Questions sur l'installation et la configuration de Manjaro Linux.
Répondre

Pbl hibernation avec swap chiffré.

#1Messageil y a 2 ans

Bonjour,
Je n'ai trouvé d'aide ni sur le forum anglophone, ni sur le forum d'arch. J'aurai peut-être plus de chance ici.

J'ai installé Manjaro avec l'installeur graphique. SSD avec /, /boot et swap de 8Go et partition /home sur DDE. Ma ram fait 4Go.

Si je tente de restaurer une session mise ne hibernation, mon PC redémarre simplement sur une session vierge.
Au démarrage ou à la restauration j'ai le message suivant :

Failed to open key files.
ERROR: resume: hibernation device ’dev/mapper/luks-fcec610d[…]
le luks-machin correspondant à mon swap.
Sauf erreur de ma part, le swap à l'air fonctionnel au démarrage.

le /etc/crypttab :

# Each mapped device will be created in /dev/mapper, so your /etc/fstab
# should use the /dev/mapper/<name> paths for encrypted devices.
#
# See crypttab(5) for the supported syntax.
#
# NOTE: Do not list your root (/) partition here, it must be set up
#       beforehand by the initramfs (/etc/mkinitcpio.conf). The same applies
#       to encrypted swap, which should be set up with mkinitcpio-openswap
#       for resume support.
#
# <name>               <device>                         <password> <options>
luks-bca40e75-a646-43ce-94bf-baa9e8465544 UUID=bca40e75-a646-43ce-94bf-baa9e8465544     /crypto_keyfile.bin luks
luks-0601a8bf-665e-43b5-a183-1a9cc8d83bc4 UUID=0601a8bf-665e-43b5-a183-1a9cc8d83bc4     /crypto_keyfile.bin luks
luks-fcec610d-0b7b-4609-9fe0-be9508822a57 UUID=fcec610d-0b7b-4609-9fe0-be9508822a57     /crypto_keyfile.bin luks
Le /etc/fstab :

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a device; this may
# be used with UUID= as a more robust way to name devices that works even if
# disks are added and removed. See fstab(5).
#
# <file system>             <mount point>  <type>  <options>  <dump>  <pass>
/dev/mapper/luks-bca40e75-a646-43ce-94bf-baa9e8465544 /home          btrfs   defaults,noatime,space_cache 0 2
UUID=94E5-C199                            /boot/efi      vfat    umask=0077 0 2
/dev/mapper/luks-0601a8bf-665e-43b5-a183-1a9cc8d83bc4 /              btrfs   subvol=/@,defaults,noatime,space_cache,ssd,compress=zstd,commit=120 0 1
/dev/mapper/luks-0601a8bf-665e-43b5-a183-1a9cc8d83bc4 /var/cache     btrfs   subvol=/@cache,defaults,noatime,space_cache,ssd,compress=zstd,commit=120 0 2
/dev/mapper/luks-0601a8bf-665e-43b5-a183-1a9cc8d83bc4 /var/log       btrfs   subvol=/@log,defaults,noatime,space_cache,ssd,compress=zstd,commit=120 0 2
/dev/mapper/luks-fcec610d-0b7b-4609-9fe0-be9508822a57 swap           swap    defaults,noatime 0 0
tmpfs                                     /tmp           tmpfs   defaults,noatime,mode=1777 0 0
Le /etc/mkinitcpio.conf :

# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run.  Advanced users may wish to specify all system modules
# in this array.  For instance:
#     MODULES=(piix ide_disk reiserfs)
MODULES="crc32c-intel"

# BINARIES
# This setting includes any additional binaries a given user may
# wish into the CPIO image.  This is run last, so it may be used to
# override the actual binaries included by a given hook
# BINARIES are dependency parsed, so you may safely ignore libraries
BINARIES=()

# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in any way.  This is useful for config files.
FILES="/crypto_keyfile.bin"

# HOOKS
# This is the most important setting in this file.  The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added.  Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
##   This setup specifies all modules in the MODULES setting above.
##   No raid, lvm2, or encrypted root is needed.
#    HOOKS=(base)
#
##   This setup will autodetect all modules for your system and should
##   work as a sane default
#    HOOKS=(base udev autodetect block filesystems)
#
##   This setup will generate a 'full' image which supports most systems.
##   No autodetection is done.
#    HOOKS=(base udev block filesystems)
#
##   This setup assembles a pata mdadm array with an encrypted root FS.
##   Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
#    HOOKS=(base udev block mdadm encrypt filesystems)
#
##   This setup loads an lvm2 volume group on a usb device.
#    HOOKS=(base udev block lvm2 filesystems)
#
##   NOTE: If you have /usr on a separate partition, you MUST include the
#    usr, fsck and shutdown hooks.
HOOKS="base udev autodetect modconf block keyboard keymap encrypt openswap resume filesystems"

# COMPRESSION
# Use this to compress the initramfs image. By default, gzip compression
# is used. Use 'cat' to create an uncompressed image.
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
#COMPRESSION="xz"
#COMPRESSION="lzop"
#COMPRESSION="lz4"
#COMPRESSION="zstd"

# COMPRESSION_OPTIONS
# Additional options for the compressor
#COMPRESSION_OPTIONS=()
Le /etc/openswap.conf :

## cryptsetup open $swap_device $crypt_swap_name
## get uuid using e.g. lsblk -f
swap_device=/dev/disk/by-uuid/fcec610d-0b7b-4609-9fe0-be9508822a57
crypt_swap_name=luks-fcec610d-0b7b-4609-9fe0-be9508822a57

## one can optionally provide a keyfile device and path on this device
## to the keyfile
keyfile_device=/dev/mapper/luks-0601a8bf-665e-43b5-a183-1a9cc8d83bc4
keyfile_filename=crypto_keyfile.bin

## additional arguments are given to mount for keyfile_device
## has to start with --options (if so desired)
#keyfile_device_mount_options="--options=subvol=__active/__"

## additional arguments are given to cryptsetup
## --allow-discards options is desired in case swap is on SSD partition
cryptsetup_options="--type luks"
Déjà tenté :
- commenter la troisième ligne dans /etc/crypttab, puisque c'est écrit en commentaire et dans le wiki que cette ligne ne devrait pas être ici. => même message au boot, plus deux trois lignes supplémentaires que je peux prendre en photo si ça peut servir. Le boot est beaucoup plus long et je n'ai pas de swap du tout au reboot.
- changer les guillemets par des parenthèse dans /etc/mkinitcpio.conf => pas d'effet
- ajouter un /etc/initcpio/hooks/openswap comme décrit dans le wiki d'arch :

run_hook ()
{
    ## Optional: To avoid race conditions
    x=0;
    while [ ! -b /dev/mapper/luks-0601a8bf-665e-43b5-a183-1a9cc8d83bc4 ] && [ $x -le 10 ]; do
       x=$((x+1))
       sleep .2
    done
    ## End of optional

    mkdir crypto_key_device
    mount /dev/mapper/luks-0601a8bf-665e-43b5-a183-1a9cc8d83bc4 crypto_key_device
    cryptsetup open --key-file crypto_key_device/crypto_keyfile.bin /dev/sdb3 luks-fcec610d-0b7b-4609-9fe0-be9508822a57
    umount crypto_key_device
}

build ()
{
   add_runscript
}
help ()
{
cat<<HELPEOF
  This opens the swap encrypted partition /dev/sdb3 in /dev/mapper/luks-fcec610d-0b7b-4609-9fe0-be9508822a57
HELPEOF
}
=> Pas d'effet.
- J'ai vérifier avec gparted que je pouvais rechiffrer/redéchiffrer le swap, ça fonctionne. Donc pas d'erreur de mot de passe ou de bétise dans le genre.

Est-ce que quelqu'un a une idée ? Pourquoi le keyfile n'est-il pas ouvert alors qu'il fonctionne très bien avec les autres partitions ?
Répondre