| View previous topic :: View next topic |
| Author |
Message |
MadsRC
n00b
Joined: 21 Jun 2015
Posts: 4
|
 Posted: Sun Jun 21, 2015 8:41 pm Post subject: LUKS on LVM and The Handbook |
 |
|
Coming from a Mac, I recently decided to move back to Linux. Not really digging the Ubuntu scene, not really liking CentOS and Fedora and disliking the way Arch updates works, I decided to give Gentoo a try.
I've successfully set up a system om a laptop following the handbook. Now I'd like to reinstall on a encrypted system.
Couldn't really find any up to date guides on doing a Full Disk Encryption, so I had to wing it. It went mostly okay, (LVM and LUKS/DM-Crypt ain't that hard) but my real problems started when I rebooted and I couldn't boot (Since my initramfs couldn't unlock my encrypted drive).
In what way to I need to deviate from the handbook to accomplice my goal?
* I build the kernel manually.
* I generate the initramfs using "genkernel --lvm --luks --install initramfs"
* I install grub2 using the 2 commands from the handbook
* I edit the fstab to point /dev/mapper/cryptroot to /
Just can't get it to work properly.
Last edited by MadsRC on Mon Jun 22, 2015 7:47 am; edited 1 time in total |
|
| Back to top |
|
 |
frostschutz
Advocate
Joined: 22 Feb 2005
Posts: 2977
Location: Germany
|
| Posted: Sun Jun 21, 2015 9:51 pm Post subject: |
|
|
manual kernel build? maybe something missing from your kernel config?
fstab works better with UUID |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23326
|
| Posted: Sun Jun 21, 2015 11:24 pm Post subject: |
|
|
| What messages are printed when it fails to boot? Is it not asking you for a password or is it unable to use the password you provided? |
|
| Back to top |
|
|
Budoka
l33t
Joined: 03 Jun 2012
Posts: 777
Location: Tokyo, Japan
|
|
| Back to top |
|
|
MadsRC
n00b
Joined: 21 Jun 2015
Posts: 4
|
| Posted: Mon Jun 22, 2015 6:09 am Post subject: |
|
|
I don't remember the error message from the first boot, but yesterday it refused to boot as it the root mountpoint wasn't correct (Couldn't find /dev/mapper/cryptroot).
It's a manual kernel build, yes - From the guides I found around the net for LVM and LUKS, I don't think I forgot to include anything in the kernel.
I'll have a look at that guide tonight when I get back from work - It would be awesome if it was a part of the handbook. I can't ever imagine installing anything that isn't full disk encrypted in these times. |
|
| Back to top |
|
|
The Doctor
Moderator
Joined: 27 Jul 2010
Posts: 2678
|
| Posted: Mon Jun 22, 2015 6:52 am Post subject: |
|
|
| Quote: | | I edit the fstab to point /dev/mapper/root to / |
| Quote: | | I don't remember the error message from the first boot, but yesterday it refused to boot as it the root mountpoint wasn't correct (Couldn't find /dev/mapper/cryptroot). |
Confusion about what root is supposed to be? It can only have one /dev/mapper/ name for root.
_________________
First things first, but not necessarily in that order.
Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box. |
|
| Back to top |
|
|
MadsRC
n00b
Joined: 21 Jun 2015
Posts: 4
|
| Posted: Mon Jun 22, 2015 7:47 am Post subject: |
|
|
| The Doctor wrote: |
Confusion about what root is supposed to be? It can only have one /dev/mapper/ name for root. |
Ah yes, I used the one at one install and the other at another install - Changed the original post to cryptroot  |
|
| Back to top |
|
|
MadsRC
n00b
Joined: 21 Jun 2015
Posts: 4
|
| Posted: Mon Jun 22, 2015 3:45 pm Post subject: |
|
|
When I got home i decided to redo my install and see if I could get it right.
I followed the below procedure:
| Code: | livecd ~ # parted -a optimal /dev/sda
GNU Parted 3.2
Using /dev/sda
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) print
Model: ATA ST320LT007-9ZV14 (scsi)
Disk /dev/sda: 320GB
Sector size (logical/physical): 512B/4096B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
1 1049kB 256MB 255MB primary ext2 boot
2 257MB 320GB 320GB extended
5 257MB 320GB 320GB logical
(parted) rm 1
(parted) rm 2
(parted) rm 3
Error: Partition doesn't exist.
(parted) print
Model: ATA ST320LT007-9ZV14 (scsi)
Disk /dev/sda: 320GB
Sector size (logical/physical): 512B/4096B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
(parted) mklabel gpt
Warning: The existing disk label on /dev/sda will be destroyed and all data on this disk will be lost. Do you want to continue?
Yes/No? yes
(parted) unit mib
(parted) mkpart primary 1 3
(parted) name 1 grub
(parted) set 1 bios_grub on
(parted) mkpart primary 3 131
(parted) name 2 boot
(parted) mkpart primrary 131 -1
(parted) name 3 rootfs
(parted) set 2 boot on
(parted) quit
livecd ~ # modprobe dm-crypt
livecd ~ # modprobe dm-mod
livecd ~ # modprobe aes
livecd ~ # modprobe sha512
livecd ~ # cryptsetup -y --cipher aes-xts-plain64:sha512 --key-size 512 luksFormat /dev/sda3
Enter passphrase:
Verify passphrase:
livecd ~ # cryptsetup luksOpen /dev/sda3 root
Enter passphrase for /dev/sda3:
livecd ~ # pvcreate /dev/mapper/root
Physical volume "/dev/mapper/root" successfully created
livecd ~ # vgcreate vg /dev/mapper/root
Volume group "vg" successfully created
livecd ~ # lvcreate -L20G -nroot vg
Logical volume "root" created
livecd ~ # lvcreate -L20G -nhome vg
Logical volume "home" created
livecd ~ # mkfs.ext2 /dev/sda1
livecd ~ # mkfs.ext2 /dev/sda2
livecd ~ # mkfs.ext4 /dev/mapper/vg-root
livecd ~ # mkfs.ext4 /dev/mapper/vg-home
livecd ~ # mkdir /mnt/gentoo
livecd ~ # mount /dev/mapper/vg-root /mnt/gentoo
livecd ~ # mkdir /mnt/gentoo/home
livecd ~ # mount /dev/mapper/vg-home /mnt/gentoo/home
livecd ~ # mkdir /mnt/gentoo/boot
livecd ~ # mount /dev/sda2 /mnt/gentoo/boot
livecd gentoo # links http://ftp.snt.utwente.nl/pub/os/linux/gentoo/releases/amd64/autobuilds/current-stage3-amd64/stage3-amd64-20150618.tar.bz2
livecd gentoo # tar xvjpf stage3-*.tar.bz2 --xattrs
livecd gentoo # vi /mnt/gentoo/etc/portage/make.conf
livecd gentoo # cat /mnt/gentoo/etc/portage/make.conf
# These settings were set by the catalyst build script that automatically
# built this stage.
# Please consult /usr/share/portage/config/make.conf.example for a more
# detailed example.
CFLAGS="-march=native -O2 -pipe"
CXXFLAGS="${CFLAGS}"
# WARNING: Changing your CHOST is not something that should be done lightly.
# Please consult http://www.gentoo.org/doc/en/change-chost.xml before changing.
CHOST="x86_64-pc-linux-gnu"
# These are the USE flags that were used in addition to what is provided by the
# profile used for building.
USE="bindist mmx sse sse2"
PORTDIR="/usr/portage"
DISTDIR="${PORTDIR}/distfiles"
PKGDIR="${PORTDIR}/packages"
MAKEOPTS="-j2"
livecd gentoo # cp -L /etc/resolv.conf /mnt/gentoo/etc/
livecd gentoo # cp -L /etc/resolv.conf /mnt/gentoo/etc/
livecd gentoo # mount -t proc proc /mnt/gentoo/proc
livecd gentoo # mount --rbind /sys /mnt/gentoo/sys
livecd gentoo # mount --make-rslave /mnt/gentoo/sys
livecd gentoo # mount --rbind /dev /mnt/gentoo/dev
livecd gentoo # mount --make-rslave /mnt/gentoo/dev
livecd gentoo # chroot /mnt/gentoo /bin/bash
livecd / # source /etc/profile
livecd / # export PS1="(chroot) $PS1"
(chroot) livecd / # emerge-webrsync
!!! Section 'x-portage' in repos.conf has location attribute set to nonexistent directory: '/usr/portage'
!!! Section 'gentoo' in repos.conf has location attribute set to nonexistent directory: '/usr/portage'
!!! Invalid Repository Location (not a dir): '/usr/portage'
Fetching most recent snapshot ...
Trying to retrieve 20150621 snapshot from http://distfiles.gentoo.org ...
Fetching file portage-20150621.tar.xz.md5sum ...
Fetching file portage-20150621.tar.xz.gpgsig ...
Fetching file portage-20150621.tar.xz ...
Checking digest ...
Getting snapshot timestamp ...
Syncing local tree ...
.
.
Removed for brevity
.
.
(chroot) livecd / # eselect profile list
Available profile symlink targets:
[1] default/linux/amd64/13.0 *
[2] default/linux/amd64/13.0/selinux
[3] default/linux/amd64/13.0/desktop
[4] default/linux/amd64/13.0/desktop/gnome
.
.
Removed for brevity
.
.
(chroot) livecd / # eselect profile set 3
(chroot) livecd / # echo "Europe/Copenhagen" > /etc/timezone
(chroot) livecd / # emerge --config sys-libs/timezone-data
Configuring pkg...
* Updating /etc/localtime with /usr/share/zoneinfo/Europe/Copenhagen
(chroot) livecd / # emerge vim
.
.
Removed for brevity
.
.
(chroot) livecd / # vi /etc/locale.gen
# Uncommented en_US.UTF-8 UTF-8
(chroot) livecd / # locale-gen
* Generating 1 locales (this might take a while) with 1 jobs
* (1/1) Generating en_US.UTF-8 ... [ ok ]
* Generation complete
(chroot) livecd / # eselect locale list
Available targets for the LANG variable:
[1] C
[2] en_US.utf8
[3] POSIX
[ ] (free form)
(chroot) livecd / # eselect locale set 2
Setting LANG to en_US.utf8 ...
Run ". /etc/profile" to update the variable in your shell.
(chroot) livecd / # env-update && source /etc/profile
>>> Regenerating /etc/ld.so.cache...
livecd / # emerge --ask sys-kernel/gentoo-sources
.
.
removed for brewity
.
.
livecd / # cd /usr/src/linux
livecd linux # emerge genkernel
.
.
Removed for brevity
.
.
livecd linux # emerge cryptsetup
.
.
Removed for brevity
.
.
livecd linux # vi /etc/fstab
livecd linux # cat /etc/fstab
# /etc/fstab: static file system information.
#
# noatime turns off atimes for increased performance (atimes normally aren't
# needed); notail increases performance of ReiserFS (at the expense of storage
# efficiency). It's safe to drop the noatime options if you want and to
# switch between notail / tail freely.
#
# The root filesystem should have a pass number of either 0 or 1.
# All other filesystems should have a pass number of 0 or greater than 1.
#
# See the manpage fstab(5) for more information.
#
# <fs> <mountpoint> <type> <opts> <dump/pass>
# NOTE: If your BOOT partition is ReiserFS, add the notail option to opts.
/dev/sda2 /boot ext2 noauto,noatime 1 2
/dev/mapper/vg-root / ext4 noatime 0 1
/dev/mapper/vg-home /home ext4 noatime 0 2
/dev/cdrom /mnt/cdrom auto noauto,ro 0 0
/dev/fd0 /mnt/floppy auto noauto 0 0
livecd linux # genkernel --lvm --luks --menuconfig all
# Changed to builtin, from modules:
Device Drivers --->
Multi-device support (RAID and LVM) --->
<*> Device mapper support
<*> Crypt target support
Cryptographic options --->
<*> XTS support
<*> SHA384 and SHA512 digest algorithms
{*} SHA224 and SHA256 digest algorithm
# Added as builtin
Cryptographic options --->
<*> AES cipher algorithms (AES-NI)
.
.
Removed for brevity
.
.
livecd linux # emerge sys-kernel/linux-firmware
.
.
Removed for brevity
.
.
livecd linux # passwd
New password:
Retype new password:
passwd: password updated successfully
livecd linux # emerge app-admin/syslog-ng sys-process/cronie sys-apps/mlocate net-misc/dhcpcd sys-boot/grub sys-fs/lvm2
.
.
Removed for brevity
.
.
livecd linux # rc-update add syslog-ng default
* service syslog-ng added to runlevel default
livecd linux # rc-update add cronie default
* service cronie added to runlevel default
livecd linux # vi /etc/default/grub
# Added: GRUB_CMDLINE_LINUX="real_root=/dev/mapper/vg-root crypt_root=/dev/sda3 dolvm ro"
livecd linux # grub2-install /dev/sda
Installing for i386-pc platform.
Installation finished. No error reported.
livecd linux # grub2-mkconfig -o /boot/grub/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/kernel-genkernel-x86_64-4.0.5-gentoo
Found initrd image: /boot/initramfs-genkernel-x86_64-4.0.5-gentoo
done
livecd linux # rc-update add lvm boot
* service lvm added to runlevel boot
livecd linux # exit
exit
livecd gentoo # cd
livecd ~ # umount -l /mnt/gentoo/dev{/shm,/pts,}
livecd ~ # umount /mnt/gentoo{/boot,/sys,/proc,}
umount: /mnt/gentoo/sys: target is busy
(In some cases useful info about processes that
use the device is found by lsof(8) or fuser(1).)
umount: /mnt/gentoo: target is busy
(In some cases useful info about processes that
use the device is found by lsof(8) or fuser(1).)
livecd ~ # reboot |
It's working. Yay!
Thank you guys, for helping me |
|
| Back to top |
|
|
|
Installing Gentoo
