Ubuntu: upon reboot, forever waiting for encrypted swapfile ...
Issue description
When restarting my machine, cryptsetup waits forever. Waiting for the swapfile. Unable to start Ubuntu at all. Error message is:
cryptsetup: Waiting for encrypted source device /swapfile...
Steps for reproducing the issue
- Do a fresh installation of Ubuntu, unencrypted.
- Later, due to restrictions at work, encrypt Ubuntu POST installation accordingly to this article: https://jumpcloud.com/blog/how-to-encrypt-ubuntu-20-04-desktop-post-installation
- Reboot, all works fine, but ...
- Later, after a couple of months, install a new Linux kernel and then ...
- Upon boot cryptsetup gets stuck, waits forever. See attached photo.
Additional info
I've found a temporary, painful workaround by rebooting in recovery mode and running this command every time:
sudo update-initramfs -u -k all
Then I can boot again. But I have to do this every time. Why?
Debug log
Hard to say but here's the output of this command journalctl | grep crypt
, not sure if you can find anything interesting about it:
Apr 21 13:48:28 M1 audit[179547]: AVC apparmor="DENIED" operation="getattr" class="file" info="Failed name lookup - disconnected path" error=-13 profile="/usr/bin/evince-thumbnailer" name="home/.ecryptfs/michael-heuberger/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWaKkF5ZO-vAFETGnoPriOb55KN8iA.SprD0W8LFNkfXu75b-QusjTdAA---/ECRYPTFS_FNEK_ENCRYPTED.FXaKkF5ZO-vAFETGnoPriOb55KN8iA.SprD0JjExLlqv3Fk6x4GGYcQdjXda2554lHGsMAmCwjYZWGA-" pid=179547 comm="evince-thumbnai" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Apr 21 17:01:49 M1 gdm-password][219451]: pam_ecryptfs: pam_sm_authenticate: /home/michael-heuberger is already mounted
Apr 21 17:26:59 M1 systemd[1]: Requested transaction contradicts existing jobs: Transaction for plymouth-quit.service/start is destructive (dev-disk-by\x2did-dm\x2duuid\x2dCRYPT\x2dPLAIN\x2dcryptswap1.swap has 'stop' job queued, but 'start' is included in transaction).
Apr 21 17:26:59 M1 systemd[1]: gdm.service: Failed to enqueue OnFailure= job, ignoring: Transaction for plymouth-quit.service/start is destructive (dev-disk-by\x2did-dm\x2duuid\x2dCRYPT\x2dPLAIN\x2dcryptswap1.swap has 'stop' job queued, but 'start' is included in transaction).
Apr 21 17:26:59 M1 systemd[3094]: Stopping GnuPG cryptographic agent and passphrase cache...
Apr 21 17:27:00 M1 systemd[3094]: Stopped GnuPG cryptographic agent and passphrase cache.
Apr 21 17:27:07 M1 systemd[1]: Stopped target Local Encrypted Volumes.
Apr 21 17:27:08 M1 umount.ecryptfs[231225]: Failed to find key with sig [2bda85c181b04823]: Required key not available
Apr 21 17:27:08 M1 umount.ecryptfs[231225]: Failed to find key with sig [96c111e5680ecc45]: Required key not available
Apr 21 17:27:09 M1 systemd[1]: Deactivating swap /dev/disk/by-id/dm-name-cryptswap1...
Apr 21 17:27:09 M1 systemd[1]: dev-disk-by\x2dlabel-cryptswap1.swap: Deactivated successfully.
Apr 21 17:27:09 M1 systemd[1]: Deactivated swap /dev/disk/by-label/cryptswap1.
Do you have any tips, advice please, how to fix this, how I can reboot my machine without running update-initramfs
every time? Thanks!