Join Log in
Score:3
Thystra avatar Ubuntu

Encrypted swap - changing hard drive

mg flag
Thystra

I followed this guide some time ago to set up my system (ubuntu 22.10) on an encrypted ZFS file system, and all worked fine. Part of the guide is to encrypt the swap partition.

Then, I upgraded the primary (swap, boot) drive to a larger one. I had cloned the disk over with clonezilla, which was also fine.

On reboot, I got an error as shown below:

cryptsetup error message

It is pointing to the now removed hard drive swap partition. I updated crypttab to point to the new hard drive's swap partition.

How do I remove/resolve the error?

FSTAB entry for swap:

/dev/mapper/swap none swap defaults 0 0

crypttab entry (reflecting the new SSD)

swap /dev/disk/by-id/nvme-nvme.c0a9-323235324536393636464333-43543430303050335053534438-00000001-part3 /dev/urandom     swap,cipher=aes-xts-plain64,size=256,plain

I tried running ecryptfs-setup-swap with the below results:

$ sudo ecryptfs-setup-swap
WARNING: [/dev/dm-0] already appears to be encrypted, skipping.
WARNING: There were no usable swap devices to be encrypted.  Exiting.

$ sudo cryptsetup status swap
/dev/mapper/swap is active and is in use.
  type:    PLAIN
  cipher:  aes-xts-plain64
  keysize: 256 bits
  key location: dm-crypt
  device:  /dev/nvme0n1p3
  sector size:  512
  offset:  0 sectors
  size:    8388608 sectors
  mode:    read/write

Disk by ID

lrwxrwxrwx 1 root root 10 Mar  2 11:42 dm-name-swap -> ../../dm-0
lrwxrwxrwx 1 root root 10 Mar  2 11:42 dm-uuid-CRYPT-PLAIN-swap -> ../../dm-0
lrwxrwxrwx 1 root root 13 Mar  2 11:42 nvme-CT4000P3PSSD8_2240E671E0D3 -> ../../nvme1n1
lrwxrwxrwx 1 root root 15 Mar  2 11:42 nvme-CT4000P3PSSD8_2240E671E0D3-part1 -> ../../nvme1n1p1
lrwxrwxrwx 1 root root 15 Mar  2 11:42 nvme-CT4000P3PSSD8_2240E671E0D3-part9 -> ../../nvme1n1p9
lrwxrwxrwx 1 root root 13 Mar  2 11:42 nvme-CT4000P3PSSD8_2252E6966FC3 -> ../../nvme0n1
lrwxrwxrwx 1 root root 15 Mar  2 11:42 nvme-CT4000P3PSSD8_2252E6966FC3-part1 -> ../../nvme0n1p1
lrwxrwxrwx 1 root root 15 Mar  2 11:42 nvme-CT4000P3PSSD8_2252E6966FC3-part2 -> ../../nvme0n1p2
lrwxrwxrwx 1 root root 15 Mar  2 11:42 nvme-CT4000P3PSSD8_2252E6966FC3-part3 -> ../../nvme0n1p3
lrwxrwxrwx 1 root root 15 Mar  2 11:42 nvme-CT4000P3PSSD8_2252E6966FC3-part4 -> ../../nvme0n1p4
lrwxrwxrwx 1 root root 13 Mar  2 11:42 nvme-nvme.c0a9-323234304536373145304433-43543430303050335053534438-00000001 -> ../../nvme1n1
lrwxrwxrwx 1 root root 15 Mar  2 11:42 nvme-nvme.c0a9-323234304536373145304433-43543430303050335053534438-00000001-part1 -> ../../nvme1n1p1
lrwxrwxrwx 1 root root 15 Mar  2 11:42 nvme-nvme.c0a9-323234304536373145304433-43543430303050335053534438-00000001-part9 -> ../../nvme1n1p9
lrwxrwxrwx 1 root root 13 Mar  2 11:42 nvme-nvme.c0a9-323235324536393636464333-43543430303050335053534438-00000001 -> ../../nvme0n1
lrwxrwxrwx 1 root root 15 Mar  2 11:42 nvme-nvme.c0a9-323235324536393636464333-43543430303050335053534438-00000001-part1 -> ../../nvme0n1p1
lrwxrwxrwx 1 root root 15 Mar  2 11:42 nvme-nvme.c0a9-323235324536393636464333-43543430303050335053534438-00000001-part2 -> ../../nvme0n1p2
lrwxrwxrwx 1 root root 15 Mar  2 11:42 nvme-nvme.c0a9-323235324536393636464333-43543430303050335053534438-00000001-part3 -> ../../nvme0n1p3
lrwxrwxrwx 1 root root 15 Mar  2 11:42 nvme-nvme.c0a9-323235324536393636464333-43543430303050335053534438-00000001-part4 -> ../../nvme0n1p4

Disk by part label

lrwxrwxrwx 1 root root 15 Mar  2 11:42 Boot -> ../../nvme0n1p2
lrwxrwxrwx 1 root root 15 Mar  2 11:42 EFI -> ../../nvme0n1p1
lrwxrwxrwx 1 root root 15 Mar  2 11:42 Pool -> ../../nvme0n1p4
lrwxrwxrwx 1 root root 15 Mar  2 11:42 Swap -> ../../nvme0n1p3
lrwxrwxrwx 1 root root 15 Mar  2 11:42 zfs-1deacc253f223e81 -> ../../nvme1n1p1

Output of: $ sudo systemctl --type swap -all

 UNIT                                                                      LOAD   ACTIVE SUB    DESCRIPTION                                           
  dev-disk-by\x2did-dm\x2dname\x2dswap.swap                                 loaded active active /dev/disk/by-id/dm-name-swap
  dev-disk-by\x2did-dm\x2duuid\x2dCRYPT\x2dPLAIN\x2dswap.swap               loaded active active /dev/disk/by-id/dm-uuid-CRYPT-PLAIN-swap
  dev-disk-by\x2dlabel-swap.swap                                            loaded active active /dev/disk/by-label/swap
  dev-disk-by\x2duuid-1c32cf08\x2d4817\x2d4be4\x2d8c40\x2deeafe60330c1.swap loaded active active /dev/disk/by-uuid/1c32cf08-4817-4be4-8c40-eeafe60330c1
  dev-dm\x2d0.swap                                                          loaded active active /dev/dm-0
  dev-mapper-swap.swap                                                      loaded active active /dev/mapper/swap

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.
6 loaded units listed.
To show all installed unit files use 'systemctl list-unit-files'.


$ sudo systemctl --type swap
  UNIT                 LOAD   ACTIVE SUB    DESCRIPTION     
  dev-mapper-swap.swap loaded active active /dev/mapper/swap

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.
1 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
175
1 + 13
zfs
Raffa avatar
jp flag
Raffa
What is the output of `sudo cryptsetup status swap` ?
0
Reply
Thystra avatar
mg flag
Thystra
Added to the bottom
0
Reply
Raffa avatar
jp flag
Raffa
**Double check** `/dev/nvme0n1p3` is your swap partition ... Then, change the device part in crypttab from `/dev/disk/by-id/nvme-nvme.c0a9-...-part3` to just `/dev/nvme0n1p3` then reboot and see if this solves the issue ... The reason I advise you to change to partition name is that partition ID is probably not constant in your case ... please see e.g. https://wiki.archlinux.org/title/dm-crypt/Swap_encryption
0
Reply
ArrayBolt3 avatar
ls flag
ArrayBolt3
This looks like a problem with ZFS trying to find the drive it came from - I think you'll need to somehow change it to point to the new drive.
0
Reply
Thystra avatar
mg flag
Thystra
I added the info on parts and changed it to the /dev/disk/partition, although that didn't have any direct effect.
0
Reply
Thystra avatar
mg flag
Thystra
ZFS isn't loaded yet, it is cryptsetup that is specifically calling for the old WDC drive. Where does cryptsetup have configuration that would call for it, outside of /etc/crypttab?
0
Reply
Raffa avatar
jp flag
Raffa
Probably from a systemd unit ... See for example https://askubuntu.com/a/1452122/968501
0
Reply
Thystra avatar
mg flag
Thystra
That doesn't appear to be it - added systemctl output above.
0
Reply
Raffa avatar
jp flag
Raffa
*"That doesn't appear to be it"* ... Oh that appears to be it from where I stand :) ... If all the swap you configured is that one partition, then you should only have one of those.
0
Reply
Thystra avatar
mg flag
Thystra
I added the base command (not -all). Nothing in there is calling out /dev/disk/by-id/nvme-WDC..... (the disk that was removed). It is pointing to /dev/mapper/swap, which is ultimately pointing to dm-0.
0
Reply
Thystra avatar
mg flag
Thystra
I also disabled swap by disabling entries in crypttab and fstab. Error still occurs, so it's not the swap entries.
0
Reply
Raffa avatar
jp flag
Raffa
Okay … `update-initramfs -u -k …` go back to your linked guide and run that part then run `update-grub`
1
Reply
Raffa avatar
jp flag
Raffa
See this: https://askubuntu.com/a/1161575
0
Reply
Score:1
Thystra avatar Ubuntu
mg flag
Thystra 
sudo update-initramfs -u -k all
sudo update-grub

resolved the issue! Thanks @Raffa

+ 1
Raffa avatar
jp flag
Raffa
+1 ... Well done!
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.