Ask Your Question
1

Encrypted LUKS Volume Cannot Be Mounted After Reboot

asked 2016-05-06 07:47:23 -0500

hindmasj gravatar image

I am using Fedora 23 recently installed on my laptop. I have created a LUKS filesystem inside a logical volume which when first created can be opened and mounted.

After a reboot the passphrase is requested during graphical boot but the volume is not mounted. I get an error trying to open it manually.

# cryptsetup -v open --type luks /dev/fedora/work encrypted-work
Enter passphrase for /dev/fedora/work: 
Key slot 0 unlocked.
Cannot use device /dev/fedora/work which is in use (already mapped or mounted).
Command failed with code 16: Device or resource busy

Running df shows the volume is not mounted. And umount cannot unmount it.

# umount /dev/fedora/work
umount: /dev/fedora/work: not mounted

I have tried using lsof to see what process might be using the volume. There is no process using a resource called "/dev/fedora/work". I have checked for the block ID too.

# lsblk
NAME            MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
nvme0n1         259:0    0   477G  0 disk  
├─nvme0n1p1     259:1    0   500M  0 part  /boot
└─nvme0n1p2     259:2    0 476.5G  0 part  
  ├─fedora-root 253:0    0    50G  0 lvm   /
  ├─fedora-swap 253:1    0   7.6G  0 lvm   [SWAP]
  ├─fedora-home 253:2    0   400G  0 lvm   /home
  └─fedora-work 253:3    0    18G  0 lvm   
    └─work      253:4    0    18G  0 crypt 
# lsof | grep 253,3
<no result>

Can anyone explain what has happened to this volume?

edit retag flag offensive close merge delete

Comments

1

What's its status on /etc/mtab?

You could try udisksctl unlock --block-device $LUKSPARTITION udisksctl mount --block-device $PARTITION

Are any entries in your syslog related to this attempt to unlock/mount?

genodeftest gravatar imagegenodeftest ( 2016-05-06 10:59:29 -0500 )edit

No entry in /etc/mtab The udisksctl command gave me some clues.

# udisksctl unlock -b /dev/fedora/work
Passphrase: 
Error unlocking /dev/dm-3: GDBus.Error:org.freedesktop.UDisks2.Error.Failed: Device /dev/dm-3 is already unlocked as /dev/dm-4
# udisksctl lock -b /dev/fedora/work
Locked /dev/dm-3.
# cryptsetup -v open --type luks /dev/fedora/work encrypted-work
Enter passphrase for /dev/fedora/work: 
Key slot 0 unlocked.
Command successful.
# mount /dev/mapper/encrypted-work /home/work

So the disk is getting opened as a device, but not the device I expected?

hindmasj gravatar imagehindmasj ( 2016-05-08 10:42:24 -0500 )edit

I get it now! That device name matches the entry in /etc/crypttab. I had been jumping ahead of myself when reading this recipe and had misread step 5.

hindmasj gravatar imagehindmasj ( 2016-05-08 11:41:20 -0500 )edit

1 Answer

Sort by » oldest newest most voted
1

answered 2016-05-08 11:53:05 -0500

hindmasj gravatar image

The answer to my own question is that the entry in /etc/crypttab creates the entry in /dev/mapper, not the original cryptsetup command.

If your encrypted device is /dev/volume/foo and you want to mount it as /home/bar then you need these entries.

/etc/crypttab

anyvalue /dev/volume/foo - luks

/etc/fstab

/dev/mapper/anyvalue /home/bar ext4 defaults 1 2
edit flag offensive delete link more

Comments

Thanks! I created a secondary luks partition using gnome-disks and it didn't update /etc/crypttab and because I used that luks partition to extend fedora-home I was kinda panicking as I did that extension few days back and as it has been working for days (didn't reboot right after extension) it was not obvious whats wrong. This hint saved me as I never heard of this file nor did I know the linkage between the encryption prompt and this file.

nhed gravatar imagenhed ( 2018-11-02 10:53:33 -0500 )edit

Question Tools

1 follower

Stats

Asked: 2016-05-06 07:47:23 -0500

Seen: 1,537 times

Last updated: May 08 '16