LE 10.0 added lvm2, luks (dm-crypt, veracrypt), mdraid, ext4 encryption

    Hi,

    I got an error when try to open a bitlocker crypted device using this command

    cryptsetup open /dev/sda1 disk1 --type bitlk --key-file /storage/netizens/key.txt

    on LibreELEC OS

    the error is

    device-mapper: reload ioctl on disk1 (254:0) failed: Invalid argument

    this not happen when try this command on Raspbian OS and I can mount and read crypted SD content with any problem

    I really hope you can help me

    thank you

    Luca

    this is the --debug output:

    # cryptsetup 2.3.7 processing "cryptsetup open /dev/sda1 disk1 --type bitlk --de bug --key-file /storage/netizens/key.txt"

    # Running command open.

    # Locking memory.

    # Installing SIGINT/SIGTERM handler.

    # Unblocking interruption on signal.

    # Allocating context for crypt device /dev/sda1.

    # Trying to open and read device /dev/sda1 with direct-io.

    # Initialising device-mapper backend library.

    # Trying to load BITLK crypt type from device /dev/sda1.

    # Crypto backend (OpenSSL 1.1.1k 25 Mar 2021) initialized in cryptsetup library version 2.3.7.

    # Detected kernel Linux 5.10.110 aarch64.

    # BITLK type from GUID: normal.

    # Reading BITLK FVE metadata of size 112 on device /dev/sda1, offset 37748736.

    # Reading BITLK FVE metadata entries of size 770 on device /dev/sda1, offset 377 48848.

    # File descriptor passphrase entry requested.

    # Activating volume disk1 [keyslot -1] using passphrase.

    # dm version [ opencount flush ] [16384] (*1)

    # dm versions [ opencount flush ] [16384] (*1)

    # Detected dm-ioctl version 4.43.0.

    # Detected dm-crypt version 1.22.0.

    # Device-mapper backend running with UDEV support enabled.

    # dm status disk1 [ opencount noflush ] [16384] (*1)

    # Trying to decrypt VMK protected with passphrase.

    # Calculated device size is 62349312 sectors (RW), offset 0.

    # Trying to activate BITLK on device /dev/sda1 with name disk1.

    # DM-UUID is CRYPT-BITLK-disk1

    # Udev cookie 0xd4dbb63 (semid 2) created

    # Udev cookie 0xd4dbb63 (semid 2) incremented to 1

    # Udev cookie 0xd4dbb63 (semid 2) incremented to 2

    # Udev cookie 0xd4dbb63 (semid 2) assigned to CREATE task(0) with flags DISABLE_ LIBRARY_FALLBACK (0x20)

    # dm create disk1 CRYPT-BITLK-disk1 [ opencount flush ] [16384] (*1)

    # dm reload (254:0) [ opencount flush securedata ] [16384] (*1)

    device-mapper: reload ioctl on disk1 (254:0) failed: Invalid argument

    # Udev cookie 0xd4dbb63 (semid 2) decremented to 1

    # Udev cookie 0xd4dbb63 (semid 2) incremented to 2

    # Udev cookie 0xd4dbb63 (semid 2) assigned to REMOVE task(2) with flags DISABLE_ LIBRARY_FALLBACK (0x20)

    # dm remove disk1 [ opencount flush securedata ] [16384] (*1)

    # dm versions [ opencount flush ] [16384] (*1)

    # dm status disk1 [ opencount noflush ] [16384] (*1)

    # Udev cookie 0xd4dbb63 (semid 2) decremented to 1

    # Udev cookie 0xd4dbb63 (semid 2) waiting for zero

    # Udev cookie 0xd4dbb63 (semid 2) destroyed

    # Releasing crypt device /dev/sda1 context.

    # Releasing device-mapper backend.

    # Closing read only fd for /dev/sda1.

    # Unlocking memory.

    Command failed with code -1 (wrong or missing parameters).

    Sorry I have no idea how to help you. Never really used bitlocker on Linux except for a short test.

    Can you compare debug output from raspbian and LE. Also probably version numbers of lvm2, cryptsetup and openssl. But that is just poking in the dark.

    10.0 channel does not appear in the update channels, only 9.2

    Could you please fix the JSON stuff so that it appears and I can upgrade from the official 10.0 channel?

    Thank you

    I just migrated to 10.0 from 9.2 where my encrypted disks / setup was working corrrectly.

    On 10.0 it does not works. For some reason, /dev/mapper is not populated.

    When I check in journalctl -xe, I can see systemd-cryptsetup-generator exiting with error code 127:

    Oct 03 21:28:18 LibreELEC systemd[1]: Reloading.

    Oct 03 21:28:18 LibreELEC systemd[960]: /usr/lib/systemd/system-generators/systemd-cryptsetup-generator failed with exit status 127.

    Oct 03 21:29:56 LibreELEC systemd[1]: dev-mapper-luks\x2d1610e63e\x2de78a\x2d48e9\x2da3f1\x2d25a073dfc0ce.device: Job dev-mapper-luks\x2d1610e63e\x2de78a\x2d48e9\x2da3f1\x2d25a073dfc0ce.device/start timed out.

    Oct 03 21:29:56 LibreELEC systemd[1]: Timed out waiting for device /dev/mapper/luks-1610e63e-e78a-48e9-a3f1-25a073dfc0ce.

    Oct 03 21:29:56 LibreELEC systemd[1]: Dependency failed for luks mount for Kodi 1610e63e-e78a-48e9-a3f1-25a073dfc0ce.

    Doing some testing from ssh, we can spot some missing dependency in the binary (or at least, what looks like bad rpath, or /lib/systemd missing from the lib paths):

    LibreELEC:~/.config/system.d # "/usr/lib/systemd/system-generators/systemd-cryptsetup-generator" --help

    /usr/lib/systemd/system-generators/systemd-cryptsetup-generator: error while loading shared libraries: libsystemd-shared-247.so: cannot open shared object file: No such file or directory

    LibreELEC:~/.config/system.d # find /lib/ -iname 'libsystemd*'

    /lib/libsystemd-shared-242.so

    /lib/libsystemd.so

    /lib/libsystemd.so.0

    /lib/libsystemd.so.0.30.0

    /lib/systemd/libsystemd-shared-247.so

    LibreELEC:~/.config/system.d # ldd /usr/lib/systemd/system-generators/systemd-cryptsetup-generator

    linux-vdso.so.1 (0x7ee9a000)

    /usr/lib/libarmmem-v7l.so (0x76fb5000)

    libsystemd-shared-247.so => not found

    libc.so.6 => /usr/lib/libc.so.6 (0x76e75000)

    /lib/ld-linux-armhf.so.3 => /usr/lib/ld-linux-armhf.so.3 (0x76fca000)

    If I try to add /lib/systemd path in LD_LIBRARY_PATH in my shell, then I can call the tool without an error, still the system is broken and can't show my devices.

    EDIT: By the way, is it normal to have multiple version of the same lib ? libsystemd-shared[242|247].so ?

    I'm running on a RPI3 device.

    Quote from sky42

    fourbian you did not miss anythimg. There is a bug in my RPi4 image and Lenoxi find it and wrote me. I missed the change of kernel config file as RPi4 kernel changed to 64 bit and my autodetect is looking in the wrong kernel config to see if encryption is enabled.

    I will fix that.

    The cryptsetup tools are missing as well on the RPi2/3 builds :(

    Edited once, last by pasnox: Even after sky42 upgrade cryptsetup tools are still missing. (October 20, 2022 at 6:15 PM).

    Hi,

    Have downloaded and put this on a 32Gb SD card for my Raspberry PI 4 8Gb
    When it boots it should expand the partition to the full 32Gb, but on the first boot the message "Resizing is not permitted - the system has already been initialised." is displayed.

    So I downloaded the standard LibreELEC-RPi4.arm-10.0.2.img.gz and sure enough it works - second partition correctly resized to use all 32Gb

    Update: Re did the image, booted onto a USB, manually expanded the second partition & file system and all good.

    Now onto the next problem.

    How to get LVMs to mount during boot?
    I keep getting a timeout waiting for the LVM device to appear /dev/storage2/repository2

    I can get them to work with system.d configure if I execute it via ssh login.

    Tried converting it to a service, but that didn't work either.

    I can't find the lvm mapper service running

    Thanks,

    Neeto

    Apologies if it's a dumb question, but I have never used lvm2 in the past. I want to use this fork to "join" two physical HDD into a single LV. If I do so, will Libreelec auto-mount it on boot like it does normal partitions, or do I have to take extra steps?

    I am so sorry.
    In the past 6 month i was very busy at work and with other privat things. On top of that i still have some storage trouble hosting the images.
    Just finished builing 10.0.4. Now i need to sort out the storage trouble to give you all access to the images.

    sky42

    pasnox found and hopefully fixed it

    LibreELEC (sky42): 10.0.4-#230120a (RPi4.arm)

    nutsy:~ # ldd /usr/lib/systemd/system-generators/systemd-cryptsetup-generator

    /usr/lib/libarmmem-v7l.so (0xf7857000)

    libsystemd-shared-247.so => /usr/lib/libsystemd-shared-247.so (0xf762b000)

    libc.so.6 => /usr/lib/libc.so.6 (0xf74ec000)

    /lib/ld-linux-armhf.so.3 => /usr/lib/ld-linux-armhf.so.3 (0xf786c000)

    libblkid.so.1 => /usr/lib/libblkid.so.1 (0xf74ac000)

    libcrypt.so.1 => /usr/lib/libcrypt.so.1 (0xf746d000)

    libkmod.so.2 => /usr/lib/libkmod.so.2 (0xf744b000)

    libmount.so.1 => /usr/lib/libmount.so.1 (0xf7400000)

    librt.so.1 => /usr/lib/librt.so.1 (0xf73e9000)

    libm.so.6 => /usr/lib/libm.so.6 (0xf7380000)

    libdl.so.2 => /usr/lib/libdl.so.2 (0xf736d000)

    libpthread.so.0 => /usr/lib/libpthread.so.0 (0xf7344000)

    nutsy:~ #

    LibreELEC (sky42): 10.0.4-#230120a (Generic.x86_64)

    twang:~ # ldd /usr/lib/systemd/system-generators/systemd-cryptsetup-generator

    linux-vdso.so.1 (0x00007ffee2f3f000)

    libsystemd-shared-247.so => /usr/lib/libsystemd-shared-247.so (0x00007fb17662e000)

    libc.so.6 => /usr/lib/libc.so.6 (0x00007fb176474000)

    libblkid.so.1 => /usr/lib/libblkid.so.1 (0x00007fb176426000)

    libcrypt.so.1 => /usr/lib/libcrypt.so.1 (0x00007fb1763ec000)

    libkmod.so.2 => /usr/lib/libkmod.so.2 (0x00007fb1763d2000)

    libmount.so.1 => /usr/lib/libmount.so.1 (0x00007fb176378000)

    librt.so.1 => /usr/lib/librt.so.1 (0x00007fb17636e000)

    libdl.so.2 => /usr/lib/libdl.so.2 (0x00007fb176369000)

    libpthread.so.0 => /usr/lib/libpthread.so.0 (0x00007fb176348000)

    /lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007fb1768a4000)

    twang:~ #



    new version 230120a is now uploading to the download server