cryptsetup hanging?
Anyone ever have cryptsetup just start hanging after entering password on boot? This seems like it’s going to be a fun issue to try to resolve…
Anyone ever have cryptsetup just start hanging after entering password on boot? This seems like it’s going to be a fun issue to try to resolve…
michael_palmer, Today it happened for the first time for me. I use arch btw.
krolden, (edited ) How long do you wait before you declare it hung?
Sometimes decryption takes up to a minute depending on your system specs and optimizations.
I suggest booting from a live disc and trying to unlock it from there.
wesker, 10m is when I throw my hands up. Normally it takes under 20s.
drwho, That’s more than a reasonable period of time to wait.
Can you run a SMART check on the drive from a liveCD? memtest86?
wesker, An extended test using
nvme-cli
showed zero errors. I’ll try memtest later today.
krolden, Paste the output of
cryptsetup benchmark
wesker, <span style="color:#323232;"># Tests are approximate using memory only (no storage IO). </span><span style="color:#323232;">PBKDF2-sha1 2957901 iterations per second for 256-bit key </span><span style="color:#323232;">PBKDF2-sha256 4946113 iterations per second for 256-bit key </span><span style="color:#323232;">PBKDF2-sha512 1945410 iterations per second for 256-bit key </span><span style="color:#323232;">PBKDF2-ripemd160 1123875 iterations per second for 256-bit key </span><span style="color:#323232;">PBKDF2-whirlpool 773286 iterations per second for 256-bit key </span><span style="color:#323232;">argon2i 8 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time) </span><span style="color:#323232;">argon2id 8 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time) </span><span style="color:#323232;"># Algorithm | Key | Encryption | Decryption </span><span style="color:#323232;"> aes-cbc 128b 1794.0 MiB/s 6427.8 MiB/s </span><span style="color:#323232;"> serpent-cbc 128b 107.4 MiB/s 765.7 MiB/s </span><span style="color:#323232;"> twofish-cbc 128b 275.7 MiB/s 498.2 MiB/s </span><span style="color:#323232;"> aes-cbc 256b 1392.5 MiB/s 5266.3 MiB/s </span><span style="color:#323232;"> serpent-cbc 256b 114.8 MiB/s 798.4 MiB/s </span><span style="color:#323232;"> twofish-cbc 256b 284.6 MiB/s 498.7 MiB/s </span><span style="color:#323232;"> aes-xts 256b 5290.1 MiB/s 5322.6 MiB/s </span><span style="color:#323232;"> serpent-xts 256b 697.6 MiB/s 635.9 MiB/s </span><span style="color:#323232;"> twofish-xts 256b 403.4 MiB/s 413.4 MiB/s </span><span style="color:#323232;"> aes-xts 512b 4070.4 MiB/s 4048.9 MiB/s </span><span style="color:#323232;"> serpent-xts 512b 664.6 MiB/s 642.0 MiB/s </span><span style="color:#323232;"> twofish-xts 512b 417.6 MiB/s 421.7 MiB/s </span>
krolden, how about
systemd-analyze
andcryptsetup luksDump <lukspart> | grep Slot
wesker, I’m not using systemd. Grepping on
Slot
doesn’t return any results.<span style="color:#323232;">LUKS header information </span><span style="color:#323232;">Version: 2 </span><span style="color:#323232;">Epoch: 3 </span><span style="color:#323232;">Metadata area: 16384 [bytes] </span><span style="color:#323232;">Keyslots area: 16744448 [bytes] </span><span style="color:#323232;">UUID: <redacted> </span><span style="color:#323232;">Label: (no label) </span><span style="color:#323232;">Subsystem: (no subsystem) </span><span style="color:#323232;">Flags: (no flags) </span><span style="color:#323232;"> </span><span style="color:#323232;">Data segments: </span><span style="color:#323232;"> 0: crypt </span><span style="color:#323232;"> offset: 16777216 [bytes] </span><span style="color:#323232;"> length: (whole device) </span><span style="color:#323232;"> cipher: aes-xts-plain64 </span><span style="color:#323232;"> sector: 512 [bytes] </span><span style="color:#323232;"> </span><span style="color:#323232;">Keyslots: </span><span style="color:#323232;"> 0: luks2 </span><span style="color:#323232;"> Key: 512 bits </span><span style="color:#323232;"> Priority: normal </span><span style="color:#323232;"> Cipher: aes-xts-plain64 </span><span style="color:#323232;"> Cipher key: 512 bits </span><span style="color:#323232;"> PBKDF: argon2id </span><span style="color:#323232;"> Time cost: 8 </span><span style="color:#323232;"> Memory: 1048576 </span><span style="color:#323232;"> Threads: 4 </span><span style="color:#323232;"> Salt: <redacted> </span><span style="color:#323232;"> AF stripes: 4000 </span><span style="color:#323232;"> AF hash: sha512 </span><span style="color:#323232;"> Area offset:32768 [bytes] </span><span style="color:#323232;"> Area length:258048 [bytes] </span><span style="color:#323232;"> Digest ID: 0 </span>
ironclad_chomskyan,
lemmyreader, Boot with previous kernel ? If fail, boot from Linux live, connect, mount, make backups, and try to fix.
wesker, Oddly, after a few tries I managed to get past. I religiously back things up, and just last night pushed all my current dots.
I’m gonna run some drive diagnostics. If everything looks good, I’ll just repartition and take this as a sign to only use encryption on secondary drives where I backup sensitive info.
haui_lemmy, I really need to get into pushing dot files. Every time I think „its not going to be that much“. Then I install a new system and like 20 apps, then I fiddle here and there. After a couple weeks I def rack up one or more hours of config.
wesker, (edited ) My protip is to use symlinks, and then just keep all your dots in a project folder. Makes it super easy to keep iterating on them in realtime, and pushing changes.
haui_lemmy, Thats neat! Thanks for the suggestion. I‘ll try that. Currently am experimenting on libraries with my coding stuff.
sun_is_ra, It could also be a disk problem. I second the backup suggestion
wesker, This is my main concern.
krolden, How could you boot a different kernel if you can’t unlock the drive?
Violet_McQuasional, Isn’t it quite common to have /boot on an unencrypted partition?
krolden, Oh yeah duh
Add comment