27

I think I was installing a bunch of updates, and after what seemed like an hour or so, I finally got this message in the Terminal window:

cryptsetup: WARNING: failed to detect canonical device of overlayfs
cryptsetup: WARNING: could not determine root device from /etc/fstab

What does this mean, and how do I fix it?

Elder Geek
  • 36,023
  • 25
  • 98
  • 183
Maegan
  • 271
  • 1
  • 3
  • 3
  • Also, it is still working on something. How long should this take? – Maegan Jul 04 '13 at 22:30
  • How are you updating? Are you using command line? – BiggJJ Jul 04 '13 at 22:46
  • check this out http://askubuntu.com/questions/87437/kernel-update-on-a-usb-stick-installation-fails-with-grub-probe-error – Projjol Jul 05 '13 at 05:43
  • "I think I was installing a bunch of updates" -- what exactly did you do? (which command, which program). Also, post the contents of the file /etc/fstab (open a terminal, and type cat /etc/fstab). – January Jul 05 '13 at 06:42

3 Answers3

17

If you are not using enCRYPTED volumes or swap, then you don't need cryptsetup, just uninstall it and reboot using the following commands:

sudo apt-get remove cryptsetup
# it's better to update and reinstall GRUB before rebooting
sudo update-grub
sudo grub-install /dev/<your_device_id>
sudo reboot

To find your device id, run:

lsblk

and locate the disk which contains a partition mounted at /boot/*. Note that you should use the device id (e.g. /dev/sda), not the partition id (e.g. /dev/sda1)

To make sure you are not using crypted filesystems please check /etc/fstab, if you see the option 'crypt' anywhere, then you require cryptsetup and what you need is to configure it properly.

Oliphaunt
  • 149
  • 6
cgili
  • 195
  • 1
    Note that <your_device_id> is indeed your device id (e.g. /dev/sda), not your partition (e.g. /dev/sda1)! – AstroFloyd Aug 20 '18 at 08:16
  • 2
    Could you explain why the update-grub and grub-install are needed. How do I determine which device(s) to grub-install? – Joe Murray Sep 19 '18 at 19:04
  • 1
    cryptsetup is required for more than just boot-time encrypted partitions. It is used for containerized encryption as well, and also as a native interface to VeraCrypt partitions and containers. It would be useful to know if the cryptsetup warnings can be ignored for people who have cryptsetup but who do not use boot-time encryption. – Kurt Fitzner Dec 20 '18 at 00:54
  • Maybe a little of topic but, how do you know for sure that cryptsetup/crypttab is not in used and thus you can safely remove it? – luukvhoudt Feb 06 '19 at 23:35
  • 1
    @AstroFloyd incorporated into answer. – Oliphaunt May 15 '20 at 11:24
11

This warning appeared inexplicably after I mounted two previously inactive disks as RAID 1, assigned a UUID to it, and later there was a kernel update.

To fix the warning, the first thing to do is

$ lsblk -f

to obtain the UUID value from the line "/".

This UUID is then entered in two files. In the file etc/fstab in the line containing the root "/", e.g: "/dev/sda3 / ext4 defaults 0 0". The part "dev/sda3" is replaced by "UUID=value":

UUID=cb2f354f-9e7a-44f8-8a01-2ef1e0b66c31 / ext4 defaults 0 0

In the file /etc/initramfs-tools/conf.d/resume the UUID is entered in this form:

RESUME=UUID=cb2f354f-9e7a-44f8-8a01-2ef1e0b66c31

Then the following command:

$ update-initramfs -u -k all

The warning should have disappeared and a reboot should be running.

amalesh
  • 211
  • 1
    Thank you this is exactly what I was looking for to fix the error. – Natim Oct 18 '20 at 17:09
  • This worked great, but in my case, for the /etc/initramfs-tools/conf.d/resume file, I had to use the UUID of the swap partition (not the / one) to avoid more warnings. – Gilberto Torrezan Sep 17 '21 at 11:54
2

Pre-information: I am using btrfs within LUKS with an unencrypted boot partition. For LVM or other setups the solution may differ!

If you actually are using cryptsetup and encounter this error, the fix for me was to:

  1. Make sure the /etc/crypttab file is set up correctly. There should be at least one entry named "root", this is the root / entry. This was crucial for me - and nobody mentioned it so far!
  2. This entry should be referred to in the /etc/fstab with /dev/mapper/root. Check that the UUIDs are correctly set up
  3. Now run update-initramfs -u which udpates only your most recent kernel. If a cryptsetup warning pops up, you failed on the previous steps. Review all files and try figure out the problem
  4. Run update-grub to fix any remaining grub issues
  5. Now check the /boot/grub/grub.cfg. Go search for the first menuentry which is the one that will be booted. The search part should contain the UUID of the boot partition (unencrypted!). The linux part should have something saying that root=/dev/mapper/root or pointing to the UUID of the unencrypted volume (in my setup the btrfs volume)

Good luck!

matt3o
  • 941
  • I use btrfs too on mint tara ubuntu. a question please. the only swap entry, no root entry in crypttab, is it normal? – Yurij Oct 12 '18 at 08:53
  • That depends. My guess is that you only encrypted your swap during the setup. In that case it is fine. If your root is encrypted however and you cannot boot e.g. then you should probably add the entry. – matt3o Oct 16 '18 at 10:09
  • during install i choose encrypt whole disk, plus encrypt home. So at first glance that is not fine. – Yurij Oct 16 '18 at 15:04
  • But everything still works? Encrypt home is done differently, in that case it doesn't have to be there. If you really encrypted the whole disk then I'm not sure tbh. Maybe it works differently on your linux. – matt3o Oct 18 '18 at 09:45
  • PARDON for long post when i execute disk=$(ls) ;for line in $disk; do cryptsetup status $line; done /dev/mapper/ata- is inactive. /dev/mapper/ata-part1 is inactive. /dev/mapper/ata-part2 is inactive. /dev/mapper/ata-part3 is inactive. /dev/mapper/dm-name-cryptswap1 is inactive. /dev/mapper/dm-uuid-CRYPT-PLAIN-cryptswap1 is inactive. /dev/mapper/wwn-0x is inactive. /dev/mapper/wwn-part1 is inactive. /dev/mapper/wwn--part2 is inactive. /dev/mapper/wwn--part3 is inactive. /dev/mapper/cryptswap1 is active and is in use. – Yurij Oct 18 '18 at 12:04
  • Better remove that message. Not sure if "ecryptfs_sig" should be public tbh :D – matt3o Oct 20 '18 at 08:04
  • I am guessing the next part, so better ask the community if you want definite answers. In the fstab you can see that your home directory is encrypted (ecryptfs it is called). In the crypttab you can see that your swap is encrypted (LUKS / the corresponding tool is called cryptseup). And the encrypted swap is actively used that's what your last command shows Thus I would conclude that not whole disk is encrypted but only those two parts. This means that your base Linux system could be modified e.g.. Whole disk encryption is a lot more complicated in my experience (apart from the setup). – matt3o Oct 20 '18 at 08:08
  • 1
    So if you want your whole disk encrypted I fear you do have to run the setup again and reinstall your linux. (don't forget to backup etc!) However I cannot tell you 100% that your disk is not encrypted - it's simply that it's not encrypted with the two most common encryption techniques and I can't tell you if there's any more I don't know about. As Mint is based on Ubuntu I'd guess that no, your disk is not encrypted as a whole however. – matt3o Oct 20 '18 at 08:10