Hello, I hope i can explain this right.
System:
Ubuntu 24.04
Two drives encrypted with lvm and passwords
one is root drive and second drive is mounted as /data partition
primary drive unlocks find, however secondary partition will get stuck with the
device-mapper: create ioctl device or resource busy
if we remove the secondary drive and setup a startup script as rc.local with the following it auto-unlocks fine and mounts properly:
clevis luks unlock -d /dev/nvme1n1p1 > /dev/null 2>&1
sleep 1
mount /data
this requires removal of the drive entry in crypttab as well.
Syslog for "data-data" lvm (i didnt name it that):
2026-02-24T11:47:38.527873-06:00 <removed hostname> systemd[1]: Starting systemd-cryptsetup@data\x2ddata.service - Cryptography Setup for data-data...
2026-02-24T11:47:38.528802-06:00 <removed hostname> systemd[1]: Finished systemd-cryptsetup@data\x2ddata.service - Cryptography Setup for data-data.
2026-02-24T11:47:38.528805-06:00 <removed hostname> systemd[1]: Reached target blockdev@dev-mapper-data\x2ddata.target - Block Device Preparation for /dev/mapper/data-data.
2026-02-24T11:47:38.528873-06:00 <removed hostname> lvm[3658]: device-mapper: create ioctl on data-data LVM-17w3cu5Oc4C1XHXNfBasmBWcjkvBtPXyZ4Xcx4cvFWwjj9BzX8BfGoUPyEz8vc1W failed: Device or resource busy
Clevis logs from syslog:
2026-02-24T11:47:38.528038-06:00 <removed hostname> systemd[1]: Started clevis-luks-askpass.service - Forward Password Requests to Clevis.
2026-02-24T11:47:38.528456-06:00 <removed hostname> clevis-luks-askpass[2637]: ERROR: Incorrect handle value, got: "/tmp/tmp.AUPDJOSJl8/load.context", expected a handle number
2026-02-24T11:47:38.528460-06:00 <removed hostname> clevis-luks-askpass[2637]: ERROR: Unable to read as BIO file
2026-02-24T11:47:38.528465-06:00 <removed hostname> clevis-luks-askpass[2637]: ERROR: Unable to fetch public/private portions of TSS PRIVKEY
2026-02-24T11:47:38.528468-06:00 <removed hostname> clevis-luks-askpass[2637]: ERROR: Cannot make sense of object context "/tmp/tmp.AUPDJOSJl8/load.context"
2026-02-24T11:47:38.528473-06:00 <removed hostname> clevis-luks-askpass[2637]: ERROR: Invalid item handle authorization
2026-02-24T11:47:38.528612-06:00 <removed hostname> clevis-luks-askpass[2637]: ERROR: Unable to run tpm2_unseal
2026-02-24T11:47:38.528619-06:00 <removed hostname> clevis-luks-askpass[2311]: Unsealing jwk from TPM failed!
2026-02-24T11:47:38.528624-06:00 <removed hostname> clevis-luks-askpass[2311]: Delete temporary files failed!
2026-02-24T11:47:38.528628-06:00 <removed hostname> clevis-luks-askpass[2311]: You need to clean up: /tmp/tmp.AUPDJOSJl8
2026-02-24T11:47:38.528784-06:00 <removed hostname> clevis-luks-askpass[2260]: Unlocked /dev/disk/by-uuid/99ae1581-c6c4-4a2c-b222-35d29b0da70f (UUID=99ae1581-c6c4-4a2c-b222-35d29b0da70f) successfully
2026-02-24T11:47:38.531428-06:00 <removed hostname> kernel: systemd[1]: Started clevis-luks-askpass.path - Forward Password Requests to Clevis Directory Watch.
2026-02-24T11:47:38.601221-06:00 <removed hostname> systemd[1]: clevis-luks-askpass.service: Deactivated successfully.
2026-02-24T11:47:38.601435-06:00 <removed hostname> systemd[1]: clevis-luks-askpass.service: Consumed 1.723s CPU time.
crypttab: Note: Commented out line so it would work by rc.local script
dm_crypt-0 UUID=739a1951-c955-4503-ab86-4ea3d081aaf8 none luks
# data-data UUID=99ae1581-c6c4-4a2c-b222-35d29b0da70f none luks
fstab:
/dev/mapper/data-data /data ext4 defaults,noauto 0 1 <<== other persons setup that works with rc.local
# /dev/disk/by-id/dm-uuid-LVM-17w3cu5Oc4C1XHXNfBasmBWcjkvBtPXyZ4Xcx4cvFWwjj9BzX8BfGoUPyEz8vc1W /data ext4 defaults,noauto 0 1 <<== is commented out as that is we mount with the auto-unlock this device won't even show up when using crypttab and clevis auto-unlock.
clevis is bound on both drives using tpm2 and pcr_bank sha256:
ex: 1:
clevis luks list -d /dev/nvme1n1p1
tpm2 '{"hash":"sha256","key":"ecc"}'
Package List:
# apt list --installed |grep -E "clevis|tpm2"
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
clevis-initramfs/noble,now 20-1 amd64 [installed]
clevis-luks/noble,now 20-1 amd64 [installed]
clevis-systemd/noble,now 20-1 amd64 [installed]
clevis-tpm2/noble,now 20-1 amd64 [installed]
clevis/noble,now 20-1 amd64 [installed]
tpm2-tools/noble,now 5.6-1build4 amd64 [installed]
lvm setup:
# vgs
VG #PV #LV #SN Attr VSize VFree
data 1 1 0 wz--n- <3.73t 0
ubuntu-vg 1 1 0 wz--n- 3.72t 0
# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
data data -wi-ao---- <3.73t
ubuntu-lv ubuntu-vg -wi-ao---- 3.72t
I have this setup on other systems and it is working. I didn't initially set this system up but need to troubleshoot this issue.
Any assistance on where to look would be greatly appreciated.
Hello, I hope i can explain this right.
System:
Ubuntu 24.04
Two drives encrypted with lvm and passwords
one is root drive and second drive is mounted as /data partition
primary drive unlocks find, however secondary partition will get stuck with the
device-mapper: create ioctl device or resource busy
if we remove the secondary drive and setup a startup script as rc.local with the following it auto-unlocks fine and mounts properly:
clevis luks unlock -d /dev/nvme1n1p1 > /dev/null 2>&1
sleep 1
mount /data
this requires removal of the drive entry in crypttab as well.
Syslog for "data-data" lvm (i didnt name it that):
Clevis logs from syslog:
crypttab: Note: Commented out line so it would work by rc.local script
fstab:
clevis is bound on both drives using tpm2 and pcr_bank sha256:
ex: 1:
Package List:
lvm setup:
I have this setup on other systems and it is working. I didn't initially set this system up but need to troubleshoot this issue.
Any assistance on where to look would be greatly appreciated.