This is the requested “separate thread” prompted in the original discussion of THIS_TOPIC.
It boils down to:
More details in the original thread. Links below:
… and here we are!
inxi --admin --verbosity=7 --filter --no-host --width would be the minimum required information… (Personally Identifiable Information like serial numbers and MAC addresses will be filtered out by the above command)cc @freggel.doe to get you into this as you originally told OP to create a new thread.
Ah, thanks.
@cnaak, you did not answer this question, please check:
That says
/crypto_keyfile.binshould be used to unlock both those cryptdevices.
Does that unlocking of the/homecryptdevice still work with that keyfile?
Thank you for the guidance so far! I believe the (i) issue description and (ii) what I want accomplished are both plainly stated in the OP.
Please find below my inxi output:
$ inxi --admin --verbosity=7 --filter --no-host --width
System:
Kernel: 5.9.16-1-MANJARO x86_64 bits: 64 compiler: gcc v: 10.2.0
parameters: BOOT_IMAGE=/boot/vmlinuz-5.9-x86_64
root=UUID=7d129f16-68a5-4166-af3c-be36b7ba6c40 rw quiet
cryptdevice=UUID=d4d370d7-082e-437f-b4ae-84c750147f53:luks-d4d370d7-082e-437f-b4ae-84c750147f53
root=/dev/mapper/luks-d4d370d7-082e-437f-b4ae-84c750147f53 apparmor=1
security=apparmor resume=UUID=85ffc8b9-36cc-4a1d-a122-a69aa6ef2518
udev.log_priority=3 pcie_aspm=off
Desktop: Xfce 4.16.0 tk: Gtk 3.24.24 info: xfce4-panel wm: xfwm4 vt: 7
dm: LightDM 1.30.0 Distro: Manjaro Linux base: Arch Linux
Machine:
Type: Desktop Mobo: Gigabyte model: H310M H 2.0 v: x.x serial: <filter>
UEFI: American Megatrends v: F12 date: 08/13/2019
Battery:
Message: No system battery data found. Is one present?
Memory:
RAM: total: 15.58 GiB used: 2.33 GiB (14.9%)
RAM Report: permissions: Unable to run dmidecode. Root privileges required.
CPU:
Info: Quad Core model: Intel Core i3-9100F bits: 64 type: MCP
arch: Kaby Lake note: check family: 6 model-id: 9E (158) stepping: B (11)
microcode: DE cache: L2: 6 MiB bogomips: 28808
Speed: 800 MHz min/max: 800/4200 MHz Core speeds (MHz): 1: 800 2: 800 3: 800
4: 800
Flags: 3dnowprefetch abm acpi adx aes aperfmperf apic arat arch_perfmon art
avx avx2 bmi1 bmi2 bts clflush clflushopt cmov constant_tsc cpuid
cpuid_fault cx16 cx8 de ds_cpl dtes64 dtherm dts ept ept_ad erms est f16c
flexpriority flush_l1d fma fpu fsgsbase fxsr ht hwp hwp_act_window hwp_epp
hwp_notify ibpb ibrs ida intel_pt invpcid invpcid_single lahf_lm lm mca mce
md_clear mmx monitor movbe mpx msr mtrr nonstop_tsc nopl nx pae pat pbe pcid
pclmulqdq pdcm pdpe1gb pebs pge pln pni popcnt pse pse36 pti pts rdrand
rdseed rdtscp rep_good sdbg sep smap smep ss ssbd sse sse2 sse4_1 sse4_2
ssse3 stibp syscall tm tm2 tpr_shadow tsc tsc_adjust tsc_deadline_timer vme
vmx vnmi vpid x2apic xgetbv1 xsave xsavec xsaveopt xsaves xtopology xtpr
Vulnerabilities: Type: itlb_multihit status: KVM: VMX disabled
Type: l1tf
mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled
Type: mds mitigation: Clear CPU buffers; SMT disabled
Type: meltdown mitigation: PTI
Type: spec_store_bypass
mitigation: Speculative Store Bypass disabled via prctl and seccomp
Type: spectre_v1
mitigation: usercopy/swapgs barriers and __user pointer sanitization
Type: spectre_v2 mitigation: Full generic retpoline, IBPB: conditional,
IBRS_FW, STIBP: disabled, RSB filling
Type: srbds mitigation: Microcode
Type: tsx_async_abort status: Not affected
Graphics:
Device-1: NVIDIA GK208B [GeForce GT 710] driver: nvidia v: 460.73.01
alternate: nouveau,nvidia_drm bus-ID: 01:00.0 chip-ID: 10de:128b
class-ID: 0300
Display: x11 server: X.Org 1.20.11 driver: loaded: nvidia display-ID: :0.0
screens: 1
Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x286mm (20.0x11.3")
s-diag: 583mm (23")
Monitor-1: HDMI-0 res: 1920x1080 hz: 60 dpi: 55 size: 885x498mm (34.8x19.6")
diag: 1015mm (40")
OpenGL: renderer: GeForce GT 710/PCIe/SSE2 v: 4.6.0 NVIDIA 460.73.01
direct render: Yes
Audio:
Device-1: Intel 200 Series PCH HD Audio vendor: Gigabyte
driver: snd_hda_intel v: kernel bus-ID: 00:1f.3 chip-ID: 8086:a2f0
class-ID: 0403
Device-2: NVIDIA GK208 HDMI/DP Audio driver: snd_hda_intel v: kernel
bus-ID: 01:00.1 chip-ID: 10de:0e0f class-ID: 0403
Sound Server-1: ALSA v: k5.9.16-1-MANJARO running: yes
Sound Server-2: sndio v: N/A running: no
Sound Server-3: JACK v: 0.125.0 running: no
Sound Server-4: PulseAudio v: 14.2 running: yes
Sound Server-5: PipeWire v: 0.3.26 running: no
Network:
Device-1: Realtek RTL8192EE PCIe Wireless Network Adapter driver: rtl8192ee
v: kernel port: d000 bus-ID: 03:00.0 chip-ID: 10ec:818b class-ID: 0280
IF: wlp3s0 state: up mac: <filter>
IP v4: <filter> type: dynamic noprefixroute scope: global
broadcast: <filter>
IP v6: <filter> type: dynamic noprefixroute scope: global
IP v6: <filter> type: noprefixroute scope: link
Device-2: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet
vendor: Gigabyte driver: r8169 v: kernel port: c000 bus-ID: 05:00.0
chip-ID: 10ec:8168 class-ID: 0200
IF: enp5s0 state: down mac: <filter>
WAN IP: <filter>
Bluetooth:
Message: No bluetooth data found.
Logical:
Message: No logical block device data found.
Device-1: luks-bd4c91ef-b67b-4d8c-a73d-f8f8642b867b maj-min: 254:1
type: LUKS dm: dm-1 size: 931.51 GiB
Components:
p-1: sda1 maj-min: 8:1 size: 931.51 GiB
Device-2: luks-d4d370d7-082e-437f-b4ae-84c750147f53 maj-min: 254:0
type: LUKS dm: dm-0 size: 155.57 GiB
Components:
p-1: sdb3 maj-min: 8:19 size: 155.57 GiB
RAID:
Message: No RAID data found.
Drives:
Local Storage: total: 1.13 TiB used: 696.72 GiB (60.3%)
SMART Message: Required tool smartctl not installed. Check --recommends
ID-1: /dev/sda maj-min: 8:0 vendor: Seagate model: ST1000DM010-2EP102
size: 931.51 GiB block-size: physical: 4096 B logical: 512 B speed: 6.0 Gb/s
rotation: 7200 rpm serial: <filter> rev: CC43 scheme: GPT
ID-2: /dev/sdb maj-min: 8:16 vendor: Western Digital
model: WDS240G2G0A-00JH30 size: 223.57 GiB block-size: physical: 512 B
logical: 512 B speed: 6.0 Gb/s rotation: SSD serial: <filter> rev: 0400
scheme: GPT
Message: No optical or floppy data found.
Partition:
ID-1: / raw-size: 155.57 GiB size: 152.13 GiB (97.79%)
used: 42.51 GiB (27.9%) fs: ext4 dev: /dev/dm-0 maj-min: 254:0
mapped: luks-d4d370d7-082e-437f-b4ae-84c750147f53 label: N/A
uuid: 7d129f16-68a5-4166-af3c-be36b7ba6c40
ID-2: /boot/efi raw-size: 4 GiB size: 3.99 GiB (99.80%) used: 424 KiB (0.0%)
fs: vfat dev: /dev/sdb2 maj-min: 8:18 label: N/A uuid: 50B3-509E
ID-3: /home raw-size: 931.51 GiB size: 915.89 GiB (98.32%)
used: 654.21 GiB (71.4%) fs: ext4 dev: /dev/dm-1 maj-min: 254:1
mapped: luks-bd4c91ef-b67b-4d8c-a73d-f8f8642b867b label: N/A
uuid: 5e60496a-8abb-4130-b96e-7a2f3ef1bc44
Swap:
Kernel: swappiness: 60 (default) cache-pressure: 100 (default)
ID-1: swap-1 type: partition size: 64 GiB used: 0 KiB (0.0%) priority: -2
dev: /dev/sdb1 maj-min: 8:17 label: N/A
uuid: 85ffc8b9-36cc-4a1d-a122-a69aa6ef2518
Unmounted:
Message: No unmounted partitions found.
USB:
Hub-1: 1-0:1 info: Full speed (or root) Hub ports: 10 rev: 2.0
speed: 480 Mb/s chip-ID: 1d6b:0002 class-ID: 0900
Device-1: 1-7:2 info: USB OPTICAL MOUSE type: Mouse
driver: hid-generic,usbhid interfaces: 1 rev: 1.1 speed: 1.5 Mb/s
power: 100mA chip-ID: 275d:0ba6 class-ID: 0301
Device-2: 1-8:3 info: Megawin Defender Gaming Keyboard type: Keyboard
driver: hid-generic,usbhid interfaces: 2 rev: 1.1 speed: 1.5 Mb/s
power: 100mA chip-ID: 0e6a:02c0 class-ID: 0301
Hub-2: 2-0:1 info: Full speed (or root) Hub ports: 4 rev: 3.0 speed: 5 Gb/s
chip-ID: 1d6b:0003 class-ID: 0900
Sensors:
System Temperatures: cpu: 27.8 C mobo: 16.8 C gpu: nvidia temp: 34 C
Fan Speeds (RPM): N/A gpu: nvidia fan: 40%
Info:
Processes: 230 Uptime: 37m wakeups: 0 Init: systemd v: 247 tool: systemctl
Compilers: gcc: 10.2.0 alt: 8/9 clang: 11.1.0 Packages: 1900 pacman: 1896
lib: 461 flatpak: 0 snap: 4 Shell: Bash v: 5.1.0 running-in: screen
inxi: 3.3.04
As far as I know, I do not have BIOS/UEFI password setup (I do not need to enter any password if I want to change boot settings, etc.).
As stated, the different behavior (asking for partition password TWICE instead of ONCE), began after a Stable update.
How do I go about checking this (in a “hold my hand” style)?
You might want to read up on how LUKS works and is handled so you are able understand and troubleshoot problems:
https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system
$ man cryptsetup
Do not open the cryptdevice to check when booting the system. You need unencrypted root filesystem as the keyfile resides there or you copy it when the system is running to an unencrypted device.
Boot from live usb if you do not know how or cannot get the system to boot without opening.
Then try to open the cryptdevice with the mentioned keyfile
$ sudo cryptsetup open --type luks UUID=bd4c91ef-b67b-4d8c-a73d-f8f8642b867b luks-bd4c9 --key-file /crypto_keyfile.bin
$ sudo cryptsetup open --type luks UUID=d4d370d7-082e-437f-b4ae-84c750147f53 luks-d4d37 --key-file /crypto_keyfile.bin
If both commands work without any further output the keyfile works and is accepted. You should see devices /dev/mapper/luks-bd4c9 and / dev/mapper/luks-d4d37 afterwards.
Thank you, @freggel.doe , I’ll report back as soon as I get a better grip on your instructions and do the tests. I’ll likely choose the USB boot option.
In the mean time, I’ve noticed something that can possibly change the course of investigation.
I’ve notived that I’m being asked the password for the UUID=d4d370d7... partition TWICE: before and after GRUB, and never being asked for the other partition.
I wonder whether the booting setup is: (1) mounting, (2) un-mounting, and then (3) re-mounting the UUID=d4d370d7... partition, or somehow forgetting/deleting/de-caching the provided password, to be asking it twice?
Best regards.