cryptsetup keydev may be re-mounted and persist after switching root

[yan12125]

systemd version the issue has been seen with

253.5-1

Used distribution

Arch Linux

Linux kernel version used

6.3.7-arch1-1

CPU architectures issue was seen on

x86_64

Component

systemd-cryptsetup

Expected behaviour you didn't see

The cryptsetup keydev is properly unmounted

Unexpected behaviour you saw

The cryptsetup keydev is unmounted and mounted again, and remains mounted after switching root. mount | grep keydev shows:

/dev/sdb1 on /run/systemd/cryptsetup/keydev-ArchLinux type vfat (ro,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro)

Steps to reproduce the problem

Setup a keydev to unlock LUKS.

1. Add rd.luks.* to the kernel cmdline. The is the final cmdline on my system:

   root=/dev/mapper/ArchLinux loglevel=3 audit=0 rw rd.luks.name=3b3e2028-743e-4aeb-ace6-0208ec7069cf=ArchLinux rd.luks.key=3b3e2028-743e-4aeb-ace6-0208ec7069cf=/luks.key:LABEL=YEN rd.luks.options=3b3e2028-743e-4aeb-ace6-0208ec7069cf=discard,keyfile-timeout=5s systemd.log_level=debug

2. Generate initramfs with dracut. Here I use 056 due to some packaging issues (https://github.com/dracutdevs/dracut/issues/1850)
3. Reboot and check the output of mount | grep keydev

Additional program output to the terminal or log subsystem illustrating the issue

6月 13 21:50:32 systemd[1]: unit_file_build_name_map: normal unit file: /run/systemd/generator/keydev-ArchLinux-umount.service
 6月 13 21:50:32 systemd[1]: unit_file_build_name_map: normal unit file: /run/systemd/generator/run-systemd-cryptsetup-keydev\x2dArchLinux.mount
 6月 13 21:50:32 systemd[1]: keydev-ArchLinux-umount.service: Installed new job keydev-ArchLinux-umount.service/start as 13
 6月 13 21:50:33 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: starting held back, waiting for: dev-disk-by\x2dlabel-YEN.device
 6月 13 21:50:33 systemd[1]: systemd-cryptsetup@ArchLinux.service: starting held back, waiting for: run-systemd-cryptsetup-keydev\x2dArchLinux.mount
 6月 13 21:50:35 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: About to execute /usr/bin/mount /dev/disk/by-label/YEN /run/systemd/cryptsetup/keydev-ArchLinux -o ro
 6月 13 21:50:35 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Forked /usr/bin/mount as 311
 6月 13 21:50:35 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Changed dead -> mounting
 6月 13 21:50:35 systemd[1]: Mounting /run/systemd/cryptsetup/keydev-ArchLinux...
 6月 13 21:50:35 (moun[311]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Executing: /usr/bin/mount /dev/disk/by-label/YEN /run/systemd/cryptsetup/keydev-ArchLinux -o ro
 6月 13 21:50:35 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Changed mounting -> mounting-done
 6月 13 21:50:35 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Child 311 belongs to run-systemd-cryptsetup-keydev\x2dArchLinux.mount.
 6月 13 21:50:35 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Mount process exited, code=exited, status=0/SUCCESS (success)
 6月 13 21:50:35 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Changed mounting-done -> mounted
 6月 13 21:50:35 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Job 11 run-systemd-cryptsetup-keydev\x2dArchLinux.mount/start finished, result=done
 6月 13 21:50:35 systemd[1]: Mounted /run/systemd/cryptsetup/keydev-ArchLinux.
 6月 13 21:50:35 systemd[1]: keydev-ArchLinux-umount.service: starting held back, waiting for: systemd-cryptsetup@ArchLinux.service
 6月 13 21:50:35 systemd[1]: systemd-cryptsetup@ArchLinux.service: About to execute /usr/lib/systemd/systemd-cryptsetup attach ArchLinux /dev/disk/by-uuid/3b3e2028-743e-4aeb-ace6-0208ec7069cf /run/systemd/cryptsetup/keydev-ArchLinux/luks.key discard,keyfile-timeout=5s
 6月 13 21:50:35 (ypts[315]: systemd-cryptsetup@ArchLinux.service: Executing: /usr/lib/systemd/systemd-cryptsetup attach ArchLinux /dev/disk/by-uuid/3b3e2028-743e-4aeb-ace6-0208ec7069cf /run/systemd/cryptsetup/keydev-ArchLinux/luks.key discard,keyfile-timeout=5s
 6月 13 21:50:35 systemd-cryptsetup[315]: Key file /run/systemd/cryptsetup/keydev-ArchLinux/luks.key is world-readable. This is not a good idea!
 6月 13 21:50:35 systemd-cryptsetup[315]: /run/systemd/cryptsetup/keydev-ArchLinux/luks.key has 0755 mode that is too permissive, please adjust the ownership and access mode.
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Will spawn child (service_enter_start): /usr/bin/umount
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Passing 0 fds to service
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: About to execute /usr/bin/umount /run/systemd/cryptsetup/keydev-ArchLinux
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Forked /usr/bin/umount as 539
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Changed dead -> running
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Job 13 keydev-ArchLinux-umount.service/start finished, result=done
 6月 13 21:50:38 systemd[1]: Started keydev-ArchLinux-umount.service.
 6月 13 21:50:38 (umou[539]: keydev-ArchLinux-umount.service: Executing: /usr/bin/umount /run/systemd/cryptsetup/keydev-ArchLinux
 6月 13 21:50:38 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Deactivated successfully.
 6月 13 21:50:38 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Changed mounted -> dead
 6月 13 21:50:38 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Consumed 4ms CPU time.
 6月 13 21:50:38 systemd[1]: Cannot stat /run/credentials/run-systemd-cryptsetup-keydev\x2dArchLinux.mount: No such file or directory
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Child 539 belongs to keydev-ArchLinux-umount.service.
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Main process exited, code=exited, status=0/SUCCESS (success)
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Deactivated successfully.
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Service will not restart (restart setting)
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Changed running -> dead
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Consumed 59ms CPU time.
 6月 13 21:50:38 systemd[1]: Cannot stat /run/credentials/keydev-ArchLinux-umount.service: No such file or directory
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Control group is empty.
 6月 13 21:50:38 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Installed new job run-systemd-cryptsetup-keydev\x2dArchLinux.mount/start as 97
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Installed new job keydev-ArchLinux-umount.service/start as 107
 6月 13 21:50:38 systemd[1]: Sent message type=signal sender=org.freedesktop.systemd1 destination=n/a path=/org/freedesktop/systemd1/unit/keydev_2dArchLinux_2dumount_2eservice interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=29 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a
 6月 13 21:50:38 systemd[1]: Sent message type=signal sender=org.freedesktop.systemd1 destination=n/a path=/org/freedesktop/systemd1/unit/keydev_2dArchLinux_2dumount_2eservice interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=30 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a
 6月 13 21:50:38 systemd[1]: Sent message type=signal sender=org.freedesktop.systemd1 destination=n/a path=/org/freedesktop/systemd1/unit/run_2dsystemd_2dcryptsetup_2dkeydev_5cx2dArchLinux_2emount interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=43 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a
 6月 13 21:50:38 systemd[1]: Sent message type=signal sender=org.freedesktop.systemd1 destination=n/a path=/org/freedesktop/systemd1/unit/run_2dsystemd_2dcryptsetup_2dkeydev_5cx2dArchLinux_2emount interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=44 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a
 6月 13 21:50:38 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: About to execute /usr/bin/mount /dev/disk/by-label/YEN /run/systemd/cryptsetup/keydev-ArchLinux -o ro
 6月 13 21:50:38 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Forked /usr/bin/mount as 565
 6月 13 21:50:38 systemd[1]: Sent message type=signal sender=org.freedesktop.systemd1 destination=n/a path=/org/freedesktop/systemd1/unit/run_2dsystemd_2dcryptsetup_2dkeydev_5cx2dArchLinux_2emount interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=137 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a
 6月 13 21:50:38 systemd[1]: Sent message type=signal sender=org.freedesktop.systemd1 destination=n/a path=/org/freedesktop/systemd1/unit/run_2dsystemd_2dcryptsetup_2dkeydev_5cx2dArchLinux_2emount interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=138 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a
 6月 13 21:50:38 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Changed dead -> mounting
 6月 13 21:50:38 systemd[1]: Mounting /run/systemd/cryptsetup/keydev-ArchLinux...
 6月 13 21:50:38 (moun[565]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Executing: /usr/bin/mount /dev/disk/by-label/YEN /run/systemd/cryptsetup/keydev-ArchLinux -o ro
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: starting held back, waiting for: run-systemd-cryptsetup-keydev\x2dArchLinux.mount
 6月 13 21:50:38 systemd[1]: Sent message type=signal sender=org.freedesktop.systemd1 destination=n/a path=/org/freedesktop/systemd1/unit/run_2dsystemd_2dcryptsetup_2dkeydev_5cx2dArchLinux_2emount interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=175 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a
 6月 13 21:50:38 systemd[1]: Sent message type=signal sender=org.freedesktop.systemd1 destination=n/a path=/org/freedesktop/systemd1/unit/run_2dsystemd_2dcryptsetup_2dkeydev_5cx2dArchLinux_2emount interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=176 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a
 6月 13 21:50:38 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: not serializing before switch-root
 6月 13 21:50:39 (sd-gens)[570]: Not remounting /run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run, called for /
 6月 13 21:50:39 (sd-gens)[570]: Not remounting /run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run, called for /
 6月 13 21:50:39 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Changed dead -> mounted
 6月 13 21:50:39 systemd[1]: keydev-ArchLinux-umount.service: Collecting.
 6月 13 21:50:44 (imesyncd)[789]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:44 (imesyncd)[789]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:44 (d-logind)[799]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:44 (d-logind)[799]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:45 (ostnamed)[843]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:45 (ostnamed)[843]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:45 (ostnamed)[843]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:45 (ostnamed)[843]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:45 (s-daemon)[855]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:45 (s-daemon)[855]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:45 systemd[847]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Changed dead -> mounted
 6月 13 21:50:46 systemd[940]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Changed dead -> mounted
 6月 13 21:50:49 (-localed)[1028]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:49 (-localed)[1028]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:49 (upowerd)[1038]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:49 (upowerd)[1038]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:50 (geoclue)[1047]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:50 (geoclue)[1047]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:02:45 systemd[5881]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Changed dead -> mounted
 6月 13 22:02:45 (-localed)[5938]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:02:45 (-localed)[5938]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:02:46 (geoclue)[5950]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:02:46 (geoclue)[5950]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:02:46 (ostnamed)[6076]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:02:46 (ostnamed)[6076]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:02:46 (ostnamed)[6076]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:02:46 (ostnamed)[6076]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:04:20 systemd[6488]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Changed dead -> mounted
 6月 13 22:04:21 (-localed)[6545]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:04:21 (-localed)[6545]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:04:21 (geoclue)[6557]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:04:21 (geoclue)[6557]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:04:22 (ostnamed)[6690]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:04:22 (ostnamed)[6690]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:04:22 (ostnamed)[6690]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:04:22 (ostnamed)[6690]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/

[yan12125]

In https://github.com/systemd/systemd/pull/16992#issuecomment-691852234, @msekletar said:

Hence both keydev mount unit and unmount service will be pulled in and keydev FS will be mounted and then unmounted immediately.

Looks like it does not work as intended. According to my logs, both the mount unit and the unmount service are queued after the LUKS partition is unlocked:

 6月 13 21:50:38 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Installed new job run-systemd-cryptsetup-keydev\x2dArchLinux.mount/start as 97
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Installed new job keydev-ArchLinux-umount.service/start as 107

While the umount service is never started before switching root:

 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: starting held back, waiting for: run-systemd-cryptsetup-keydev\x2dArchLinux.mount

[gcb]

confirmed on 256.4-1

But i don't think it "remains", but is mounted again later.

...
Aug 08 17:21:13 archlinux systemd[1]: Found device STORAGE_DEVICE 2.
Aug 08 17:21:13 archlinux systemd[1]: Mounting /run/systemd/cryptsetup/keydev-cryptroot...
Aug 08 17:21:13 archlinux kernel: EXT4-fs (x): mounted filesystem
Aug 08 17:21:13 archlinux systemd[1]: Mounted /run/systemd/cryptsetup/keydev-cryptroot.
Aug 08 17:21:13 archlinux systemd[1]: Starting Cryptography Setup for cryptroot...
...
Aug 08 17:21:17 archlinux kernel: Key type encrypted registered
Aug 08 17:21:17 archlinux systemd[1]: Found device /dev/mapper/cryptroot.
Aug 08 17:21:17 archlinux systemd[1]: Reached target Initrd Root Device.
Aug 08 17:21:17 archlinux systemd[1]: Starting File System Check on /dev/mapper/cryptroot...
Aug 08 17:21:17 archlinux systemd[1]: Finished Cryptography Setup for cryptroot.
Aug 08 17:21:17 archlinux systemd[1]: Reached target Local Encrypted Volumes.
Aug 08 17:21:17 archlinux systemd[1]: Reached target System Initialization.
Aug 08 17:21:17 archlinux systemd[1]: Reached target Basic System.
Aug 08 17:21:17 archlinux systemd[1]: Started keydev-cryptroot-umount.service.
Aug 08 17:21:17 archlinux systemd[1]: run-systemd-cryptsetup-keydev\x2dcryptroot.mount: Deactivated successfully.
Aug 08 17:21:17 archlinux systemd[1]: keydev-cryptroot-umount.service: Deactivated successfully.
Aug 08 17:21:17 archlinux kernel: EXT4-fs (x): unmounting filesystem 123
...
Aug 08 17:21:18 archlinux systemd[1]: Mounted /sysroot.
Aug 08 17:21:18 archlinux systemd[1]: Reached target Initrd Root File System.
Aug 08 17:21:18 archlinux systemd[1]: Starting Mountpoints Configured in the Real Root...
Aug 08 17:21:18 archlinux systemd[1]: initrd-parse-etc.service: Deactivated successfully.
Aug 08 17:21:18 archlinux systemd[1]: Finished Mountpoints Configured in the Real Root.
Aug 08 17:21:18 archlinux systemd[1]: Reached target Initrd File Systems.
Aug 08 17:21:18 archlinux systemd[1]: Reached target Initrd Default Target.
Aug 08 17:21:18 archlinux systemd[1]: Starting Cleaning Up and Shutting Down Daemons...
Aug 08 17:21:18 archlinux systemd[1]: Stopped target Initrd Default Target.
Aug 08 17:21:18 archlinux systemd[1]: Stopped target Basic System.
Aug 08 17:21:18 archlinux systemd[1]: Stopped target Initrd Root Device.
Aug 08 17:21:18 archlinux systemd[1]: Stopped target Path Units.
Aug 08 17:21:18 archlinux systemd[1]: Stopped target Slice Units.
Aug 08 17:21:18 archlinux systemd[1]: Stopped target Socket Units.
Aug 08 17:21:18 archlinux systemd[1]: Stopped target System Initialization.
Aug 08 17:21:18 archlinux systemd[1]: Stopped target Local Encrypted Volumes.
Aug 08 17:21:18 archlinux systemd[1]: systemd-ask-password-console.path: Deactivated successfully.
Aug 08 17:21:18 archlinux systemd[1]: Stopped Dispatch Password Requests to Console Directory Watch.
Aug 08 17:21:18 archlinux systemd[1]: Stopped target Local File Systems.
Aug 08 17:21:18 archlinux systemd[1]: Stopped target Preparation for Local File Systems.
Aug 08 17:21:18 archlinux systemd[1]: Stopped target Swaps.
Aug 08 17:21:18 archlinux systemd[1]: Stopped target Timer Units.
Aug 08 17:21:18 archlinux systemd[1]: Mounting /run/systemd/cryptsetup/keydev-cryptroot...

[yan12125]

Thank you, yes the keydev is re-mounted. Hopefully the new issue title is accurate.

@msekletar: pinging as you're the author of the relevant pull request https://github.com/systemd/systemd/pull/16992. You mentioned an issue for the mount unit:

since mount units can't have RemainAfterExit= I think the proposed solution is the only way to go.

Is it simpler to use a .service instead of .mount for mounting the keydev?

Sorry for bothering if you no longer work on this area.

[gcb]

I just realized my system shutsdown in a random time (from minutes to hours) after I remove the physical disk which holds the key. Maybe the re-mount is a hacky workaround for whatever is causing this?

I couldn't find it documented anywhere!