# dm-crypt error despite of correct kernel configuration

## tux264

Hi,

I just stumbled across a problem, when I tried to mount my encrypted harddisk on Gentoo. I used cryptsetup on Debian to creat a AES encrypted partition (SHA256 for hashing) that contains my home directory. When I tried to open the partition via 

```
cryptsetup luksOpen /dev/hdX Name
```

 the following error occures: 

 *Quote:*   

> Failed to setup dm-crypt key mapping 
> 
> Check kernel for [...] blablabla
> 
> Failed to read from key storage
> ...

 

I compiled everything important into my kernel (custom-made gentoo-sources), but it just gives me this error message. I tried to open the partition via the Gentoo Live CD and it worked without any problems. I also compiled a kernel equal to the one used by this Live CD (copied config), but the error remains. 

So I conclude, that the version of cryptsetup (1.0.4 on Live CD vs. 1.0.5 in my Gentoo installation) is responsible for the behaviour... 

Can I assume, that this is a bug in cryptsetup 1.0.5 that will vanish in a few days by doing an "update world"?? Or does anyone can give me a hint to cope with this issue? It was quite important to me, because I would like to use my home directory for sharing data between my Linux installations  :Wink: 

Thanks in advance

Cheers,

tux264

----------

## overpencil

I have had this problem a long time and never filed a bug report because I do not know what causes it. What i do to fix it is

1) emerge device-mapper ( my dmcrypt'ed mount is on lvm , so skip this if you dont use lvm )

retry the open - if it fails:

2) emerge cryptsetup-luks

retry the open - if it fails then:

3) emerge libgcrypt

It usually fixes it self at stage 2 but ( like this morning I had to go through step 3). It is really annoying and I keep telling myself an update will fix it but it never does.

I do not know how to file a bug report for it because I do not know what causes the issue. It seems sometimes it does it randomly, and it pretty much always does it after updates to any of the three packages in the steps or updating anything really - it loves to break for fun it seems

----------

## Hu

overpencil: the next time this fails, please do the following:

Run equery check libgcrypt ; equery check cryptsetup-luks ; equery check device-mapper and save the results.  equery is part of app-portage/gentoolkit.

Run revdep-rebuild -p and save the output.

Do the emerges that are necessary to fix the problem.

Re-run the equery checks and the revdep-rebuild.

Post the output from both equery runs and both revdep-rebuild runs.

----------

## overpencil

hi it just did it on my laptop ( i have the same setup on both my laptop and desktop and have the same problem ) ... am doing what you said and will update when its done

----------

## overpencil

after it booted and wouldnt mount with the same errors as the first poster:

 *Quote:*   

> sys-fs/cryptsetup-luks-1.0.4-r3:
> 
>  * 29 out of 29 files good
> 
> sys-fs/device-mapper-1.02.22-r5:
> ...

 

Then this time i only had to 

 *Quote:*   

> emerge device-mapper

 

and it worked again and let me luksOpen / mount it

here is the output after the re-emerge and mount:

 *Quote:*   

> 
> 
> sys-fs/cryptsetup-luks-1.0.4-r3:
> 
>  * 29 out of 29 files good
> ...

 

----------

## overpencil

hi

I ran the tests on my desktop just now and everything was ok in the checks and revdep had nothing to fix. I had to emerge device-mapper AND cryptsetup-luks ( in that order, b/c just device-mapper did not fix it  on my desktop ) and then it mounted ( im posting this using the encrypted partition ).

I re-ran the tests after the emerges and the results are the same ( everything ok ).

one important thing I forgot to mention is that when its shutting down and running the lvm demount scripts it says "unable to remove home" ( which is the encrpyted lvm partition ) and in messages i see:

 *Quote:*   

> Jan  5 00:52:37 blackout device-mapper: ioctl: unable to remove open device temporary-cryptsetup-6298

 

which I believe are related.. maybe lvm is having problems bringing down encrypted partitions? but that doesnt seem right because the first poster was using a raw disk so it doesnt seem lvm related at all, only cryptsetup-luks

----------

## tux264

Thanks @ all, but unfortunately nothing helped  :Sad:  The error remains, no matter what I try. But I have to reinstall everything on my ThinkPad anyhow, let's see if it works after the reinstalling.... 

So long

tux264

----------

## tux264

Hi, 

I'm done, Gentoo is reinstalled. But I came across another error: when trying to emerge cryptsetup-luks, portage complains, that 

```
sys-fs/udev-115-r1
```

 is blocking 

```
sys-fs/device-mapper-1.02.22-r5
```

I encountered this error before, but I have no idea what the solution was  :Sad: 

Does anyone have an idea?

tux264

----------

## overpencil

https://forums.gentoo.org/viewtopic-t-632786-highlight-.html

try something similar to this!

----------

## overpencil

is there some developer or bug tracker who could get the dev team to look more into why it breaks on reboot? it happens on both my laptop and desktop and its very annoying

----------

## tux264

Okay, cryptsetup is installed, but I get the same error as before  :Sad:  Actually, I'm totally sure, but just to exclude a kernel problem: could you please upload your kernel .config to www.rapidshare.com? 

Thanks a lot for your help so far.

tux264

----------

## overpencil

next time it happens could you try this:

type in the password so the error shows up, then type in the correct pass again after the error.

this works for me somehow...

----------

## tux264

 *Quote:*   

> type in the password so the error shows up, then type in the correct pass again after the error. 

 

Doesn't work either. I even tried to create a new encryptet partition but also in this case the error shows up... No matter how often I try I could never get it to work so far. 

That's why I would be very thankful if you could give me your kernel .conf or tell me what is necessary. I'm using the standart gentoo sources package and my kernel supports 

```
Device Drivers  --->

  Multi-device support (RAID and LVM)  --->

    [*] Multiple devices driver support (RAID and LVM)

    < >   RAID support

    <M>   Device mapper support

    <M>     Crypt target support

```

And all necessary algorithms in

```

Cryptographic options  --->

  --- Cryptographic API

```

Cheers

tux264

----------

## overpencil

http://rapidshare.com/files/82785659/f.html

----------

## tux264

Thanks a lot!!  :Smile: 

Presumably I won't be able to test this today (still have some math stuff to do   :Confused:  ) but it'll be the first thing I do tomorrow  :Wink: 

thanks

tux264

----------

## overpencil

very strange ... now on my desktop ( havent used my laptop in a couple days )

when the comp boots and i first try to luksOpen it, the first time i enter a correct password it errors, and then the next time I enter it, it works ... During the time it fails it must be deleting some temp files or freeing up some resource

----------

## tux264

 *Quote:*   

> when the comp boots and i first try to luksOpen it, the first time i enter a correct password it errors, and then the next time I enter it, it works ...

 

Strange  :Smile:  But this is very annoying anyhow, so it can't be an ultimate solution... I have tried your kernel config, but the error still remains. Even after trying to mount an existing partition several times (or creating a new one) it doesn't succeed. 

I REALLY hope that the problem vanishes with some updates....

Cheers

tux264

----------

