Bugzilla – Bug 1219020
hibernation over luks encryted swap partition failed
Last modified: 2024-02-23 11:39:24 UTC
by this doc: https://en.opensuse.org/SDB:Encrypted_root_file_system#Additional_steps_when_using_hibernation_with_encrypted_swap_partition > [werwolf@workbook] ~ > ❯ cat /etc/dracut.conf.d/99-resume.conf > add_device+=" UUID=ffb2ef5d-0757-49b6-987f-9166f4528318 " > add_dracutmodules+=" resume " > > [werwolf@workbook] ~ > ❯ cat /etc/dracut.conf.d/99-luks-key.conf > install_items+=" /etc/main.key " > > [werwolf@workbook] ~ > ❯ sudo cat /etc/crypttab | grep swap > [sudo] пароль для root: > cr_swap UUID=ffb2ef5d-0757-49b6-987f-9166f4528318 /etc/main.key key-slot=1,discard > > [werwolf@workbook] ~ > ❯ cat /etc/fstab | grep swap > /dev/mapper/cr_swap swap swap discard 0 0 > > [werwolf@workbook] ~ > ❯ free > total used free shared buff/cache available > Mem: 15128532 3875824 9142956 178356 2604596 11252708 > Swap: 17761600 0 17761600 > > [werwolf@workbook] ~ > ❯ cat /proc/cmdline > BOOT_IMAGE=/boot/vmlinuz-6.6.11-1-default root=UUID=eb54b167-a9a2-4641-8b74-b645cb0e4776 splash=silent resume=UUID=ffb2ef5d-0757-49b6-987f-9166f4528318 quiet security=apparmor mitigations=off delayacct > > [werwolf@workbook] ~ > ❯ sudo systemctl hibernate > Call to Hibernate failed: Not enough swap space for hibernation > I remember that it worked before, it definitely worked on my previous laptop. Because of this problem, I temporarily had to abandon encrypted swap since I need hibernation. and this is unsafe.
Somewhere in the issues systemd github repo I found this advice: add to > sudo systemctl edit systemd-logind.service next strings: > [Service] > Environment=SYSTEMD_BYPASS_HIBERNATION_MEMORY_CHECK=1 but it didn't work for tumbleweed, I got another error: > Failed to find location to hibernate to: Function not implemented and with debug next log in journalctl: > янв 19 20:31:27 workbook.itrus.su systemd-logind[4908]: /dev/dm-1: is a candidate device. > янв 19 20:31:27 workbook.itrus.su systemd-logind[4908]: No swap partitions or files matching resume config were found in /proc/swaps. > янв 19 20:31:27 workbook.itrus.su systemd-logind[4908]: Sent message type=method_return sender=n/a destination=:1.17 path=n/a interface=n/a member=n/a cookie=164 reply_cookie=42 signature=s error-name=n/a error-message=n/a > янв 19 20:31:27 workbook.itrus.su systemd-logind[4908]: Got message type=signal sender=:1.2 destination=n/a path=/org/freedesktop/systemd1 interface=org.freedesktop.systemd1.Manager member=UnitRemoved cookie=3229 reply_cookie=0 signature=so error-name=n/a error-message=n/a > янв 19 20:31:27 workbook.itrus.su systemd-logind[4908]: Got message type=method_call sender=:1.17 destination=org.freedesktop.login1 path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=CanHybridSleep cookie=43 reply_cookie=0 signature=n/a error-name=n/a error-message=n/a > янв 19 20:31:27 workbook.itrus.su systemd-logind[4908]: Failed to open configuration file '/etc/systemd/sleep.conf': Нет такого файла или каталога > янв 19 20:31:27 workbook.itrus.su systemd-logind[4908]: Sleep mode "disk" is supported by the kernel. > янв 19 20:31:27 workbook.itrus.su systemd-logind[4908]: Disk sleep mode "platform" is supported by the kernel. the error is repeated several times
First, let me apologize, I don't know how it could have taken so long until this bug report was notified to the systemd maintainers. (In reply to Dmitry Markov from comment #0) > I remember that it worked before, it definitely worked on my previous laptop. > Because of this problem, I temporarily had to abandon encrypted swap since I > need hibernation. and this is unsafe. How long has it been since this worked? Did it work with any v254 version? There were too many changes in systemd-v254/5 regarding hibernation that makes this very difficult to debug (the ENOSYS return and some messages logged in comment #1 do not exist anymore), and also multiple issues reported and fixed upstream in the meantime. The current systemd version on Tumbleweed is v254.8, but v255.3 (or higher) is coming very soon, so I'd wait a bit and check if this issue can still be reproduced with a more updated code.
(In reply to Antonio Feijoo from comment #2) > How long has it been since this worked? Did it work with any v254 version? > There were too many changes in systemd-v254/5 regarding hibernation that > makes this very difficult to debug (the ENOSYS return and some messages > logged in comment #1 do not exist anymore), and also multiple issues > reported and fixed upstream in the meantime. > > The current systemd version on Tumbleweed is v254.8, but v255.3 (or higher) > is coming very soon, so I'd wait a bit and check if this issue can still be > reproduced with a more updated code. Unfortunately, my answer won't be very helpful. For about six months, I simply did not need this opportunity, and I did not check whether it worked. Now the need was needed again. So the most useful thing I can report is that it worked on the June 2023 version of tumbleweed and earlier.
(In reply to Dmitry Markov from comment #3) > Unfortunately, my answer won't be very helpful. For about six months, I > simply did not need this opportunity, and I did not check whether it worked. > Now the need was needed again. So the most useful thing I can report is that > it worked on the June 2023 version of tumbleweed and earlier. That was v253. v254 was introduced in August [1]. [1] https://build.opensuse.org/package/view_file/openSUSE:Factory/systemd/systemd.changes?expand=1
Could you please `zypper dup` and check if this is still reproducible with the latest systemd version. If that's the case, please set `systemctl log-level debug`, issue `systemctl hibernate` and attach the output of `journalctl -b -o short-monotonic`. Thanks!
(In reply to Antonio Feijoo from comment #8) > Could you please `zypper dup` and check if this is still reproducible with > the latest systemd version. If that's the case, please set `systemctl > log-level debug`, issue `systemctl hibernate` and attach the output of > `journalctl -b -o short-monotonic`. Thanks! So. I again created luks encrypted swap, added a key file to it, registered it in fstab, crypttab and kernel cmdline as indicated in the manual, but I never got around to testing hibernation. Now the system simply does not boot with this resume in cmdline (to boot I manually erase this parameter by editing the menu item in grub), the system simply cannot start using swap with this uuid. > [werwolf@workbook] ~ > ❯ sudo lsblk -o +UUID > NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS UUID > nvme0n1 259:0 0 476,9G 0 disk > *********************************************************************************************** > └─nvme0n1p4 259:4 0 16,9G 0 part 855f2aa2-2f74-4f5f-9197-825c406b84ab > └─cr_swap 254:1 0 16,9G 0 crypt [SWAP] 5a0d6b5f-3c80-4778-ad50-0b157b67415c > > [werwolf@workbook] ~ > ❯ cat /etc/fstab | grep -i swap > UUID=5a0d6b5f-3c80-4778-ad50-0b157b67415c swap swap defaults,discard 0 0 > > [werwolf@workbook] ~ > ❯ sudo cat /etc/crypttab | grep swap > cr_swap UUID=855f2aa2-2f74-4f5f-9197-825c406b84ab /etc/main.key key-slot=1,discard > > [werwolf@workbook] ~ > ❯ sudo cat /etc/default/grub | grep resume > GRUB_CMDLINE_LINUX_DEFAULT="splash=silent resume=UUID=5a0d6b5f-3c80-4778-ad50-0b157b67415c quiet security=apparmor mitigations=off delayacct" > > [werwolf@workbook] ~ > ❯ cat /etc/dracut.conf.d/99-luks-key.conf > install_items+=" /etc/main.key " > > [werwolf@workbook] ~ > ❯ cat /etc/dracut.conf.d/99-resume.conf > add_device+=" UUID=855f2aa2-2f74-4f5f-9197-825c406b84ab " > add_dracutmodules+=" resume " > in my opinion it can be called “it has become worse”. or I forgot to do something, but I don’t understand what.
Created attachment 872955 [details] boot fail photo of the boot log with an error
(In reply to Dmitry Markov from comment #9) > (In reply to Antonio Feijoo from comment #8) > > Could you please `zypper dup` and check if this is still reproducible with > > the latest systemd version. If that's the case, please set `systemctl > > log-level debug`, issue `systemctl hibernate` and attach the output of > > `journalctl -b -o short-monotonic`. Thanks! > > So. I again created luks encrypted swap, added a key file to it, registered > it in fstab, crypttab and kernel cmdline as indicated in the manual, but I > never got around to testing hibernation. Now the system simply does not boot > with this resume in cmdline (to boot I manually erase this parameter by > editing the menu item in grub), the system simply cannot start using swap > with this uuid. > > > [werwolf@workbook] ~ > > ❯ sudo lsblk -o +UUID > > NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS UUID > > nvme0n1 259:0 0 476,9G 0 disk > > *********************************************************************************************** > > └─nvme0n1p4 259:4 0 16,9G 0 part 855f2aa2-2f74-4f5f-9197-825c406b84ab > > └─cr_swap 254:1 0 16,9G 0 crypt [SWAP] 5a0d6b5f-3c80-4778-ad50-0b157b67415c > > > > [werwolf@workbook] ~ > > ❯ cat /etc/fstab | grep -i swap > > UUID=5a0d6b5f-3c80-4778-ad50-0b157b67415c swap swap defaults,discard 0 0 > > > > [werwolf@workbook] ~ > > ❯ sudo cat /etc/crypttab | grep swap > > cr_swap UUID=855f2aa2-2f74-4f5f-9197-825c406b84ab /etc/main.key key-slot=1,discard > > > > [werwolf@workbook] ~ > > ❯ sudo cat /etc/default/grub | grep resume > > GRUB_CMDLINE_LINUX_DEFAULT="splash=silent resume=UUID=5a0d6b5f-3c80-4778-ad50-0b157b67415c quiet security=apparmor mitigations=off delayacct" > > > > [werwolf@workbook] ~ > > ❯ cat /etc/dracut.conf.d/99-luks-key.conf > > install_items+=" /etc/main.key " > > > > [werwolf@workbook] ~ > > ❯ cat /etc/dracut.conf.d/99-resume.conf > > add_device+=" UUID=855f2aa2-2f74-4f5f-9197-825c406b84ab " > > add_dracutmodules+=" resume " > > > > in my opinion it can be called “it has become worse”. or I forgot to do > something, but I don’t understand what. The UUID in fstab and the resume kernel command line option (/etc/default/grub) is wrong, it should be `855f2aa2-2f74-4f5f-9197-825c406b84ab`. (In reply to Dmitry Markov from comment #10) > Created attachment 872955 [details] > boot fail > > photo of the boot log with an error Please next time attach common formats, like jpg or png. Thanks.
(In reply to Antonio Feijoo from comment #11) > (In reply to Dmitry Markov from comment #9) > > (In reply to Antonio Feijoo from comment #8) > > > Could you please `zypper dup` and check if this is still reproducible with > > > the latest systemd version. If that's the case, please set `systemctl > > > log-level debug`, issue `systemctl hibernate` and attach the output of > > > `journalctl -b -o short-monotonic`. Thanks! > > > > So. I again created luks encrypted swap, added a key file to it, registered > > it in fstab, crypttab and kernel cmdline as indicated in the manual, but I > > never got around to testing hibernation. Now the system simply does not boot > > with this resume in cmdline (to boot I manually erase this parameter by > > editing the menu item in grub), the system simply cannot start using swap > > with this uuid. > > > > > [werwolf@workbook] ~ > > > ❯ sudo lsblk -o +UUID > > > NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS UUID > > > nvme0n1 259:0 0 476,9G 0 disk > > > *********************************************************************************************** > > > └─nvme0n1p4 259:4 0 16,9G 0 part 855f2aa2-2f74-4f5f-9197-825c406b84ab > > > └─cr_swap 254:1 0 16,9G 0 crypt [SWAP] 5a0d6b5f-3c80-4778-ad50-0b157b67415c > > > > > > [werwolf@workbook] ~ > > > ❯ cat /etc/fstab | grep -i swap > > > UUID=5a0d6b5f-3c80-4778-ad50-0b157b67415c swap swap defaults,discard 0 0 > > > > > > [werwolf@workbook] ~ > > > ❯ sudo cat /etc/crypttab | grep swap > > > cr_swap UUID=855f2aa2-2f74-4f5f-9197-825c406b84ab /etc/main.key key-slot=1,discard > > > > > > [werwolf@workbook] ~ > > > ❯ sudo cat /etc/default/grub | grep resume > > > GRUB_CMDLINE_LINUX_DEFAULT="splash=silent resume=UUID=5a0d6b5f-3c80-4778-ad50-0b157b67415c quiet security=apparmor mitigations=off delayacct" > > > > > > [werwolf@workbook] ~ > > > ❯ cat /etc/dracut.conf.d/99-luks-key.conf > > > install_items+=" /etc/main.key " > > > > > > [werwolf@workbook] ~ > > > ❯ cat /etc/dracut.conf.d/99-resume.conf > > > add_device+=" UUID=855f2aa2-2f74-4f5f-9197-825c406b84ab " > > > add_dracutmodules+=" resume " > > > > > > > in my opinion it can be called “it has become worse”. or I forgot to do > > something, but I don’t understand what. > > The UUID in fstab and the resume kernel command line option > (/etc/default/grub) is wrong, it should be > `855f2aa2-2f74-4f5f-9197-825c406b84ab`. ok, I checked when changing the resume parameter in cmdline from uuid swap partition to uuid luks partition with swap partition, the system boots correctly but if the same change is made in fstab, then after booting the system swap will be unused. which in my opinion is logical, because this uuid does not point to swap but to luks encrypted partition. I returned the uuid swap partition to swap, and left uuid luks with swap in cmdline, so the system booted correctly and swap worked. however, this did not lead to hibernation working: > [werwolf@workbook] ~ > ❯ sudo systemctl hibernate > Call to Hibernate failed: Not enough swap space for hibernation > > > [werwolf@workbook] ~ > ❯ sudo journalctl -b -o short-monotonic -f > > [ 306.396753] workbook.itrus.su sudo[6895]: werwolf : TTY=pts/3 ; PWD=/home/werwolf ; USER=root ; COMMAND=/usr/bin/systemctl hibernate > [ 306.397215] workbook.itrus.su sudo[6895]: pam_kwallet5(sudo:setcred): pam_kwallet5: pam_sm_setcred > [ 306.397803] workbook.itrus.su sudo[6895]: pam_unix(sudo:session): session opened for user root(uid=0) by werwolf(uid=1000) > [ 306.397998] workbook.itrus.su sudo[6895]: pam_kwallet5(sudo:session): pam_kwallet5: pam_sm_open_session > [ 306.398070] workbook.itrus.su sudo[6895]: pam_kwallet5(sudo:session): pam_kwallet5: we were already executed > [ 306.408035] workbook.itrus.su sudo[6895]: pam_unix(sudo:session): session closed for user root > [ 306.408146] workbook.itrus.su sudo[6895]: pam_kwallet5(sudo:session): pam_kwallet5: pam_sm_close_session > [ 306.408213] workbook.itrus.su sudo[6895]: pam_kwallet5(sudo:setcred): pam_kwallet5: pam_sm_setcred > > (In reply to Dmitry Markov from comment #10) > > Created attachment 872955 [details] > > boot fail > > > > photo of the boot log with an error > > Please next time attach common formats, like jpg or png. Thanks. sorry, I'll take this into account in the future
Sorry, I should've asked to add `systemd.log_level=debug` in the kernel command line to be able to see what's happening. But, I was able to reproduce your issue locally, and the logs match what you wrote in comment #1: > [ 82.172170] localhost systemd-logind[1065]: Got message type=method_call sender=:1.21 destination=org.freedesktop.login1 path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=SetWallMessage cookie=2 reply_cookie=0 signature=sb error-name=n/a error-message=n/a > [ 82.172170] localhost systemd-journald[792]: Forwarding to syslog missed 464 messages. > [ 82.172383] localhost systemd-logind[1065]: Sent message type=method_return sender=n/a destination=:1.21 path=n/a interface=n/a member=n/a cookie=58 reply_cookie=2 signature=n/a error-name=n/a error-message=n/a > [ 82.172406] localhost systemd[1]: systemd-logind.service: Got notification message from PID 1065 (WATCHDOG=1) > [ 82.172522] localhost systemd-logind[1065]: Got message type=method_call sender=:1.21 destination=org.freedesktop.login1 path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=HibernateWithFlags cookie=3 reply_cookie=0 signature=t error-name=n/a error-message=n/a > [ 82.172637] localhost systemd-logind[1065]: Failed to open configuration file '/etc/systemd/sleep.conf': No such file or directory > [ 82.172660] localhost systemd-logind[1065]: Sleep mode "disk" is supported by the kernel. > [ 82.172694] localhost systemd-logind[1065]: Disk sleep mode "shutdown" is supported by the kernel. > [ 82.172720] localhost systemd-logind[1065]: /dev/dm-1: is a candidate device. > [ 82.172737] localhost systemd-logind[1065]: No swap partitions or files matching resume config were found in /proc/swaps. > [ 82.172760] localhost systemd-logind[1065]: Sent message type=error sender=n/a destination=:1.21 path=n/a interface=n/a member=n/a cookie=59 reply_cookie=3 signature=s error-name=org.freedesktop.login1.SleepVerbNotSupported error-message=Not enough swap space for hibernation > [ 82.172778] localhost systemd-logind[1065]: Failed to process message type=method_call sender=:1.21 destination=org.freedesktop.login1 path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=HibernateWithFlags cookie=3 reply_cookie=0 signature=t error-name=n/a error-message=n/a: Not enough swap space for hibernation With the following actions I managed to make it work: - Set `resume=/dev/mapper/cr_swap` on the kernel command line. - Remove `add_device+=" UUID=... "` from /etc/dracut.conf.d/99-resume.conf - In /etc/crypttab, append the following two options to the cr_swap entry (4th column): x-initrd.attach,force - Run `dracut -f` - Reboot and try again `systemctl hibernate`. If it does not work in your system, add `systemd.log_level=debug` and attach the output of `journalctl -b -o short-monotonic`. Thanks.
(In reply to Antonio Feijoo from comment #13) > Sorry, I should've asked to add `systemd.log_level=debug` in the kernel > command line to be able to see what's happening. But, I was able to > reproduce your issue locally, and the logs match what you wrote in comment > #1: > > > [ 82.172170] localhost systemd-logind[1065]: Got message type=method_call sender=:1.21 destination=org.freedesktop.login1 path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=SetWallMessage cookie=2 reply_cookie=0 signature=sb error-name=n/a error-message=n/a > > [ 82.172170] localhost systemd-journald[792]: Forwarding to syslog missed 464 messages. > > [ 82.172383] localhost systemd-logind[1065]: Sent message type=method_return sender=n/a destination=:1.21 path=n/a interface=n/a member=n/a cookie=58 reply_cookie=2 signature=n/a error-name=n/a error-message=n/a > > [ 82.172406] localhost systemd[1]: systemd-logind.service: Got notification message from PID 1065 (WATCHDOG=1) > > [ 82.172522] localhost systemd-logind[1065]: Got message type=method_call sender=:1.21 destination=org.freedesktop.login1 path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=HibernateWithFlags cookie=3 reply_cookie=0 signature=t error-name=n/a error-message=n/a > > [ 82.172637] localhost systemd-logind[1065]: Failed to open configuration file '/etc/systemd/sleep.conf': No such file or directory > > [ 82.172660] localhost systemd-logind[1065]: Sleep mode "disk" is supported by the kernel. > > [ 82.172694] localhost systemd-logind[1065]: Disk sleep mode "shutdown" is supported by the kernel. > > [ 82.172720] localhost systemd-logind[1065]: /dev/dm-1: is a candidate device. > > [ 82.172737] localhost systemd-logind[1065]: No swap partitions or files matching resume config were found in /proc/swaps. > > [ 82.172760] localhost systemd-logind[1065]: Sent message type=error sender=n/a destination=:1.21 path=n/a interface=n/a member=n/a cookie=59 reply_cookie=3 signature=s error-name=org.freedesktop.login1.SleepVerbNotSupported error-message=Not enough swap space for hibernation > > [ 82.172778] localhost systemd-logind[1065]: Failed to process message type=method_call sender=:1.21 destination=org.freedesktop.login1 path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=HibernateWithFlags cookie=3 reply_cookie=0 signature=t error-name=n/a error-message=n/a: Not enough swap space for hibernation > > With the following actions I managed to make it work: > - Set `resume=/dev/mapper/cr_swap` on the kernel command line. > - Remove `add_device+=" UUID=... "` from /etc/dracut.conf.d/99-resume.conf > - In /etc/crypttab, append the following two options to the cr_swap entry > (4th column): x-initrd.attach,force > - Run `dracut -f` > - Reboot and try again `systemctl hibernate`. > > If it does not work in your system, add `systemd.log_level=debug` and attach > the output of `journalctl -b -o short-monotonic`. Thanks. I'm back with good news As I understand it, adding `x-initrd.attach` to crypttab helped. Now hibernation works as it should. it might make sense to note this in the documentation from the first comment. wi-fi does not work when waking up, but this is not the topic of this bugreport. thanks for help!
(In reply to Dmitry Markov from comment #14) > (In reply to Antonio Feijoo from comment #13) > > With the following actions I managed to make it work: > > - Set `resume=/dev/mapper/cr_swap` on the kernel command line. > > - Remove `add_device+=" UUID=... "` from /etc/dracut.conf.d/99-resume.conf > > - In /etc/crypttab, append the following two options to the cr_swap entry > > (4th column): x-initrd.attach,force > > - Run `dracut -f` > > - Reboot and try again `systemctl hibernate`. > > > > If it does not work in your system, add `systemd.log_level=debug` and attach > > the output of `journalctl -b -o short-monotonic`. Thanks. > > I'm back with good news I'm glad to hear that. > As I understand it, adding `x-initrd.attach` to crypttab helped. The keys are setting the right `resume=` device (available after decryption) and the `force` option in crypttab (dracut skips crypttab entries with key files for unknown reason, see https://github.com/dracutdevs/dracut/issues/2128#issuecomment-1353362957) > Now hibernation works as it should. it might make sense to note this in the > documentation from the first comment. Yes, definitely. > wi-fi does not work when waking up, but this is not the topic of this > bugreport. That reminds me of bug #1219427 > thanks for help! Anytime.