[PowaBanga]

Hi everybody,
I had on my raspberrypi3 2 HDD. One is a simple 4To formated in ext4, the other is a 500Go crypted with luks.
I had no problem to mount them with crypttab and fstab.

Today, i have a raspberrypi4, i want to mount my hdd on. So, i edited my cryptab and fstab files on my rpi4 in the same way as my rpi3. If I comment the lines about my HDD 500 Go, the rpi4 start normaly, but if I uncomment them, the rpi4 ask to me my password on start. I do not have any keyboard for now, so I can't type it myself.

Me, I need my HDD 500Go on my rpi4, so it's a problem.

Here is my cryptab :
$this->bbcode_second_pass_code('', '
# Configuration for encrypted block devices.
# See crypttab(5) for details.

# NOTE: Do not list your root (/) partition here, it must be set up
# beforehand by the initramfs (/etc/mkinitcpio.conf).

# <name> <device> <password> <options>
# home UUID=b8ad5c18-f445-495d-9095-c9ec4f9d2f37 /etc/mypassword1
# data1 /dev/sda3 /etc/mypassword2
# data2 /dev/sda5 /etc/cryptfs.key
# swap /dev/sdx4 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256
# vol /dev/sdb7 none
#500go PARTUUID=0004a183-01 /etc/500go')

I put my password in the file "/etc/500go", it was working on rpi3.
$this->bbcode_second_pass_code('', 'my fstab

cat /etc/fstab
# Static information about the filesystems.
# See fstab(5) for details.

# <file system> <dir> <type> <options> <dump> <pass>
/dev/mmcblk0p1 /boot vfat defaults 0 0
PARTUUID=1a9b99a2-06a8-4050-85d2-5c9ad30955f1 /media/4to ext4 defaults0 0
#/dev/mapper/500go /media/Mypassport ext4 defaults 0 0
/media/4to /home/powabanga/4to none defaults,bind 0 0
#/media/Mypassport /home/powabanga/500go none default,bind 0 0')

luksdump on my HDD 500Go

$this->bbcode_second_pass_code('', 'cryptsetup luksDump /dev/sdb1
LUKS header information for /dev/sdb1

Version: 1
Cipher name: aes
Cipher mode: xts-plain64
Hash spec: sha256
Payload offset: 4096
MK bits: 256
MK digest: a2 51 a7 d0 b2 30 64 d6 63 dc 93 17 58 79 1c 2e 0f 0d 4b 3d
MK salt: cd 96 be b3 fe 0a 2c a7 b6 02 c9 3a f9 18 c4 b0
8d b3 e7 00 6f 10 e5 f0 46 5f 6e ce 47 ba 55 b7
MK iterations: 173750
UUID: e00ea308-5aba-47e3-a8e6-8e6cd6760b50

Key Slot 0: ENABLED
Iterations: 1368982
Salt: 8a 67 26 4d 2b cc a9 c6 b0 5d a2 30 d6 63 00 b7
8c 18 31 2f 91 c2 e3 81 ce 6a 0e 59 23 f6 a3 a1
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED')
$this->bbcode_second_pass_code('', '
ls -l /etc/500go
-rwxrwxrwx 1 root root 15 Feb 18 17:02 /etc/500go
')
If anybody can help, you really are welcome ! smile

[ufo6000]

$this->bbcode_second_pass_quote('', '
')I put my password in the file "/etc/500go", it was working on rpi3.

[PowaBanga]

the last line is yet the reference to ththe /etc/500go file no ?

[ufo6000]

yes, sorry, I have not seen the last line

What happens, if you boot with disabled crypttab, and then invoke later the manual encryption, e,g, remote over ssh:

sudo cryptsetup open /dev/disk/by-partuuid/0004a183-01 500go --key-file /etc/500go

where PARTUUID=0004a183-01 from crypttab syntax matches /dev/disk/by-partuuid/0004a183-01 here.

[PowaBanga]

So, i precise, my password is wrotte in clear in the file /etc/500go ...
$this->bbcode_second_pass_code('', 'cryptsetup open /dev/disk/by-partuuid/0004a183-01 500go --key-file /etc/500go
No key available with this passphrase.')

[ufo6000]

a) check out, if you are affected by this bug, long password + specific kernel version:
https://gitlab.com/cryptsetup/cryptsetup/-/issues/627

b) check, if you have migrated the password from old to new system correct.
Did you copy the file or did you re-created it with an editor ?
compare "md5sum -b /etc/500go" on old versus new system.