View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions LUKS encryption with Ubuntu 14.04
Log in to Ask a Question

LUKS encryption with Ubuntu 14.04

general

Hi all,

I currently have a Centos 6.5 setup that is LUKS encrypted and I want to create a second Linode that is Ubuntu 14.04 based and encrypted the same way. I've been following this very well done guide: ~~[http://spin.atomicobject.com/2013/03/18/linux-encryption-cloud-luks-linode/" target="_blank">](http://spin.atomicobject.com/2013/03/18 … ks-linode/">http://spin.atomicobject.com/2013/03/18/linux-encryption-cloud-luks-linode/]( on the Atomic Spin blog. I can get a working Linode using Ubuntu 12.04 LTS but when I follow the same guide but replace it with 14.04 Trusty Tahr I'm unable to enter my encryption password from the LISH console.

This is all I see:

  Booting 'Ubuntu 14.04 LTS, kernel 3.13.0-24-generic'

root  (hd0)
 Filesystem type is ext2fs, using whole disk
kernel  /vmlinuz-3.13.0-24-generic root=/dev/mapper/crypt-xvdb cryptdevice=/dev
/xvdb:crypt-xvdb console=hvc0 ro quiet splash
initrd  /initrd.img-3.13.0-24-generic

close blk: backend=/local/domain/0/backend/vbd/494/51712 node=device/vbd/51712
close blk: backend=/local/domain/0/backend/vbd/494/51728 node=device/vbd/51728
close blk: backend=/local/domain/0/backend/vbd/494/51744 node=device/vbd/51744

Unlocking the disk /dev/disk/by-uuid/0bde6bc0-f329-48a6-8609-176c85ee0da3 (crypt-xvdb)
Enter passphrase:

I can type type type and nothing happens on the console. No *'s, and enter does nothing.

Does anyone have any insights into why this might be happening?

Thanks.

1 Reply

@ilspleno:

I can get a working Linode using Ubuntu 12.04 LTS but when I follow the same guide but replace it with 14.04 Trusty Tahr I'm unable to enter my encryption password from the LISH console.
Argh. I had a detailed reply typed out, but phpBB ate it. Here's the short version: It's a bug in 14.04 that didn't exist in 13.10 or earlier. The script that asks for the password now uses the Plymouth package to actually read the password from the console. Unfortunately, Plymouth doesn't know how to read input from a Xen PV console, so it prints the password prompt and sits there forever, ignoring everything you type in LISH.

Here's a workaround I came up with. You'll need to be booted into the Finnix rescue environment and chroot'd into your Ubuntu installation.

4. Create file named /lib/cryptsetup/scripts/local.askpass and put the following two lines in it:

````
#!/bin/sh
exec /lib/cryptsetup/askpass "Enter passphrase for ${CRYPTTAB_SOURCE}: "
````

  1. Make that file executable:

    chmod 755 /lib/cryptsetup/scripts/local.askpass

  2. Edit your /etc/crypttab file. Add ,keyscript=local.askpass to the end of the line for your root device. For example, I changed…

    # <target name=""> <source device=""> <key file="">      <options>
crypt-root      /dev/xvdc       none            luks</options></key></target>

    …to…

    # <target name=""> <source device=""> <key file="">      <options>
crypt-root      /dev/xvdc       none            luks,keyscript=local.askpass</options></key></target>

  3. Rebuild the initramfs:

    update-initramfs -k all -u

  4. Cross your fingers, and try rebooting your Linode into the Ubuntu installation.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct