| View previous topic :: View next topic |
| Author |
Message |
kind_gentooman
n00b
Joined: 16 Jul 2024
Posts: 7
|
 Posted: Thu Jul 18, 2024 2:59 pm Post subject: [SOLVED] dracut cannot decrypt LUKS LVM but boots fine |
 |
|
I get this error on boot:
| Code: | dracut Warning: Could not boot.
dracut Warning: /dev/mapper/gentoovm-root does not exist |
and then I'm dropped in a dracut shell. I run these commands:
| Code: | dracut:/# cryptsetup luksOpen /dev/nvmXXXp2 gentoovm --key-file /boot/volume.key
dracut:/# exit |
Upon exiting, the system detects everything and boots pefectly. So it's not performing the luksOpen.
| Code: |
/dev/nvmXXXp1 is /boot/efi/
/dev/nvmXXXp2: 1234
gentoovm: 9999
gentoovm-root 0000
/etc/default/grub:
GRUB_CMDLINE_DEFAULT="root=UUID=0000 rd.luks.uuid=1234 rd.lvm.vg=gentoovm"
/etc/dracut.conf.d/10-crypt.conf:
install_items+=" /boot/volume.key /etc/crypttab "
add_dracutmodules+=" lvm crypt dm "
/etc/crypttab:
gentoovm UUID=1234 /boot/volume.key luks
/etc/portage/package.use:
sys-fs/lvm2 lvm
sys-boot/grub:2 device-mapper
|
Additionally I ran | Code: | | rc-update add lvm boot |
what am I doing wrong?
Last edited by kind_gentooman on Sun Jul 21, 2024 8:06 am; edited 2 times in total |
|
| Back to top |
|
 |
wanne32
n00b
Joined: 11 Nov 2023
Posts: 68
|
| Posted: Thu Jul 18, 2024 4:59 pm Post subject: |
|
|
I assume same problem as here: https://forums.gentoo.org/viewtopic-t-1169994-highlight-.html
The --install "/boot/volume.key /etc/crypttab" still works. But I assume that it will still have other problems. Since dracut is now (like systemd) ignoring most of the time the crypttab entirely. |
|
| Back to top |
|
|
kind_gentooman
n00b
Joined: 16 Jul 2024
Posts: 7
|
| Posted: Sat Jul 20, 2024 1:58 pm Post subject: |
|
|
thanks a lot, I'm trying UGRD now but it's hard to find info on the format for using a key-file
| Code: |
modules = [
"ugrd.kmod.standard_mask",
"ugrd.crypto.cryptsetup",
"ugrd.fs.lvm",
]
kmod_autodetect_lspci = true
kmod_autodetect_lsmod = true
[cryptsetup.gentoovm]
uuid = "..."
key_file = "/boot/volume.key"
[copies.key]
source = "/boot/volume.key"
destination = "/boot/volume.key"
|
This is as far as I got, but it's wrong. I'm not sure where to go from here. |
|
| Back to top |
|
|
sMueggli
Guru
Joined: 03 Sep 2022
Posts: 430
|
| Posted: Sat Jul 20, 2024 3:29 pm Post subject: |
|
|
| Is your key-file on an unencrypted device? |
|
| Back to top |
|
|
kind_gentooman
n00b
Joined: 16 Jul 2024
Posts: 7
|
|
| Back to top |
|
|
kind_gentooman
n00b
Joined: 16 Jul 2024
Posts: 7
|
|
| Back to top |
|
|
sMueggli
Guru
Joined: 03 Sep 2022
Posts: 430
|
| Posted: Sun Jul 21, 2024 7:58 am Post subject: |
|
|
In the linked guide the ESP is mounted to /boot/efi. And your infos in the first post show that the first partition is mounted to /boot. Assuming that the first partition is the ESP then your initramfs and /boot/volume.key are not encrypted whereas in the linked guide the initramfs and key are encrypted because they reside on the encrypted /. |
|
| Back to top |
|
|
kind_gentooman
n00b
Joined: 16 Jul 2024
Posts: 7
|
| Posted: Sun Jul 21, 2024 8:05 am Post subject: |
|
|
Thanks I made a typo and corrected it.
first partition is /boot/efi/ which is FAT. /boot is on / and is encrypted |
|
| Back to top |
|
|
|
Kernel & Hardware
