WARNING Option 'hash' missing in crypttab after upgrading Ubuntu

Question

I upgraded Ubuntu from 18.04 to 18.10. I have full disk encryption enabled. When I boot up, I get this error message displayed above the password prompt for the full disk encryption:

cryptsetup: WARNING: Option 'hash' missing in crypttab for plain dm-crypt mapping cryptcherries. Please read /usr/share/doc/cryptsetup/README.initramfs and add the correct 'hash' option to your crypttab(5).

Please unlock disk cryptcherries

Once I enter the correct password, I am told it has been set up correctly, but then I am only shown a black screen with a flashing cursor

Using a live USB stick, I managed to read /etc/crypttab in my machine, the contents look like this:

cryptcherries UUID=1ae5c201-etc-etc none luks,retry=1,lvm=vgcherries

This is what /etc/fstab looks like on my machine:

/dev/mapper/vgcherries-vgcherriesroot / ext4 errors=remount-ro 0 1
UUID=03daa82f-etc-etc /boot ext3 defaults 0 2
/dev/mapper/vgcherries-vgcherriesswap none swap sw 0 0

I have been reading README.initramfs. (Despite what the error message says, I actually found it at /usr/share/doc/cryptesetup-initramfs/README.initramfs.gz.) I tried modifying cryptsetup to include hash=sha1

In the live CD, I unencrypted the encrypted partition using Files, and then I chroot it like this:

sudo mount /dev/mapper/vgcherries-vgcherriesroot /mnt
sudo mount /dev/sda4 /mnt/boot
sudo mount --bind /dev /mnt/dev
sudo chroot /mnt
> mount -t proc proc /proc
> mount -t sysfs sys /sys
> mount -t devpts devpts /dev/pts

And then I ran update-initramfs -k all -c, and got this output:

update-initramfs: Generating /boot/initrd.img-4.18.0-10-generic
cryptsetup: WARNING: target 'luks-1ae5c201-a8c8-458f-a364-6cda7717c24f' not 
    found in /etc/crypttab
cryptsetup: WARNING: The initramfs image may not contain cryptsetup binaries 
    nor crypto modules. If that's on purpose, you may want to uninstall the 
    'cryptsetup-initramfs' package in order to disable the cryptsetup initramfs 
    integration and avoid this warning.
update-initramfs: Generating /boot/initrd.img-4.15.0-38-generic
cryptsetup: WARNING: target 'luks-1ae5c201-a8c8-458f-a364-6cda7717c24f' not 
    found in /etc/crypttab
cryptsetup: WARNING: The initramfs image may not contain cryptsetup binaries 
    nor crypto modules. If that's on purpose, you may want to uninstall the 
    'cryptsetup-initramfs' package in order to disable the cryptsetup initramfs 
    integration and avoid this warning.

So I decided to modify crypttab again, like this:

luks-1ae5c201-a8c8-458f-a364-6cda7717c24f UUID=1ae5c201-a8c8-458f-a364-6cda7717c24f none luks,retry=1,lvm=vgcherries,hash=sha1

Now when I run the command, I get this output:

update-initramfs: Generating /boot/initrd.img-4.18.0-10-generic
cryptsetup: WARNING: luks-1ae5c201-a8c8-458f-a364-6cda7717c24f: ignoring 
    unknown option 'retry'
cryptsetup: WARNING: luks-1ae5c201-a8c8-458f-a364-6cda7717c24f: ignoring 
    unknown option 'lvm'
update-initramfs: Generating /boot/initrd.img-4.15.0-38-generic
cryptsetup: WARNING: luks-1ae5c201-a8c8-458f-a364-6cda7717c24f: ignoring 
    unknown option 'retry'
cryptsetup: WARNING: luks-1ae5c201-a8c8-458f-a364-6cda7717c24f: ignoring 
    unknown option 'lvm'

I rebooted my machine, and I got the exact same behaviour described initially. I rebooted again in recovery mode, I get this output before being prompted for a password:

 Volume group "vgcherries" not found
 Cannot process volume group vgcherries
cryptsetup: WARNING: cryptcherries: ignoring unknown option 'lvm'
/scripts/local-top/cryptroot: line 1: fold: not found
/scripts/local-top/cryptroot: line 1: fold: not found
/scripts/local-top/cryptroot: line 1: fold: not found
Please unlock disk cryptcherries:

More information on my hard drive layout:

$ sudo lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT,LABEL
NAME   FSTYPE        SIZE MOUNTPOINT LABEL
sda                238.5G            
├─sda1 ntfs          350M            Réservé au système     
├─sda2 ntfs        114.3G
├─sda3 crypto_LUKS   123G 
| └─luks-1ae5c201-...
|      LVM2_member   123G
|   ├─vgcherries-vgcherriesroot
|   |  ext4          115G
|   └─vgcherries-vgcherriesswap
|      swap            8G
└─sda4 ext3          800M

On my 16.04 system I have a /usr/share/doc/cryptsetup/README.initramfs.gz file, containing a lot of info which may help with troubleshooting. — Tom Brossman, Oct 29 '18 at 19:29
Also my /etc/cryptab (also for a FDE boot drive, shown here with UUIDs truncated) shows 'luks' for the hash option: nvme0n1p3_crypt UUID=fd00ca82... none luks,discard luks-975eb3f0... UUID=975eb3f0... /etc/luks-keys/luks-975eb3f0... nofail. Does yours look similar? — Tom Brossman, Oct 29 '18 at 19:37
@TomBrossman Thanks. I tried to modify crypttab, have a look at my edited question. — Flimm, Nov 02 '18 at 09:10
I've just checked my 18.04 laptop (also with FDE, using all of a single internal drive) and my /etc/crypttab reads sda5_crypt UUID=(blah, blah) none luks,discard. That's still one version behind you but I note the options after my UUID are simpler. Haven't a clue how to resolve this though, sorry. — Tom Brossman, Nov 02 '18 at 14:36
Using the same format, try cryptcherries UUID=1ae5c201-a8c8-458f-a364-6cda7717c24f none luks,discard. Make sure it's the UUID for your crypto_LUKS partition type, and not the (unencrypted) ext4 type of the same size. — Tom Brossman, Nov 02 '18 at 14:44
@Flimm, what do the physical partitions on your drive look like? Is it something like this: /dev/sda1 -> boot; /dev/sda2 -> EFI; /dev/sda3 -> LUKS; decrypted LUKS -> LVM. What mount commands did you issue from the LiveOS before and after you chroot-ed? — b_laoshi, Nov 05 '18 at 07:13
@TomBrossman I tried that. The UUID is for the LUKS partition (/dev/sda3). I chrooted and ran update-initramfs afterwards, getting this error: WARNING: target 'luks-1ae5c...' not found in /etc/crypttab and WARNING: The initramfs image my not contain cryptsetup binaries nor crypto modules. If that's on purpose, you may want to uninstall the 'cryptsetup-initramfs' package in order to disable the cryptsetup initramfs integration and avoid this warning.. Upon reboot, I get the Ubuntu splash screen forever. In recovery mode, I get this error: (next comment) — Flimm, Nov 07 '18 at 17:15
@TomBrossman (continued from previous comment) this error: mdadm: No arrays found in config file or automatically. done. Gave up waiting for root file system device. and then a busybox prompt. — Flimm, Nov 07 '18 at 17:16
@Flimm you could try this line in your /etc/crypttab: cryptcherries /dev/disk/by-uuid/1ae5c201-etc-etc none luks,retry=1,lvm=vgcherries. Note the use of the /dev name. I had to use that a long time ago to work around a systemd bug. You could try it, one never knows. The hash option is ignored for LUKS devices and is obviously not needed. So something wrong is going on here. — solsTiCe, Nov 08 '18 at 01:02
@Flimm, how did you upgrade? Did you do a release upgrade or did you do a fresh install using the existing partitions and encryption in place? — b_laoshi, Nov 08 '18 at 01:31
@solsTiCe I tried that. When running update-initramfs I got the The initramfs image may not contain cryptsetup binaries warning again. I got the same results as in this comment: https://askubuntu.com/questions/1088355/warning-option-hash-missing-in-crypttab-after-upgrading-ubuntu?noredirect=1#comment1795286_1088355 — Flimm, Nov 08 '18 at 07:18
The LVM errors you got when running update-initramfs are likely due to the fact that you need to mount --bind /run/lvm /mnt/run/lvm right after you bind /dev to /mnt/dev. You might refer to my post about doing a fresh install with manual partitioning, LVM, and LUKS to see if anything else jumps out at you. While my post is tailored for a completely new installation, it's not hard to see how it could be tailored for a reinstallation. — b_laoshi, Nov 09 '18 at 00:21
@b_laoshi Thanks for the suggestion. I tried that, and I'm getting the same results as before (in this comment https://askubuntu.com/questions/1088355/warning-option-hash-missing-in-crypttab-after-upgrading-ubuntu?noredirect=1#comment1795286_1088355 ). I also tried running update-grub inspired by your post, and now Windows has disappeared from the Grub menu. — Flimm, Nov 10 '18 at 06:28
Bad news, I tried a reinstallation and now I'm running into Secure Boot problems. It's obviously not related to this question, but I thought I would update you folks and share my misery. :( — Flimm, Nov 10 '18 at 17:39

score 0 · Answer 1 · answered Nov 08 '18 at 11:10

It sounds similar to this 17.10 to 18.04 upgrade problem:

Thanks for mentioning the keyboard issue for sd5_crypt after upgrading to Ubuntu 18.04.

I tried that before but you made me look at it again with more scrutiny. For me it wasn't about UK vs US keyboard layouts but realizing that for sd5-crypt I was still on an english layout which I mixed with German layout.

Looking up the keyboard maps in Wikipedia: https://en.wikipedia.org/wiki/British_and_American_keyboards

I transposed my passphrase into english-layout string and it worked for me.

STRANGE THING that this problem did not occur with previous version Ubuntu 17.10

It is not a matter of keyboards. When I type the incorrect password, I get an error message saying that the password is incorrect, but when I type it correctly, I get different error messages detailed in the question post. So I'm pretty confident that that's not the issue. — Flimm, Nov 08 '18 at 11:20

WARNING Option 'hash' missing in crypttab after upgrading Ubuntu

1 Answers1