unlock passphrase doesn't work with Qubes kernel 6.6.2

duncancmt commented 10 months ago

Please identify some basic details to help process the report

A. Provide Hardware Details

1. What board are you using (see list of boards here)?

Novacustom NV41 (Nitrokey branded)

2. Does your computer have a dGPU or is it iGPU-only?

[ ] dGPU
[x] iGPU-only

3. Who installed Heads on this computer?

[ ] Insurgo
[x] Nitrokey
[ ] Purism
[ ] Other provider
[ ] Self-installed

4. What PGP key is being used?

[ ] Librem Key
[ ] Nitrokey Pro 2
[ ] Nitrokey Storage
[ ] Yubikey
[x] Other - Nitrokey 3A Mini

5. Are you using the PGP key to provide HOTP verification?

[x] Yes
[ ] No
[ ] I don't know

B. Identify how the board was flashed

I deleted this section because I purchased this machine from Nitrokey

C. Identify the rom related to this bug report

1. Did you download or build the rom at issue in this bug report?

[ ] I downloaded it
[ ] I built it
[x] System came pre-flashed

2. If you downloaded your rom, where did you get it from?

[ ] Heads CircleCi
[ ] Purism
[x] Nitrokey
[ ] Somewhere else (please identify)

Please provide the release number or otherwise identify the rom downloaded

Nitrokey heads v2.2

3. If you built your rom, which repository:branch did you use?

[ ] Heads:Master
[x] Other (please identify) Nitrokey/heads:v2.2

4. What version of coreboot did you use in building?

[ ] 4.8.1 (current default in heads:master)
[ ] 4.13
[ ] 4.14
[ ] 4.15
[ ] Other (please specify)
[x] I don't know

5. In building the rom where did you get the blobs?

[ ] No blobs required
[ ] Provided by the company that installed Heads on the device
[ ] Extracted from a backup rom taken from this device
[ ] Extracted from another backup rom taken from another device (please identify the board model)
[ ] Extracted from the online bios using the automated tools provided in Heads
[x] I don't know

Please describe the problem

Describe the bug

I did a dom0 update in Qubes and now the disk unlock passphrase doesn't work anymore. Kernel 6.5.8 works fine, but kernel 6.6.2 won't boot with the unlock passphrase, only the recovery passphrase. I presume something changed with dracut or the kernel boot process preventing concatenated cpios from overriding each other, but I have no idea how I would begin to go about debugging that.

To Reproduce Steps to reproduce the behavior:

Update Qubes dom0, installing kernel 6.6.2
Attempt to boot using the disk unlock passphrase
Observe that Plymouth still prompts for the recovery passphrase
Observe further that in the initramfs /etc/crypttab has not been patched and that /secret.key is missing

Expected behavior

Booting Qubes with the disk unlock passphrase does not prompt for the recovery passphrase. Also I would expect /etc/crypttab to be patched and /secret.key to be present in the initramfs if/when it drops into the OS recovery shell.

I apologize in advance if this should've gone in the Qubes forum.

tlaurion commented 10 months ago

https://github.com/Nitrokey/heads/issues/30

Nitrokey disables TPM Disk unlock key in their Heads's fork's board configurations as can be seen https://github.com/Nitrokey/heads/blob/nitropad-release-v2.2/boards%2Fnitropad-nv41%2Fnitropad-nv41.config#L50

tlaurion commented 10 months ago

Not Nitrokey fork related. Can replicate on newest Q4.2 rc5 updated kernel updated to latest (6.6.2.1) on x230 as can be seen at https://github.com/Nitrokey/heads/issues/30#issuecomment-1850309877

tlaurion commented 10 months ago

With f4bc5a8 permission warning disappeared on 6.5.10 which is still successful, while 6.6.2 still fails and prompts for Disk Recovery Key passphrase on Qubes boot:

TPM_DUK_success_6.5.10-1.log TPM_DUK_fail_6.6.2-1.log


user@Insurgo:~$ diff -u <(grep -i -e fail -i -e error -i -e crypt /media/user/Nitrokey/TPM_DUK_success_6.5.10-1.log) <(grep -i -e fail -i -e error -i -e crypt /media/user/Nitrokey/TPM_DUK_fail_6.6.2-1.log)
--- /dev/fd/63  2023-12-11 12:10:41.121000000 -0500
+++ /dev/fd/62  2023-12-11 12:10:41.118000000 -0500
@@ -1,86 +1,95 @@
-Dec 11 11:12:10 localhost kernel: cryptd: max_cpu_qlen set to 1000
-Dec 11 11:12:10 localhost kernel: PM-Timer failed consistency check  (0xffffff) - aborting.
-Dec 11 11:12:10 localhost kernel: Key type .fscrypt registered
-Dec 11 11:12:10 localhost kernel: Key type fscrypt-provisioning registered
-Dec 11 11:12:10 localhost kernel: Key type encrypted registered
-Dec 11 11:12:10 localhost kernel: hid_bpf: error while preloading HID BPF dispatcher: -22
-Dec 11 11:12:10 localhost kernel: RAS: Correctable Errors collector initialized.
-Dec 11 11:12:10 localhost kernel: Freeing unused decrypted memory: 2036K
-Dec 11 11:12:10 localhost systemd[1]: systemd 251.14-2.fc37 running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP -GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
-Dec 11 11:12:10 localhost systemd[1]: Failed to open libbpf, cgroup BPF features disabled: Operation not supported
-Dec 11 11:12:10 localhost systemd[1]: Created slice system-systemd\x2dcryptsetup.slice - Slice /system/systemd-cryptsetup.
-Dec 11 11:12:10 localhost systemd[1]: memstrack.service - Memstrack Anylazing Service was skipped because all trigger condition checks failed.
-Dec 11 11:12:10 localhost systemd[1]: dracut-cmdline-ask.service - dracut ask for additional cmdline parameters was skipped because all trigger condition checks failed.
-Dec 11 11:12:11 localhost systemd[1]: dracut-pre-trigger.service - dracut pre-trigger hook was skipped because all trigger condition checks failed.
-Dec 11 11:12:12 localhost systemd[1]: systemd-ask-password-console.path - Dispatch Password Requests to Console Directory Watch was skipped because of a failed condition check (ConditionPathExists=!/run/plymouth/pid).
-Dec 11 11:12:12 localhost systemd[1]: Starting systemd-cryptsetup@luks\x2d464e7720\x2d22f7\x2d4495\x2da02e\x2dd77dc9396c28.service - Cryptography Setup for luks-464e7720-22f7-4495-a02e-d77dc9396c28...
-Dec 11 11:12:12 localhost systemd-cryptsetup[493]: Set cipher aes, mode xts-plain64, key size 512 bits for device /dev/disk/by-uuid/464e7720-22f7-4495-a02e-d77dc9396c28.
-Dec 11 11:12:17 localhost audit[493]: DM_CTRL module=crypt op=ctr ppid=1 pid=493 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-cryptse" exe="/usr/lib/systemd/systemd-cryptsetup" dev=253:0 error_msg='success' res=1
-Dec 11 11:12:17 localhost kernel: audit: type=1338 audit(1702311137.852:27): module=crypt op=ctr ppid=1 pid=493 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-cryptse" exe="/usr/lib/systemd/systemd-cryptsetup" dev=253:0 error_msg='success' res=1
-Dec 11 11:12:17 localhost kernel: audit: type=1300 audit(1702311137.852:27): arch=c000003e syscall=16 success=yes exit=0 a0=4 a1=c138fd09 a2=5ef8dd10fcf0 a3=0 items=6 ppid=1 pid=493 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-cryptse" exe="/usr/lib/systemd/systemd-cryptsetup" key=(null)
-Dec 11 11:12:17 localhost audit[493]: SYSCALL arch=c000003e syscall=16 success=yes exit=0 a0=4 a1=c138fd09 a2=5ef8dd10fcf0 a3=0 items=6 ppid=1 pid=493 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-cryptse" exe="/usr/lib/systemd/systemd-cryptsetup" key=(null)
-Dec 11 11:12:18 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-cryptsetup@luks\x2d464e7720\x2d22f7\x2d4495\x2da02e\x2dd77dc9396c28 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
-Dec 11 11:12:18 localhost systemd[1]: Finished systemd-cryptsetup@luks\x2d464e7720\x2d22f7\x2d4495\x2da02e\x2dd77dc9396c28.service - Cryptography Setup for luks-464e7720-22f7-4495-a02e-d77dc9396c28.
-Dec 11 11:12:18 localhost systemd[1]: Reached target cryptsetup.target - Local Encrypted Volumes.
-Dec 11 11:12:18 localhost systemd[1]: Reached target remote-cryptsetup.target - Remote Encrypted Volumes.
-Dec 11 11:12:18 localhost systemd[1]: dracut-pre-mount.service - dracut pre-mount hook was skipped because all trigger condition checks failed.
-Dec 11 11:12:19 localhost systemd[1]: dracut-mount.service - dracut mount hook was skipped because all trigger condition checks failed.
-Dec 11 11:12:19 localhost systemd[1]: Stopped target remote-cryptsetup.target - Remote Encrypted Volumes.
-Dec 11 11:12:19 localhost systemd[1]: Stopped target cryptsetup.target - Local Encrypted Volumes.
-Dec 11 11:12:20 dom0 systemd[1]: systemd 251.19-1.fc37 running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP -GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
-Dec 11 11:12:20 dom0 systemd[1]: systemd-ask-password-console.path - Dispatch Password Requests to Console Directory Watch was skipped because of a failed condition check (ConditionPathExists=!/run/plymouth/pid).
-Dec 11 11:12:20 dom0 systemd[1]: Reached target remote-cryptsetup.target - Remote Encrypted Volumes.
-Dec 11 11:12:20 dom0 systemd[1]: dev-hugepages.mount - Huge Pages File System was skipped because of a failed condition check (ConditionPathExists=/sys/kernel/mm/hugepages).
-Dec 11 11:12:20 dom0 systemd[1]: systemd-repart.service - Repartition Root Disk was skipped because all trigger condition checks failed.
-Dec 11 11:12:20 dom0 systemd[1]: systemd-firstboot.service - First Boot Wizard was skipped because of a failed condition check (ConditionFirstBoot=yes).
-Dec 11 11:12:20 dom0 systemd[1]: systemd-hwdb-update.service - Rebuild Hardware Database was skipped because of a failed condition check (ConditionNeedsUpdate=/etc).
-Dec 11 11:12:20 dom0 systemd[1]: systemd-pstore.service - Platform Persistent Storage Archival was skipped because of a failed condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
-Dec 11 11:12:20 dom0 systemd[1]: systemd-sysusers.service - Create System Users was skipped because of a failed condition check (ConditionNeedsUpdate=/etc).
-Dec 11 11:12:20 dom0 systemd[1]: first-boot-complete.target - First Boot Complete was skipped because of a failed condition check (ConditionFirstBoot=yes).
-Dec 11 11:12:22 dom0 systemd[1]: systemd-ask-password-console.path - Dispatch Password Requests to Console Directory Watch was skipped because of a failed condition check (ConditionPathExists=!/run/plymouth/pid).
-Dec 11 11:12:22 dom0 systemd[1]: dev-hugepages.mount - Huge Pages File System was skipped because of a failed condition check (ConditionPathExists=/sys/kernel/mm/hugepages).
-Dec 11 11:12:22 dom0 systemd[1]: systemd-firstboot.service - First Boot Wizard was skipped because of a failed condition check (ConditionFirstBoot=yes).
-Dec 11 11:12:22 dom0 systemd[1]: first-boot-complete.target - First Boot Complete was skipped because of a failed condition check (ConditionFirstBoot=yes).
-Dec 11 11:12:22 dom0 systemd[1]: systemd-hwdb-update.service - Rebuild Hardware Database was skipped because of a failed condition check (ConditionNeedsUpdate=/etc).
-Dec 11 11:12:22 dom0 systemd[1]: systemd-pstore.service - Platform Persistent Storage Archival was skipped because of a failed condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
-Dec 11 11:12:22 dom0 systemd[1]: systemd-sysusers.service - Create System Users was skipped because of a failed condition check (ConditionNeedsUpdate=/etc).
-Dec 11 11:12:22 dom0 systemd[1]: systemd-repart.service - Repartition Root Disk was skipped because all trigger condition checks failed.
-Dec 11 11:12:22 dom0 kernel: platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
-Dec 11 11:12:22 dom0 kernel: cfg80211: failed to load regulatory.db
-Dec 11 11:12:23 dom0 systemd[1]: ldconfig.service - Rebuild Dynamic Linker Cache was skipped because all trigger condition checks failed.
-Dec 11 11:12:23 dom0 systemd[1]: systemd-binfmt.service - Set Up Additional Binary Formats was skipped because all trigger condition checks failed.
-Dec 11 11:12:23 dom0 systemd[1]: systemd-boot-system-token.service - Store a System Token in an EFI Variable was skipped because of a failed condition check (ConditionPathExists=/sys/firmware/efi/efivars/LoaderFeatures-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f).
-Dec 11 11:12:23 dom0 systemd[1]: systemd-machine-id-commit.service - Commit a transient machine-id on disk was skipped because of a failed condition check (ConditionPathIsMountPoint=/etc/machine-id).
-Dec 11 11:12:23 dom0 systemd[1]: systemd-journal-catalog-update.service - Rebuild Journal Catalog was skipped because of a failed condition check (ConditionNeedsUpdate=/var).
-Dec 11 11:12:23 dom0 systemd[1]: systemd-update-done.service - Update is Completed was skipped because all trigger condition checks failed.
-Dec 11 11:12:23 dom0 systemd[1]: usbguard.service - USBGuard daemon was skipped because of a failed condition check (ConditionKernelCommandLine=usbcore.authorized_default=0).
-Dec 11 11:12:23 dom0 systemd[1]: Reached target cryptsetup.target - Local Encrypted Volumes.
-Dec 11 11:12:23 dom0 systemd[1]: rpmdb-migrate.service - RPM database migration to /usr was skipped because of a failed condition check (ConditionPathExists=/var/lib/rpm/.migratedb).
-Dec 11 11:12:23 dom0 systemd[1]: rpmdb-rebuild.service - RPM database rebuild was skipped because of a failed condition check (ConditionPathExists=/usr/lib/sysimage/rpm/.rebuilddb).
-Dec 11 11:12:23 dom0 systemd[1]: alsa-restore.service - Save/Restore Sound Card State was skipped because of a failed condition check (ConditionPathExists=!/etc/alsa/state-daemon.conf).
-Dec 11 11:12:23 dom0 kernel: mei_me 0000:00:16.0: wait hw ready failed
-Dec 11 11:12:23 dom0 kernel: mei_me 0000:00:16.0: hw_start failed ret = -62
-Dec 11 11:12:23 dom0 alsactl[1587]: alsa-lib main.c:1560:(snd_use_case_mgr_open) error: failed to import hw:29 use case configuration -2
-Dec 11 11:12:25 dom0 kernel: mei_me 0000:00:16.0: wait hw ready failed
-Dec 11 11:12:25 dom0 kernel: mei_me 0000:00:16.0: hw_start failed ret = -62
-Dec 11 11:12:27 dom0 kernel: mei_me 0000:00:16.0: wait hw ready failed
-Dec 11 11:12:27 dom0 kernel: mei_me 0000:00:16.0: hw_start failed ret = -62
-Dec 11 11:12:28 dom0 kernel: mei_me 0000:00:16.0: reset failed ret = -19
-Dec 11 11:12:28 dom0 kernel: mei_me 0000:00:16.0: link layer initialization failed.
-Dec 11 11:12:28 dom0 kernel: mei_me 0000:00:16.0: init hw failure.
-Dec 11 11:12:28 dom0 kernel: mei_me 0000:00:16.0: initialization failed.
-Dec 11 11:12:28 dom0 startup-misc.sh[2145]: libxl: error: libxl_sched.c:232:sched_credit_domain_set: Getting domain sched credit: Invalid argument
-Dec 11 11:12:28 dom0 startup-misc.sh[2145]: libxl_domain_sched_params_set failed.
-Dec 11 11:12:33 dom0 libvirtd[1718]: internal error: Unable to reset PCI device 0000:00:14.0: no FLR, PM reset or bus reset available
-Dec 11 11:13:03 dom0 dbus-broker-launch[1536]: Activation request for 'org.freedesktop.home1' failed: The systemd unit 'dbus-org.freedesktop.home1.service' could not be found.
-Dec 11 11:13:03 dom0 (systemd)[3313]: pam_systemd_home(systemd-user:account): systemd-homed is not available: Could not activate remote peer: activation request failed: unknown unit.
-Dec 11 11:13:03 dom0 audit[3313]: CRED_ACQ pid=3313 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=? acct="lightdm" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
-Dec 11 11:13:04 dom0 systemd[3313]: grub-boot-success.timer - Mark boot as successful after the user session has run 2 minutes was skipped because of a failed condition check (ConditionUser=!@system).
-Dec 11 11:16:45 dom0 lightdm[3361]: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=  user=user
-Dec 11 11:16:45 dom0 audit[3361]: USER_AUTH pid=3361 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="user" exe="/usr/sbin/lightdm" hostname=? addr=? terminal=:0 res=failed'
-Dec 11 11:16:45 dom0 kernel: audit: type=1100 audit(1702311405.269:243): pid=3361 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="user" exe="/usr/sbin/lightdm" hostname=? addr=? terminal=:0 res=failed'
-Dec 11 11:16:47 dom0 audit[3361]: USER_LOGIN pid=3361 uid=0 auid=4294967295 ses=4294967295 msg='op=login acct="user" exe="/usr/sbin/lightdm" hostname=dom0 addr=? terminal=/dev/tty1 res=failed'
-Dec 11 11:16:47 dom0 kernel: audit: type=1112 audit(1702311407.519:244): pid=3361 uid=0 auid=4294967295 ses=4294967295 msg='op=login acct="user" exe="/usr/sbin/lightdm" hostname=dom0 addr=? terminal=/dev/tty1 res=failed'
-Dec 11 11:16:50 dom0 audit[3528]: CRED_ACQ pid=3528 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=? acct="user" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
-Dec 11 11:16:50 dom0 (systemd)[3528]: pam_systemd_home(systemd-user:account): systemd-homed is not available: Could not activate remote peer: activation request failed: unknown unit.
-Dec 11 11:21:01 dom0 qubes-app-menu[3983]: Failed to connect to session manager: Failed to connect to the session manager: SESSION_MANAGER environment variable not defined
+Dec 11 11:08:29 dom0 kernel: cryptd: max_cpu_qlen set to 1000
+Dec 11 11:08:29 dom0 kernel: ACPI: _OSC evaluation for CPUs failed, trying _PDC
+Dec 11 11:08:29 dom0 kernel: PM-Timer failed consistency check  (0xffffff) - aborting.
+Dec 11 11:08:29 dom0 kernel: Key type .fscrypt registered
+Dec 11 11:08:29 dom0 kernel: Key type fscrypt-provisioning registered
+Dec 11 11:08:29 dom0 kernel: Key type encrypted registered
+Dec 11 11:08:29 dom0 kernel: hid_bpf: error while preloading HID BPF dispatcher: -22
+Dec 11 11:08:29 dom0 kernel: RAS: Correctable Errors collector initialized.
+Dec 11 11:08:29 dom0 kernel: Freeing unused decrypted memory: 2028K
+Dec 11 11:08:29 dom0 systemd[1]: systemd 251.19-1.fc37 running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP -GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
+Dec 11 11:08:29 dom0 systemd[1]: Failed to open libbpf, cgroup BPF features disabled: Operation not supported
+Dec 11 11:08:29 dom0 systemd[1]: Created slice system-systemd\x2dcryptsetup.slice - Slice /system/systemd-cryptsetup.
+Dec 11 11:08:29 dom0 systemd[1]: memstrack.service - Memstrack Anylazing Service was skipped because all trigger condition checks failed.
+Dec 11 11:08:29 dom0 systemd[1]: dracut-cmdline-ask.service - dracut ask for additional cmdline parameters was skipped because all trigger condition checks failed.
+Dec 11 11:08:30 dom0 systemd[1]: dracut-pre-trigger.service - dracut pre-trigger hook was skipped because all trigger condition checks failed.
+Dec 11 11:08:31 dom0 systemd[1]: systemd-ask-password-console.path - Dispatch Password Requests to Console Directory Watch was skipped because of a failed condition check (ConditionPathExists=!/run/plymouth/pid).
+Dec 11 11:08:31 dom0 systemd[1]: Starting systemd-cryptsetup@luks\x2d464e7720\x2d22f7\x2d4495\x2da02e\x2dd77dc9396c28.service - Cryptography Setup for luks-464e7720-22f7-4495-a02e-d77dc9396c28...
+Dec 11 11:09:02 dom0 systemd-cryptsetup[507]: Set cipher aes, mode xts-plain64, key size 512 bits for device /dev/disk/by-uuid/464e7720-22f7-4495-a02e-d77dc9396c28.
+Dec 11 11:09:04 dom0 audit[507]: DM_CTRL module=crypt op=ctr ppid=1 pid=507 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-cryptse" exe="/usr/lib/systemd/systemd-cryptsetup" dev=253:0 error_msg='success' res=1
+Dec 11 11:09:04 dom0 audit[507]: SYSCALL arch=c000003e syscall=16 success=yes exit=0 a0=4 a1=c138fd09 a2=653c6ef6d440 a3=0 items=6 ppid=1 pid=507 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-cryptse" exe="/usr/lib/systemd/systemd-cryptsetup" key=(null)
+Dec 11 11:09:04 dom0 kernel: audit: type=1338 audit(1702310944.060:28): module=crypt op=ctr ppid=1 pid=507 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-cryptse" exe="/usr/lib/systemd/systemd-cryptsetup" dev=253:0 error_msg='success' res=1
+Dec 11 11:09:04 dom0 kernel: audit: type=1300 audit(1702310944.060:28): arch=c000003e syscall=16 success=yes exit=0 a0=4 a1=c138fd09 a2=653c6ef6d440 a3=0 items=6 ppid=1 pid=507 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-cryptse" exe="/usr/lib/systemd/systemd-cryptsetup" key=(null)
+Dec 11 11:09:04 dom0 systemd[1]: Finished systemd-cryptsetup@luks\x2d464e7720\x2d22f7\x2d4495\x2da02e\x2dd77dc9396c28.service - Cryptography Setup for luks-464e7720-22f7-4495-a02e-d77dc9396c28.
+Dec 11 11:09:04 dom0 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-cryptsetup@luks\x2d464e7720\x2d22f7\x2d4495\x2da02e\x2dd77dc9396c28 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
+Dec 11 11:09:04 dom0 systemd[1]: Reached target cryptsetup.target - Local Encrypted Volumes.
+Dec 11 11:09:05 dom0 systemd[1]: Reached target remote-cryptsetup.target - Remote Encrypted Volumes.
+Dec 11 11:09:05 dom0 systemd[1]: dracut-pre-mount.service - dracut pre-mount hook was skipped because all trigger condition checks failed.
+Dec 11 11:09:05 dom0 systemd[1]: dracut-mount.service - dracut mount hook was skipped because all trigger condition checks failed.
+Dec 11 11:09:05 dom0 systemd[1]: Stopped target remote-cryptsetup.target - Remote Encrypted Volumes.
+Dec 11 11:09:05 dom0 systemd[1]: Stopped target cryptsetup.target - Local Encrypted Volumes.
+Dec 11 11:09:06 dom0 systemd[1]: systemd 251.19-1.fc37 running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP -GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
+Dec 11 11:09:06 dom0 systemd[1]: systemd-ask-password-console.path - Dispatch Password Requests to Console Directory Watch was skipped because of a failed condition check (ConditionPathExists=!/run/plymouth/pid).
+Dec 11 11:09:06 dom0 systemd[1]: Reached target remote-cryptsetup.target - Remote Encrypted Volumes.
+Dec 11 11:09:06 dom0 systemd[1]: dev-hugepages.mount - Huge Pages File System was skipped because of a failed condition check (ConditionPathExists=/sys/kernel/mm/hugepages).
+Dec 11 11:09:06 dom0 systemd[1]: systemd-firstboot.service - First Boot Wizard was skipped because of a failed condition check (ConditionFirstBoot=yes).
+Dec 11 11:09:06 dom0 systemd[1]: systemd-hwdb-update.service - Rebuild Hardware Database was skipped because of a failed condition check (ConditionNeedsUpdate=/etc).
+Dec 11 11:09:06 dom0 systemd[1]: systemd-pstore.service - Platform Persistent Storage Archival was skipped because of a failed condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
+Dec 11 11:09:06 dom0 systemd[1]: systemd-repart.service - Repartition Root Disk was skipped because all trigger condition checks failed.
+Dec 11 11:09:06 dom0 systemd[1]: systemd-sysusers.service - Create System Users was skipped because of a failed condition check (ConditionNeedsUpdate=/etc).
+Dec 11 11:09:06 dom0 systemd[1]: first-boot-complete.target - First Boot Complete was skipped because of a failed condition check (ConditionFirstBoot=yes).
+Dec 11 11:09:08 dom0 kernel: platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
+Dec 11 11:09:08 dom0 kernel: cfg80211: failed to load regulatory.db
+Dec 11 11:09:09 dom0 systemd[1]: ldconfig.service - Rebuild Dynamic Linker Cache was skipped because all trigger condition checks failed.
+Dec 11 11:09:09 dom0 systemd[1]: systemd-binfmt.service - Set Up Additional Binary Formats was skipped because all trigger condition checks failed.
+Dec 11 11:09:09 dom0 systemd[1]: systemd-boot-system-token.service - Store a System Token in an EFI Variable was skipped because of a failed condition check (ConditionPathExists=/sys/firmware/efi/efivars/LoaderFeatures-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f).
+Dec 11 11:09:09 dom0 systemd[1]: systemd-machine-id-commit.service - Commit a transient machine-id on disk was skipped because of a failed condition check (ConditionPathIsMountPoint=/etc/machine-id).
+Dec 11 11:09:09 dom0 systemd[1]: systemd-journal-catalog-update.service - Rebuild Journal Catalog was skipped because of a failed condition check (ConditionNeedsUpdate=/var).
+Dec 11 11:09:09 dom0 systemd[1]: systemd-update-done.service - Update is Completed was skipped because all trigger condition checks failed.
+Dec 11 11:09:09 dom0 systemd[1]: usbguard.service - USBGuard daemon was skipped because of a failed condition check (ConditionKernelCommandLine=usbcore.authorized_default=0).
+Dec 11 11:09:09 dom0 systemd[1]: Reached target cryptsetup.target - Local Encrypted Volumes.
+Dec 11 11:09:09 dom0 systemd[1]: rpmdb-migrate.service - RPM database migration to /usr was skipped because of a failed condition check (ConditionPathExists=/var/lib/rpm/.migratedb).
+Dec 11 11:09:09 dom0 systemd[1]: rpmdb-rebuild.service - RPM database rebuild was skipped because of a failed condition check (ConditionPathExists=/usr/lib/sysimage/rpm/.rebuilddb).
+Dec 11 11:09:09 dom0 kernel: mei_me 0000:00:16.0: wait hw ready failed
+Dec 11 11:09:09 dom0 kernel: mei_me 0000:00:16.0: hw_start failed ret = -62 fw status = 1E020191 160A0140 
+Dec 11 11:09:11 dom0 kernel: mei_me 0000:00:16.0: wait hw ready failed
+Dec 11 11:09:11 dom0 kernel: mei_me 0000:00:16.0: hw_start failed ret = -62 fw status = 1E020191 160A0140 
+Dec 11 11:09:13 dom0 startup-misc.sh[2104]: libxl: error: libxl_sched.c:232:sched_credit_domain_set: Getting domain sched credit: Invalid argument
+Dec 11 11:09:13 dom0 startup-misc.sh[2104]: libxl_domain_sched_params_set failed.
+Dec 11 11:09:13 dom0 kernel: mei_me 0000:00:16.0: wait hw ready failed
+Dec 11 11:09:13 dom0 kernel: mei_me 0000:00:16.0: hw_start failed ret = -62 fw status = 1E020191 160A0140 
+Dec 11 11:09:13 dom0 kernel: mei_me 0000:00:16.0: reset failed ret = -19
+Dec 11 11:09:13 dom0 kernel: mei_me 0000:00:16.0: link layer initialization failed.
+Dec 11 11:09:13 dom0 kernel: mei_me 0000:00:16.0: init hw failure.
+Dec 11 11:09:13 dom0 kernel: mei_me 0000:00:16.0: initialization failed.
+Dec 11 11:09:14 dom0 systemd[1]: alsa-restore.service - Save/Restore Sound Card State was skipped because of a failed condition check (ConditionPathExists=!/etc/alsa/state-daemon.conf).
+Dec 11 11:09:14 dom0 alsactl[2290]: alsa-lib main.c:1560:(snd_use_case_mgr_open) error: failed to import hw:29 use case configuration -2
+Dec 11 11:09:19 dom0 libvirtd[1857]: internal error: Unable to reset PCI device 0000:00:14.0: no FLR, PM reset or bus reset available
+Dec 11 11:09:44 dom0 dbus-broker-launch[1750]: Activation request for 'org.freedesktop.home1' failed: The systemd unit 'dbus-org.freedesktop.home1.service' could not be found.
+Dec 11 11:09:44 dom0 (systemd)[3159]: pam_systemd_home(systemd-user:account): systemd-homed is not available: Could not activate remote peer: activation request failed: unknown unit.
+Dec 11 11:09:44 dom0 audit[3159]: CRED_ACQ pid=3159 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=? acct="lightdm" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
+Dec 11 11:09:44 dom0 systemd[3159]: grub-boot-success.timer - Mark boot as successful after the user session has run 2 minutes was skipped because of a failed condition check (ConditionUser=!@system).
+Dec 11 11:10:00 dom0 systemd[1]: Stopped target remote-cryptsetup.target - Remote Encrypted Volumes.
+Dec 11 11:10:00 dom0 systemd[1]: grub2-systemd-integration.service - Grub2 systemctl reboot --boot-loader-menu=... support was skipped because of a failed condition check (ConditionPathExists=/run/systemd/reboot-to-boot-loader-menu).
+Dec 11 11:10:00 dom0 udisksd[1812]: GLib-GIO:ERROR:../gio/gresource.c:1451:g_static_resource_fini: assertion failed: (g_atomic_int_get (&resource->ref_count) >= 2)
+Dec 11 11:10:00 dom0 udisksd[1812]: Bail out! GLib-GIO:ERROR:../gio/gresource.c:1451:g_static_resource_fini: assertion failed: (g_atomic_int_get (&resource->ref_count) >= 2)
+Dec 11 11:10:00 dom0 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=qubes-vm@sys-whonix comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
+Dec 11 11:10:00 dom0 systemd[1]: qubes-vm@sys-whonix.service: Failed with result 'signal'.
+Dec 11 11:10:00 dom0 systemd[1]: udisks2.service: Failed with result 'core-dump'.
+Dec 11 11:10:00 dom0 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=udisks2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
+Dec 11 11:10:06 dom0 libvirtd[1857]: internal error: Unable to reset PCI device 0000:00:14.0: no FLR, PM reset or bus reset available
+Dec 11 11:11:01 dom0 qvm-shutdown[3590]: qvm-shutdown: error: Failed to shut down: sys-whonix
+Dec 11 11:11:01 dom0 systemd[1]: qubes-core.service: Control process exited, code=exited, status=1/FAILURE
+Dec 11 11:11:01 dom0 systemd[1]: qubes-core.service: Failed with result 'exit-code'.
+Dec 11 11:11:01 dom0 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=qubes-core comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
+Dec 11 11:11:01 dom0 kernel: audit: type=1131 audit(1702311061.974:265): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=qubes-core comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
+Dec 11 11:11:02 dom0 systemd[1]: Stopped target cryptsetup.target - Local Encrypted Volumes.
+Dec 11 11:11:02 dom0 systemd[1]: Stopping systemd-cryptsetup@luks\x2d464e7720\x2d22f7\x2d4495\x2da02e\x2dd77dc9396c28.service - Cryptography Setup for luks-464e7720-22f7-4495-a02e-d77dc9396c28...
+Dec 11 11:11:02 dom0 systemd-cryptsetup[4115]: Device luks-464e7720-22f7-4495-a02e-d77dc9396c28 is still in use.
+Dec 11 11:11:02 dom0 systemd-cryptsetup[4115]: Failed to deactivate: Device or resource busy
+Dec 11 11:11:02 dom0 systemd[1]: systemd-cryptsetup@luks\x2d464e7720\x2d22f7\x2d4495\x2da02e\x2dd77dc9396c28.service: Control process exited, code=exited, status=1/FAILURE
+Dec 11 11:11:02 dom0 systemd[1]: systemd-cryptsetup@luks\x2d464e7720\x2d22f7\x2d4495\x2da02e\x2dd77dc9396c28.service: Failed with result 'exit-code'.
+Dec 11 11:11:02 dom0 systemd[1]: Stopped systemd-cryptsetup@luks\x2d464e7720\x2d22f7\x2d4495\x2da02e\x2dd77dc9396c28.service - Cryptography Setup for luks-464e7720-22f7-4495-a02e-d77dc9396c28.
+Dec 11 11:11:02 dom0 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-cryptsetup@luks\x2d464e7720\x2d22f7\x2d4495\x2da02e\x2dd77dc9396c28 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
+Dec 11 11:11:02 dom0 (udev-worker)[4121]: dm-5: Failed to wait for spawned command '/usr/lib/qubes/udev-block-add-change': Input/output error
+Dec 11 11:11:02 dom0 (udev-worker)[4121]: dm-5: Failed to execute '/usr/lib/qubes/udev-block-add-change', ignoring: Input/output error

tlaurion commented 10 months ago

Crosslinking https://github.com/QubesOS/qubes-issues/issues/8763

tlaurion commented 9 months ago

Fixed. See details https://github.com/QubesOS/qubes-issues/issues/8763 and associated QSB https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-098-2023.txt

linuxboot / heads