# [solved] lukscrypted root: no prompt for passphrase

## SatanClaus

Hi,

I'm currently using a luks encrypted root setup with gentoo-sources-2.6.19-r5 and genkernel to create an init-ramdisk with evms udev and luks support. Everything worked fine, until I tried to update to gentoo-sources-2.6.20-r8 (r7 had the same problem).

I adapted my old config with "make oldconfig", generated an initrd with "genkernel --no-clean --save-config --mountboot --evms2 --luks all" and adjusted grub.conf:

```
title=Gentoo Linux genkernel x86_64-2.6.20-gentoo-r8

root (hd2,0)

kernel /kernel-genkernel-x86_64-2.6.20-gentoo-r8 root=/dev/ram0 init=/linuxrc ramdisk=8192 crypt_root=/dev/evms/slash real_root=/dev/mapper/root udev doevms2

initrd /initramfs-genkernel-x86_64-2.6.20-gentoo-r8
```

But after rebooting I'm not prompted for the root partitions luks passphrase anymore, the output is:

```
>> Openting LUKS device /dev/evms/slash

Command failed: No key available with this passphrase.

!! Failed open LUKS device /dev/evms/slash

!! The LUKS root block device is not detected

   Please specify a root LUKS device to open, q to skip, or shell for a shell.

LUKS root() ::
```

So LUKS actually tried opening the device without any passphrase, as I was never prompted for it. I then entered "shell" to get an interactive shell:

```
BusyBox v1.1.3 ...

...

/bin/ash: can't access tty: job control turned off
```

Due to the error-message I did:

```
/ # cat /dev/tty

Enter LUKS passphrase: / #
```

So it seems as if this ouput generated by cryptsetup somehow wasn't printed on my screen. All needed devices in /dev/ seem to exist though: tty, tty0, console, evms/slash, etc..

I then tried to manually decrypt the partition with:

```
/ # cryptsetup luksOpen /dev/evms/slash root

Command failed: No key available with this passphrase.
```

As you can see again I wasn't asked by cryptsetup for a passphrase, and again I can find it in /dev/tty.

I finally can uncrypt the partition with a very dirty workaround, as it shows my passphrase in plaintext on screen:

```
/ # echo "passphrase" | cryptsetup luksOpen /dev/evms/slash root

... key slot 0 unlocked ...

/ # exit

LUKS root() :: q
```

So this time it works, I then have to exit shell and skip over the root LUKS decrypt procedure and everything else works fine.

I also rebuild my old kernel image with the possibly new busybox and genkernel packages (I remembered that one of them was updated in between), but the old kernel works fine. As a friend told me, other sources (ck 2.6.21 in his case) seem to experience the same problem, in his case without evms and raid...

So I'm somewhat puzzled of how to get this to work: being prompted for the passphrase and not have it in plaintext on my screen somehow.

I'd be very pleased on any comments what I might have done wrong or why this might have stopped to work.

cu

SatanClaus

PS: I provided all info I think is useful for this post. I still documented the whole setup process of the crypted root in evms in the gentoo wiki: http://gentoo-wiki.com/HOWTO_Setup_fully_crypted_Gentoo_on_EVMS

If you need anything else, please let me know...

----------

## SatanClaus

Solved the problem by upgrading to cryptsetup-luks-1.0.4-r3.

It seems as if the old stable (amd64) cryptsetup-luks-1.0.3-r2 uses the deprecated "getpass" function to prompt for the password... I don't know if it's exactly related to this, but in any case the newer release uses a pretty different routine to prompt for passwords and it works.

```
echo "=sys-fs/cryptsetup-luks-1.0.4-r3" >> /etc/portage/package.keywords

emerge --ask --verbose cryptsetup-luks
```

Still you might want to note, that when installing the newer ebuild the layout of /etc/conf.d/cryptfs has changed.

You should substitute "mount=" with "target=". Also the new init-scripts does autodetection of whether luks is used (see cryptsetup isLuks), so the 'type="luks"' lines can be omitted. There are pretty nice examples in that file now, so edit it before rebooting  :Wink: 

After emerging you need to repackage the initrd with genkernel.

cu

SatanClaus

----------

