Hello, On Thu, Apr 17, 2025 at 02:04:18PM -0500, Aaron Rainbolt wrote: > Package: dracut > Version: 106-5 > Severity: critical > X-Debbugs-Cc: [email protected], [email protected] > > Unsure if the chosen severity is appropriate, but this bug renders > affected systems unbootable and the recovery procedure is a serious > headache, so I think this counts as "breaking the whole system". > > Steps to reproduce: > > * Install Debian Trixie with LUKS full disk encryption. The encryption > + LVM setup created by D-I works, as does a encrypted root + > unencrypted /boot setup made using Calamares with a live Debian > Trixie ISO. > * Boot into the installed system. > * Install `dracut` with `sudo apt install dracut`. > * Reboot. > > Expected result: The system should present a passphrase prompt for you > to unlock the disk, upon providing the passphrase the disk should be > unlocked and the system should boot. > > Actual result: The system hangs on the Plymouth screen for about 360 > seconds. If you attempt to boot with `rd.debug` set, you will see it's > unable to find the root filesystem. > > What's happening here, based on my research, is that dracut does not > install the info needed to find the LUKS volume into the initramfs > unless `hostonly=yes` is set. As a result, the initramfs isn't able to > find the encrypted disk, and then of course the system fails to boot. > > If you end up with an unbootable system, the recovery procedure requires > booting the system from a live USB, manually decrypting the LUKS volume > with the right name, mounting it, mounting in the boot directory, > bind-mounting in critical other directories, then chrooting in and > regenerating the initramfs that way. It's doable, yes, but it's not > easy, and I believe if you don't specify the right name when decrypting > the disk, you'll probably end up with a broken initramfs when you > regenerate it.
I ran into that problem, too. An easier recovery procedure for me was passing "rd.auto" on the kernel command line. Also note that dracut 107-1 and later default to host-only operation. Best regards Uwe
signature.asc
Description: PGP signature
