Everything appears to work up until the point where the pi boots from the USB stick. The first steps of the cfg_SD_crfs.sh script is failing. See logs below.
Oct 06 09:15:59 amya6b51af7-preluks systemd[1]: Started First time boot encrypted filesystem cfg service.
Oct 06 09:16:01 amya6b51af7-preluks cfg_SD_crfs.sh[441]: Creating LUKS key…Could not read stage 1 salt file. read returned -1, errno = 9
Oct 06 09:16:01 amya6b51af7-preluks cfg_SD_crfs.sh[441]: Retrying zklockifs…
Oct 06 09:16:03 amya6b51af7-preluks cfg_SD_crfs.sh[441]: Could not read stage 1 salt file. read returned -1, errno = 9
Oct 06 09:16:03 amya6b51af7-preluks cfg_SD_crfs.sh[441]: Retrying zklockifs…
Oct 06 09:16:04 amya6b51af7-preluks cfg_SD_crfs.sh[441]: Could not read stage 1 salt file. read returned -1, errno = 9
Oct 06 09:16:04 amya6b51af7-preluks cfg_SD_crfs.sh[441]: Retrying zklockifs…
Oct 06 09:16:04 amya6b51af7-preluks cfg_SD_crfs.sh[441]: LUKS key creation failed
I can confirm there is binary data in /run/key.bin
If I manually run zklockifs with sudo, I get: Could not read stage 1 salt file. read returned -1, errno = 9
if I manuall run zklockifs without sudo, I get: ERROR: no zymkeys installed.
I2c is enabled. If I run “i2cdetect -y 1”, no devices appear on the i2c buss (no zymkeys).
If I “sudo systemctl restart zkifc” while I am booted from the USB drive, zkifc does run without error and appears to bind to the zymkey (slow blink)
This process has been working for us up until recently. We always get the "Could not read stage 1 salt file" error now at the step where the pi boots from the USB stick (to do the steps to encrypt the SD card)
Any thoughts or pointers would be appreciated.
Thanks.
Tyson
Hi Tyson,
We are aware of the problem and are in the process of qualifying the fix. We should have the repository updated later today.
Regards,
Bob
The fixed zklockifs is now up in the repository. The encryption process should work again.
Thanks, Bob, I will give this a spin tomorrow.
I assume you are also aware that the GPG signature for the apt is invalid?
The following signatures were invalid: EXPKEYSIG CAA5E9C8755D21A0 scott@zymbit.com
Hi Tyson,
The updated key should be up there, good until 2022. If you’re starting fresh, that should be the key you get. If you need to update your key for an update, you can update your existing key with the following command:
curl -L https://zk-sw-repo.s3.amazonaws.com/apt-zymkey-pubkey.gpg | apt-key add -
Can you run that command and then let me know what you see from “apt-key list”?
Bob
Hi Bob - yes, i can update the key using your suggestion.
Starting from the top, my process now is failing with Segmentation fault
Oct 07 08:43:18 amya505a4c7-preluks systemd[1]: Started First time boot encrypted filesystem cfg service.
Oct 07 08:43:19 amya505a4c7-preluks cfg_SD_crfs.sh[423]: Creating LUKS key…/usr/local/bin/cfg_SD_crfs.sh: line 22: 445 Segmentation fault zkgrifs 512 > /run/key.bin
Oct 07 08:43:19 amya505a4c7-preluks cfg_SD_crfs.sh[423]: Retrying zkgrifs…
Oct 07 08:43:20 amya505a4c7-preluks cfg_SD_crfs.sh[423]: /usr/local/bin/cfg_SD_crfs.sh: line 22: 450 Segmentation fault zkgrifs 512 > /run/key.bin
Oct 07 08:43:20 amya505a4c7-preluks cfg_SD_crfs.sh[423]: Retrying zkgrifs…
Oct 07 08:43:21 amya505a4c7-preluks cfg_SD_crfs.sh[423]: /usr/local/bin/cfg_SD_crfs.sh: line 22: 457 Segmentation fault zkgrifs 512 > /run/key.bin
Oct 07 08:43:21 amya505a4c7-preluks cfg_SD_crfs.sh[423]: Retrying zkgrifs…
Oct 07 08:43:21 amya505a4c7-preluks cfg_SD_crfs.sh[423]: LUKS key creation failed
It looked like there’s a reference in there to mmcblk0p3. Can you send me the syntax of the encryption command you used? Also, if you happen to be using Noobs, we do not support that. We recommend you start from a Raspbian image.
Everything is working again as expected… thanks Bob.
Great to hear. Thanks for getting back to us.