev/mapper/disk1: UUID="cb797b8a-fbbc-4f4b-b3fe-cb4a165ff436" BLOCK_SIZE="4096" TYPE="ext4"/dev/mapper/disk3: UUID="2bf35c33-5395-4f3c-898c-8633ea4bb6af" BLOCK_SIZE="4096" TYPE="ext4"/dev/nvme2n1p9: PARTUUID="6f8f1a4d-7e50-ac46-bbf8-f4d6137502bb"/dev/nvme2n1p1: LABEL="persistent" UUID="9920428768779242411" UUID_SUB="7285610252149618053" BLOCK_SIZE="4096" TYPE="zfs_member" PARTLABEL="zfs-a2af4799b3ee8756" PARTUUID="89b0e912-0388-b343-8a49-8e7421a78e88"/dev/mapper/proxmox--vg-swap_1: UUID="dc64ecbb-fd76-449d-b051-c7e490043f56" TYPE="swap"/dev/mapper/luks-e907bd9e-6c1b-42a0-b589-3c430d0e7d3b: UUID="SpS1rA-X6F5-Xjdc-86nj-D81F-xwoD-adzL9R" TYPE="LVM2_member"/dev/sdc1: UUID="833b827a-dcf0-4ebc-8ea1-0a9bc2693c97" LABEL="disk1" TYPE="crypto_LUKS" PARTLABEL="primary" PARTUUID="57a9c9ad-fdf0-49d5-a1bf-77a7fc425b08"/dev/sda1: UUID="8c76eeb9-e883-4c9d-8f8b-aadda4682933" LABEL="disk3" TYPE="crypto_LUKS" PARTLABEL="primary" PARTUUID="fd131621-fd61-4d29-9456-870374f47de1"/dev/mapper/parity: UUID="911cf8a8-f58e-4c64-828b-b8f7d0313f93" BLOCK_SIZE="4096" TYPE="ext4"/dev/mapper/disk2: UUID="a0495789-c6aa-489c-8fb7-c6447a070898" BLOCK_SIZE="4096" TYPE="ext4"Code:
# lsblk -fNAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTSsda└─sda1 crypto_LUKS 2 disk3 8c76eeb9-e883-4c9d-8f8b-aadda4682933 └─disk3 ext4 1.0 2bf35c33-5395-4f3c-898c-8633ea4bb6af 3.4T 0% /mnt/disk3sdb└─sdb1 crypto_LUKS 2 disk2 7be97fbc-a7a1-42cc-a150-1ceda03a3958 └─disk2 ext4 1.0 a0495789-c6aa-489c-8fb7-c6447a070898 3.4T 0% /mnt/disk2sdc└─sdc1 crypto_LUKS 2 disk1 833b827a-dcf0-4ebc-8ea1-0a9bc2693c97 └─disk1 ext4 1.0 cb797b8a-fbbc-4f4b-b3fe-cb4a165ff436 3.4T 0% /mnt/disk1sdd└─sdd1 crypto_LUKS 2 parity 9ffced0a-19f4-4827-a9b2-f1c003b014c5 └─parity ext4 1.0 911cf8a8-f58e-4c64-828b-b8f7d0313f93 3.4T 0% /mnt/parityCode:
# cat /etc/crypttab# nvme0n1p3_crypt UUID=e907bd9e-6c1b-42a0-b589-3c430d0e7d3b none luks,discarddisk1 UUID=833b827a-dcf0-4ebc-8ea1-0a9bc2693c97 /srv/keys/disk1.luks luksdisk2 UUID=7be97fbc-a7a1-42cc-a150-1ceda03a3958 /srv/keys/disk2.luks luksdisk3 UUID=8c76eeb9-e883-4c9d-8f8b-aadda4682933 /srv/keys/disk3.luks luksparity UUID=9ffced0a-19f4-4827-a9b2-f1c003b014c5 /srv/keys/parity.luks luksCode:
# cryptsetup luksUUID /dev/sda18c76eeb9-e883-4c9d-8f8b-aadda4682933# cryptsetup luksUUID /dev/sdb17be97fbc-a7a1-42cc-a150-1ceda03a3958# cryptsetup luksUUID /dev/sdc1833b827a-dcf0-4ebc-8ea1-0a9bc2693c97# cryptsetup luksUUID /dev/sdd19ffced0a-19f4-4827-a9b2-f1c003b014c5Code:
# cat /etc/fstab# <file system> <mount point> <type> <options> <dump> <pass>/dev/mapper/proxmox--vg-root / ext4 errors=remount-ro 0 1# /boot was on /dev/nvme0n1p2 during installationUUID=83133c93-6716-4dbb-a99c-23cc924bdff7 /boot ext2 defaults 0 2# /boot/efi was on /dev/nvme0n1p1 during installationUUID=F25C-70F2 /boot/efi vfat umask=0077 0 1/dev/mapper/proxmox--vg-swap_1 none swap sw 0 0/dev/mapper/disk1 /mnt/disk1 ext4 defaults 0 0/dev/mapper/disk2 /mnt/disk2 ext4 defaults 0 0/dev/mapper/disk3 /mnt/disk3 ext4 defaults 0 0/dev/mapper/parity /mnt/parity ext4 defaults 0 0Code:
# cryptsetup status /dev/mapper/disk1/dev/mapper/disk1 is active and is in use. type: LUKS2 cipher: aes-xts-plain64 keysize: 512 bits key location: keyring device: /dev/sdc1 sector size: 4096 offset: 32768 sectors size: 7814000640 sectors mode: read/write# cryptsetup status /dev/mapper/disk2/dev/mapper/disk2 is active and is in use. type: LUKS2 cipher: aes-xts-plain64 keysize: 512 bits key location: keyring device: /dev/sdb1 sector size: 4096 offset: 32768 sectors size: 7814000640 sectors mode: read/write# cryptsetup status /dev/mapper/disk3/dev/mapper/disk3 is active and is in use. type: LUKS2 cipher: aes-xts-plain64 keysize: 512 bits key location: keyring device: /dev/sda1 sector size: 4096 offset: 32768 sectors size: 7814000640 sectors mode: read/write# cryptsetup status /dev/mapper/parity/dev/mapper/parity is active and is in use. type: LUKS2 cipher: aes-xts-plain64 keysize: 512 bits key location: keyring device: /dev/sdd1 sector size: 4096 offset: 32768 sectors size: 7814000640 sectors mode: read/writeCode:
# ls -la /mnt/total 24drwxr-xr-x 6 root root 4096 Jul 22 16:02 .drwxr-xr-x 18 root root 4096 Jul 21 14:31 ..drwxr-xr-x 3 root root 4096 Jul 23 02:27 disk1drwxr-xr-x 3 root root 4096 Jul 23 01:19 disk2drwxr-xr-x 3 root root 4096 Jul 23 01:19 disk3drwxr-xr-x 3 root root 4096 Jul 23 01:19 parityCode:
# ls -la /dev/mapper/total 0drwxr-xr-x 2 root root 200 Jul 23 02:27 .drwxr-xr-x 19 root root 4200 Jul 23 02:27 ..crw------- 1 root root 10, 236 Jul 23 02:26 controllrwxrwxrwx 1 root root 7 Jul 23 02:27 disk1 -> ../dm-6lrwxrwxrwx 1 root root 7 Jul 23 02:26 disk2 -> ../dm-3lrwxrwxrwx 1 root root 7 Jul 23 02:27 disk3 -> ../dm-4lrwxrwxrwx 1 root root 7 Jul 23 02:26 luks-e907bd9e-6c1b-42a0-b589-3c430d0e7d3b -> ../dm-0lrwxrwxrwx 1 root root 7 Jul 23 02:27 parity -> ../dm-5lrwxrwxrwx 1 root root 7 Jul 23 02:26 proxmox--vg-root -> ../dm-1lrwxrwxrwx 1 root root 7 Jul 23 02:26 proxmox--vg-swap_1 -> ../dm-2Code:
# ls -la /srv/keys/total 24drwxr-xr-x 2 root root 4096 Jul 23 01:17 .drwxr-xr-x 3 root root 4096 Jul 21 21:53 ..-r-------- 1 root root 4096 Jul 23 01:17 disk1.luks-r-------- 1 root root 4096 Jul 23 01:17 disk2.luks-r-------- 1 root root 4096 Jul 23 01:17 disk3.luks-r-------- 1 root root 4096 Jul 23 01:17 parity.luksCode:
dd if=/dev/urandom of="/srv/keys/${key_name}.luks" bs=1024 count=4chmod 0400 "/srv/keys/${key_name}.luks"Code:
# uname -aLinux proxmox 6.1.0-23-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.99-1 (2024-07-15) x86_64 GNU/LinuxStatistics: Posted by BeyondEvil — 2024-07-23 01:06 — Replies 2 — Views 62