View previous topic :: View next topic |
Author |
Message |
o5gmmob8 Guru
Joined: 17 Oct 2003 Posts: 502
|
Posted: Sat Jan 11, 2025 6:24 pm Post subject: [SOLVED] unable to boot |
|
|
grub-install --efi-directory=/efi - unknown filesystem
I've been away from Gentoo for the past few years and am setting it up once again.
Before I migrate to secure boot, I need to get UEFI booting working.
I'm following the handbook:
https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Bootloader#UEFI_systems
I partitioned the disk with ZFS (using the admin cd) and have nvme0n1p1 - vfat, and nvme0n1p2 - encrypted ZFS (ZFS on top of LUKS). I have the EFI partition mounted at /efi and upon running
Code: | grub-install --efi-directory=/efi |
I get unknown filesystem.
The EFI partition is indeed mounted at /efi and I am performing these operations inside the chrooted environment with all of the mount points setup, /dev, /sys, /run, and /proc. I also mounted efivarfs @ /sys/firmware/efi/efivars.
I ran grub-install with --verbose and I think it is looking at the second partition for whatever reason. I think I created the proper partition table, but I must be missing something.
Last edited by o5gmmob8 on Thu Jan 16, 2025 12:30 am; edited 1 time in total |
|
Back to top |
|
|
CooSee Veteran
Joined: 20 Nov 2004 Posts: 1507 Location: Earth
|
Posted: Sat Jan 11, 2025 6:51 pm Post subject: |
|
|
maybe you forgot to:
https://wiki.gentoo.org/wiki/ZFS#Bootloader
Quote: | Bootloader
GRUB should be compiled with libzfs USE-flag in order to boot system from ZFS dataset:
echo "sys-boot/grub libzfs" > /etc/portage/package.use/grub
emerge -av grub |
_________________ " Die Realität ist eine Illusion, die durch Mangel an ehrlicher Kommunikation entsteht "
---
" Der Mensch ist von Natur aus neugierig, was am Ende übrig bleibt ist die Gier " |
|
Back to top |
|
|
o5gmmob8 Guru
Joined: 17 Oct 2003 Posts: 502
|
Posted: Sat Jan 11, 2025 7:04 pm Post subject: |
|
|
Yes, you might be right. I'm rebuilding grub now . |
|
Back to top |
|
|
o5gmmob8 Guru
Joined: 17 Oct 2003 Posts: 502
|
Posted: Sat Jan 11, 2025 7:17 pm Post subject: |
|
|
No changes, I'm getting the same thing.
These are the use flags I see for grub:
https://wiki.gentoo.org/wiki/GRUB#USE_flags
I have my use set to:
Code: | device-mapper fonts libzfs nls themes truetype |
and my GRUB_PLATFORM set to |
|
Back to top |
|
|
CooSee Veteran
Joined: 20 Nov 2004 Posts: 1507 Location: Earth
|
Posted: Sat Jan 11, 2025 7:35 pm Post subject: |
|
|
Quote: | I have the EFI partition mounted at /efi and upon running |
don't get me wrong, but shouldn't it be /boot/efi ?
after i mounted the root partition i do ' mkdir --parents /mnt/gentoo/boot/efi '
and then, e.g. mount /dev/sdX1 /mnt/gentoo/boot/efi
and, my system only works via grub-install --target=x86_64-efi --efi-directory=/boot/efi --removable
i don't use or tried ZFS at all - just want to help
_________________ " Die Realität ist eine Illusion, die durch Mangel an ehrlicher Kommunikation entsteht "
---
" Der Mensch ist von Natur aus neugierig, was am Ende übrig bleibt ist die Gier "
Last edited by CooSee on Sat Jan 11, 2025 7:39 pm; edited 1 time in total |
|
Back to top |
|
|
o5gmmob8 Guru
Joined: 17 Oct 2003 Posts: 502
|
Posted: Sat Jan 11, 2025 7:38 pm Post subject: |
|
|
Not sure.
Here is what I did just now:
Code: |
umount /efi
mkdir -p /boot/efi
mount /dev/nvme0n1p1 /boot/efi/
grub-install --efi-directory=/boot/efi
|
Code: |
Installing for x86_64-efi platform.
grub-install: error: unknown filesystem.
|
It shouldn't matter, but I created my ZFS as: z_512.0/gentoo/ROOT and on the livecd, that is mounted at /mnt/gentoo/z_512.0/gentoo/ROOT. I have ssh running in the chroot and I'm installing remotely, so I get dropped into the root properly. |
|
Back to top |
|
|
CooSee Veteran
Joined: 20 Nov 2004 Posts: 1507 Location: Earth
|
Posted: Sat Jan 11, 2025 7:45 pm Post subject: |
|
|
what about the libzfs USE flags for grub - is it enabled on your system ?
https://packages.gentoo.org/packages/sys-boot/grub
Code: | device-mapper fonts mount nls themes truetype -doc -efiemu -libzfs -sdl -secureboot -test -verify-sig |
_________________ " Die Realität ist eine Illusion, die durch Mangel an ehrlicher Kommunikation entsteht "
---
" Der Mensch ist von Natur aus neugierig, was am Ende übrig bleibt ist die Gier " |
|
Back to top |
|
|
o5gmmob8 Guru
Joined: 17 Oct 2003 Posts: 502
|
Posted: Sat Jan 11, 2025 7:45 pm Post subject: |
|
|
I enabled it just for grub, but yeah, good point, let me check if it needs to be a global use flag.
I think it is a local USE flag only. |
|
Back to top |
|
|
CooSee Veteran
Joined: 20 Nov 2004 Posts: 1507 Location: Earth
|
Posted: Sat Jan 11, 2025 8:47 pm Post subject: |
|
|
Quote: | I think it is a local USE flag only. |
yes, it's only for grub.
you're using luks on top - more info about your settings is needed to help you in better way.
please show your emerge --info
the content of your /etc/default/grub - output of blkid - content of /etc/fstab
and https://wiki.gentoo.org/wiki/Wgetpaste - e.g. wgetpaste --verbose --service 0x0 /boot/grub/grub.cfg <<< provide the link in your answer.
_________________ " Die Realität ist eine Illusion, die durch Mangel an ehrlicher Kommunikation entsteht "
---
" Der Mensch ist von Natur aus neugierig, was am Ende übrig bleibt ist die Gier " |
|
Back to top |
|
|
o5gmmob8 Guru
Joined: 17 Oct 2003 Posts: 502
|
Posted: Sat Jan 11, 2025 9:00 pm Post subject: |
|
|
Code: |
Portage 3.0.66.1 (python 3.12.8-final-0, default/linux/amd64/23.0, gcc-14, glibc-2.40-r5, 6.6.67 x86_64)
=================================================================
System uname: Linux-6.6.67-x86_64-Intel-R-_Core-TM-_i9-9880H_CPU_@_2.30GHz-with-glibc2.40
KiB Mem: 65582828 total, 35352128 free
KiB Swap: 0 total, 0 free
Timestamp of repository gentoo: Wed, 08 Jan 2025 12:05:00 +0000
Head commit of repository gentoo: a85c9b435cda4ae3f04fe9888bc921289add58be
sh bash 5.2_p37
ld GNU ld (Gentoo 2.43 p3) 2.43.1
app-misc/pax-utils: 1.3.8::gentoo
app-shells/bash: 5.2_p37::gentoo
dev-build/autoconf: 2.72-r1::gentoo
dev-build/automake: 1.16.5-r2::gentoo
dev-build/cmake: 3.30.6::gentoo
dev-build/libtool: 2.5.4::gentoo
dev-build/make: 4.4.1-r100::gentoo
dev-build/meson: 1.5.2::gentoo
dev-lang/perl: 5.40.0::gentoo
dev-lang/python: 3.12.8::gentoo, 3.13.1::gentoo
dev-lang/rust-bin: 1.82.0-r101::gentoo
llvm-core/clang: 18.1.8-r6::gentoo, 19.1.4::gentoo
llvm-core/lld: 19.1.4::gentoo
llvm-core/llvm: 18.1.8-r6::gentoo, 19.1.4::gentoo
sys-apps/baselayout: 2.17::gentoo
sys-apps/openrc: 0.55.1::gentoo
sys-apps/sandbox: 2.39::gentoo
sys-devel/binutils: 2.43-r2::gentoo
sys-devel/binutils-config: 5.5.2::gentoo
sys-devel/gcc: 14.2.1_p20241221::gentoo
sys-devel/gcc-config: 2.11::gentoo
sys-kernel/linux-headers: 6.6-r1::gentoo (virtual/os-headers)
sys-libs/glibc: 2.40-r5::gentoo
Repositories:
gentoo
location: /var/db/repos/gentoo
sync-type: rsync
sync-uri: rsync://rsync.gentoo.org/gentoo-portage
priority: -1000
volatile: False
sync-rsync-verify-max-age: 3
sync-rsync-extra-opts:
sync-rsync-verify-jobs: 1
sync-rsync-verify-metamanifest: yes
Binary Repositories:
gentoobinhost
priority: 1
sync-uri: https://distfiles.gentoo.org/releases/amd64/binpackages/23.0/x86-64
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="@FREE @BINARY-REDISTRIBUTABLE"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=skylake -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/sandbox.d"
CXXFLAGS="-march=skylake -O2 -pipe"
DISTDIR="/var/cache/distfiles"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME"
FCFLAGS="-march=skylake -O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg-live config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync merge-wait multilib-strict network-sandbox news parallel-fetch pid-sandbox pkgdir-index-trusted preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-march=skylake -O2 -pipe"
GENTOO_MIRRORS="rsync://mirrors.tera-byte.com/gentoo"
LANG="C.UTF8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-z,pack-relative-relocs"
LEX="flex"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
SHELL="/bin/bash"
USE="aac acl acpi afs amd64 audit bluetooth brotli bzip2 caps cet colord crypt cuda cups curl dbus dist-kernel djvu dri encode exif extra fam fbcon ffmpeg fontconfig gdbm geoip geolocation git gnome-keyring gtk hardened hddtemp http2 iconv imagemagick imap imlib inotify ipv6 jack jpeg jpeg2k keyring lame libnotify libtirpc libzfs lz4 lzip lzma lzo mad magic man mp3 mtp multilib ncurses nls nsplugin nvenc opengl openmp pam pcre pdf pie png policykit posix pulseaudio raw readline sasl sctp seccomp skey sockets socks5 sound spell ssl startup-notification svg symlink syslog test-rust truetype ttf udev uefi unicode upower usb v4l vaapi vdpau vpx wayland webkit webp wifi x264 xattr xinerama zip zlib zsh-completion zstd" ABI_X86="64" ADA_TARGET="gcc_13" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_anon authn_dbm authn_file authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers include info log_config logio mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2 aes avx avx2 f16c fma3 pclmul popcnt rdrand sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax navcom oceanserver oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 tsip tripmate tnt ublox" GRUB_PLATFORMS="efi-64" GUILE_SINGLE_TARGET="3-0" GUILE_TARGETS="3-0" INPUT_DEVICES="libinput" KERNEL="linux" L10N="en en-US" LCD_DEVICES="bayrad cfontz glk hd44780 lb216 lcdm001 mtxorb text" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-2" POSTGRES_TARGETS="postgres16" PYTHON_SINGLE_TARGET="python3_12" PYTHON_TARGETS="python3_12" RUBY_TARGETS="ruby32" VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipp2p iface geoip fuzzy condition tarpit sysrq proto logmark ipmark dhcpmac delude chaos account"
Unset: ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EMERGE_DEFAULT_OPTS, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, LINGUAS, MAKE, MAKEFLAGS, MAKEOPTS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PYTHONPATH, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS
|
Code: |
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
#
# To populate all changes in this file you need to regenerate your
# grub configuration file afterwards:
# 'grub-mkconfig -o /boot/grub/grub.cfg'
#
# See the grub info page for documentation on possible variables and
# their associated values.
GRUB_DISTRIBUTOR="Gentoo"
# Default menu entry
#GRUB_DEFAULT=0
# Boot the default entry this many seconds after the menu is displayed
#GRUB_TIMEOUT=5
#GRUB_TIMEOUT_STYLE=menu
# Append parameters to the linux kernel command line
#GRUB_CMDLINE_LINUX=""
#
# Examples:
#
# Boot with network interface renaming disabled
# GRUB_CMDLINE_LINUX="net.ifnames=0"
#
# Boot with systemd instead of sysvinit (openrc)
# GRUB_CMDLINE_LINUX="init=/usr/lib/systemd/systemd"
# Append parameters to the linux kernel command line for non-recovery entries
#GRUB_CMDLINE_LINUX_DEFAULT=""
# Uncomment to disable graphical terminal (grub-pc only)
#GRUB_TERMINAL=console
# Resolution used on graphical terminal.
# The list of valid modes may be obtained using the 'vbeinfo' (PC BIOS) or
# 'videoinfo' (EFI) command from a GRUB boot prompt.
#GRUB_GFXMODE=640x480
# Set to 'text' to force the Linux kernel to boot in normal text
# mode, 'keep' to preserve the graphics mode set using
# 'GRUB_GFXMODE', 'WIDTHxHEIGHT'['xDEPTH'] to set a particular
# graphics mode, or a sequence of these separated by commas or
# semicolons to try several modes in sequence.
#GRUB_GFXPAYLOAD_LINUX=
# Path to theme spec txt file.
# The starfield is by default provided with use truetype.
# NOTE: when enabling custom theme, ensure you have required font/etc.
#GRUB_THEME="/boot/grub/themes/starfield/theme.txt"
# Background image used on graphical terminal.
# Can be in various bitmap formats.
#GRUB_BACKGROUND="/boot/grub/mybackground.png"
# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to kernel
#GRUB_DISABLE_LINUX_UUID=true
# Comment if you don't want GRUB to pass "root=PARTUUID=xxx" parameter to kernel
GRUB_DISABLE_LINUX_PARTUUID=false
# Uncomment to disable generation of recovery mode menu entries
#GRUB_DISABLE_RECOVERY=true
# Uncomment to disable generation of the submenu and put all choices on
# the top-level menu.
# Besides the visual affect of no sub menu, this makes navigation of the
# menu easier for a user who can't see the screen.
#GRUB_DISABLE_SUBMENU=y
# Uncomment to play a tone when the main menu is displayed.
# This is useful, for example, to allow users who can't see the screen
# to know when they can make a choice on the menu.
#GRUB_INIT_TUNE="60 800 1"
|
I haven't modified /etc/fstab yet because I figured I would do that just before I intend to boot into the system. Does GRUB need that? |
|
Back to top |
|
|
CooSee Veteran
Joined: 20 Nov 2004 Posts: 1507 Location: Earth
|
Posted: Sat Jan 11, 2025 10:50 pm Post subject: |
|
|
Quote: | I haven't modified /etc/fstab yet because I figured I would do that just before I intend to boot into the system. Does GRUB need that? |
grub needs some additional settings, because using luks on top, there will be LUKS UUID and also root UUID - without it grub doesn't know which is what.
for example - this is from artix wiki https://forum.artixlinux.org/index.php?action=dlattach;topic=1541.0;attach=1798
no cryptsetup USE flag ?
EDIT:
Quote: | I've been away from Gentoo for the past few years and am setting it up once again. |
to get more comfortable, you can try with this great TUI Interface - but for ZFS it is using native encryption and there's also a luks option available
but it's using EFIstub booting <<< if this doesn't work you can install and configure grub afterwards or add aditional ebuilds while configuring the script beforehand.
e.g. sys-boot/grub app-misc/mc sys-libs/gpm etc. _________________ " Die Realität ist eine Illusion, die durch Mangel an ehrlicher Kommunikation entsteht "
---
" Der Mensch ist von Natur aus neugierig, was am Ende übrig bleibt ist die Gier " |
|
Back to top |
|
|
o5gmmob8 Guru
Joined: 17 Oct 2003 Posts: 502
|
Posted: Sat Jan 11, 2025 11:32 pm Post subject: |
|
|
Hmm, I think I need some more hand holding.
Ok, so this is what I got:
Code: |
blkid /dev/nvme0n1p1
/dev/nvme0n1p1: UUID="F0CB-9833" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="5a771bf6-cd02-432a-9a22-9252bd3d98af"
|
The encrypted volume is p2
Code: |
/dev/nvme0n1p2: UUID="01ebe0db-0220-46e0-a6ac-c8788bcf9e48" TYPE="crypto_LUKS" PARTUUID="0e210451-6460-4386-bc81-fdd41af0e0fb"
|
From the attachment, it looks like I need to pass cryptdevice=UUID=01ebe0db-0220-46e0-a6ac-c8788bcf9e48. Would that go in my /etc/default/grub under GRUB_CMDLINE_LINUX_DEFAULT? |
|
Back to top |
|
|
CooSee Veteran
Joined: 20 Nov 2004 Posts: 1507 Location: Earth
|
Posted: Sun Jan 12, 2025 12:22 am Post subject: |
|
|
Quote: | Would that go in my /etc/default/grub under GRUB_CMDLINE_LINUX_DEFAULT |
yes, but i must admit i forgot some things regarding luks and such, because i'am old(school) and getting older every day
please emerge sys-fs/genfstab and do genfstab -U / >> /etc/fstab <<< U is for UUIDs for source identifiers and show the new content of your fstab here.
_________________ " Die Realität ist eine Illusion, die durch Mangel an ehrlicher Kommunikation entsteht "
---
" Der Mensch ist von Natur aus neugierig, was am Ende übrig bleibt ist die Gier " |
|
Back to top |
|
|
o5gmmob8 Guru
Joined: 17 Oct 2003 Posts: 502
|
Posted: Sun Jan 12, 2025 1:37 am Post subject: |
|
|
Hehe, aren't we all.
Ok, after that, my fstab is updated and looks good, but still I get the same thing:
relevant bits in /etc/fstab:
Code: | z_512.0/gentoo/ROOT / zfs rw,xattr,noacl,casesensitive 0 0
# /dev/nvme0n1p1
UUID=F0CB-9833 /boot/efi vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,errors=remount-ro 0 2 |
The last bit of the grub logs (with --verbose) is:
Code: | grub-install: info: /dev/mapper/gentoo is not present.
grub-install: info: drive = 0.
grub-install: info: the size of hostdisk//dev/nvme0n1 is 1000215216.
grub-install: error: unknown filesystem. |
Whenever I setup LUKS, I did:
Code: | cryptsetup luksOpen /dev/nvmen1p2 gentoo
zpool import -R /mnt/gentoo z_512.0 |
The last time I was running Gentoo, I believe I did LUKS + LVM so I was doing what I recall mixed with the handbook.
EDIT:
The logs from grub-install are huge, so I truncated it. Perhaps there is something there I'm missing.
I don't recall how I setup my fstab before, but I think my fstab needs to reference /dev/nvme0n1p2 crypt / LUKS. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20582
|
Posted: Sun Jan 12, 2025 2:42 am Post subject: |
|
|
CooSee wrote: | shouldn't it be /boot/efi ? | /efi is recommended as the default.
https://wiki.gentoo.org/wiki/Handbook:AMD64/Blocks/Disks
Also: Quote: | Mounting the ESP to /boot/efi/, as was traditionally done, is not recommended. A nested setup complicates implementation of best-practice autofs-style mounts, as establishing the inner autofs will trigger the outer one. Mounting these partitions via autofs (and by extension keeping them unmounted whenever possible) is recommended due to the data integrity and security characteristics of VFAT file systems being effectively nonexistent.
Where bootloader support is available use /boot for the XBOOTLDR partition and /efi for the ESP. If it is not possible to do so, a monolithic ESP should be mounted at /boot; autofs-style mounts should still be used. | https://wiki.gentoo.org/wiki/EFI_System_Partition _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
sMueggli Guru
Joined: 03 Sep 2022 Posts: 531
|
Posted: Sun Jan 12, 2025 10:14 am Post subject: |
|
|
Regarding the mountpoint: The nesting of /boot/efi and /efi is exactly the same in this setup (root of system = level 1, /boot/efi and /efi = level 2). Using Grub I recommend /boot/efi. But if you like typing and want to remember that you have to specify the "--efi-directory=/efi" flag, you can also take /efi as mountpoint.
Regarding LUKS: You need in /etc/default/grub the variable "GRUB_ENABLE_CRYPTODISK=y" set. Otherwise Grub will not be able to unlock the LUKS container and load the grub.cfg from it. I think this could also help with the "unknown filesystem" problem.
From https://www.gnu.org/software/grub/manual/grub/html_node/Simple-configuration.html:
Quote: |
If set to ‘y’, grub-mkconfig and grub-install will check for encrypted disks and generate additional commands needed to access them during boot. Note that in this case unattended boot is not possible because GRUB will wait for passphrase to unlock encrypted container.
|
Please be aware that if you are using LUKS2 that the PBKDF should not be set to argon. Grub is missing any Argon support so unlocking will fail.
Regarding boot parameters: It depends how you generate your initramfs. Using Dracut I have specified "rd.luks.uuid" (the UUID of the LUKS container), and rd.lvm.vg in GRUB_CMDLINE_LINUX. |
|
Back to top |
|
|
o5gmmob8 Guru
Joined: 17 Oct 2003 Posts: 502
|
Posted: Sun Jan 12, 2025 10:22 am Post subject: |
|
|
Ok, so I reverted back to the original /efi directory as the mount point AND set GRUB_ENABLE_CRYPTODISK="y". As part of changing the mount point, I also updated /etc/fstab accordingly.
I'm still getting the same error.
I think the root mount point in /etc/fstab isn't right:
Code: |
z_512.0/gentoo/ROOT / zfs rw,xattr,noacl,casesensitive 0 0
|
While I have unlocked /dev/nvmen1p2 using cryptsetup and used the name, "gentoo", I didn't declare that in /etc/fstab and I think that could be the problem. I loosely followed this:
https://wiki.gentoo.org/wiki/Rootfs_encryption/en |
|
Back to top |
|
|
sMueggli Guru
Joined: 03 Sep 2022 Posts: 531
|
Posted: Sun Jan 12, 2025 10:51 am Post subject: |
|
|
o5gmmob8 wrote: | While I have unlocked /dev/nvmen1p2 using cryptsetup and used the name, "gentoo", I didn't declare that in /etc/fstab and I think that could be the problem. I loosely followed this:
https://wiki.gentoo.org/wiki/Rootfs_encryption/en |
This wiki is using an unencrypted /boot (by mounting the ESP to /boot instead of $your_favourite_mountpoint_for_ESP). Beside that, I have never used ZFS, so I cannot help with ZFS-related problems. |
|
Back to top |
|
|
o5gmmob8 Guru
Joined: 17 Oct 2003 Posts: 502
|
Posted: Sun Jan 12, 2025 10:52 am Post subject: |
|
|
My /boot /efi is unencrypted. My partition table is:
nvme0n1p1 -> vfat (/efi)
nvme0n1p2 -> crypt (ZFS) |
|
Back to top |
|
|
sMueggli Guru
Joined: 03 Sep 2022 Posts: 531
|
Posted: Sun Jan 12, 2025 11:05 am Post subject: |
|
|
Yes, your ESP is unencrypted (and cannot be encrypted). But it contains (or would contain) only the Grub EFI binary, just enough for the firmware to load the first part of Grub.
But the files in /boot are encrypted. For example kernel and the grub.cfg. If you do not want encrypted /boot you need another partition for /boot or you (ab)use the ESP as /boot. |
|
Back to top |
|
|
o5gmmob8 Guru
Joined: 17 Oct 2003 Posts: 502
|
Posted: Mon Jan 13, 2025 1:45 am Post subject: |
|
|
I went back through the handbook and other ZFS pages trying to see what I missed. I did these steps as it appears I missed them:
Code: |
zfs set canmount=noauto z_512.0/gentoo/ROOT
zpool set bootfs=z_512.0/gentoo/ROOT z_512.0
mkdir -p /efi/EFI/BOOT
curl -L https://get.zfsbootmenu.org/efi -o /efi/EFI/BOOT/BOOTX64.EFI
emerge -av sys-boot/efibootmgr
efibootmgr -c -d /dev/nvme0n1 -p 1 -L "ZFSBootMenu" -l \\EFI\\BOOT\\BOOTX64.EFI
|
After completing those, I'm still getting the same error.
The last relevant bits:
Code: |
grub-install: info: the size of hostdisk//dev/nvme0n1 is 1000215216.
grub-install: info: populating parameters of cryptomount `CRYPT-LUKS2-01ebe0db022046e0a6acc8788bcf9e48-gentoo' from DM device `gentoo'.
grub-install: info: /dev/mapper/gentoo is not present.
grub-install: info: drive = 0.
grub-install: info: the size of hostdisk//dev/nvme0n1 is 1000215216.
grub-install: error: unknown filesystem.
|
|
|
Back to top |
|
|
o5gmmob8 Guru
Joined: 17 Oct 2003 Posts: 502
|
Posted: Mon Jan 13, 2025 11:56 am Post subject: |
|
|
I am still stuck, I think I have the rest of the system setup the way I'd like, but I don't believe I'll be able to boot into this system to test it out. I think I'm following this guide:
https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Bootloader
for the UEFI section. Once I successfully setup UEFI and can boot, then I will worry about secure boot later.
Whenever I run grub-probe efi outside of the chroot environment, I get fat as I'd expect. Note, that I am in the root directory, just not chrooted. Whenever I run grub-probe boot, I get unknown filesystem. boot is a directory within the ZFS root volume.
EDIT:
I just noticed that when I created the zpool, I didn't mention any options. Upon rescanning the documentation, I think I need to mention 2.1:
Code: |
zpool create -f \
-o ashift=12 \
-o autotrim=on \
-o compatibility=openzfs-2.1-linux \
-O acltype=posixacl \
-O xattr=sa \
-O relatime=on \
-O compression=lz4 \
-O encryption=aes-256-gcm \
-O keylocation=prompt \
-O keyformat=passphrase \
-m none tank /dev/sda3
|
I think the compatibility was already set to openzfs-2.1-linux:
Code: | zpool set compatibility=openzfs-2.1-linux z_512.0
Warning: one or more features already enabled on pool 'z_512.0'
are not present in this compatibility set. |
|
|
Back to top |
|
|
o5gmmob8 Guru
Joined: 17 Oct 2003 Posts: 502
|
Posted: Tue Jan 14, 2025 2:15 pm Post subject: |
|
|
If I understand correctly, I could use efibootmgr or grub, those are just tools to get my system booted. That said, I rebooted and do see efibootmgr being called, but I don't see it loading my initramfs or kernel.
I updated /etc/dracut.conf.d/zol.conf:
Code: |
nofsck="yes"
add_dracutmodules+=" crypt zfs "
kernel_cmdline+= "root=UUID=encrypted-UUID rd.luks.uuid=raw.device.UUID "
|
After configuring that, I reran emerge --config sys-kernel/gentoo-kernel and saw my updated kernel and init placed in /boot. Note that /boot is on the ZFS volume which is inside an encrypted volume, so I also manually copied them to /efi.
But, it does not appear to be using that or even seeing the initramfs. I suppose I need to do more reading. The last time I was using Gentoo, I was still using BIOS so that might explain why I didn't have this issue then, but also so many things changed since 2020. |
|
Back to top |
|
|
pietinger Moderator
Joined: 17 Oct 2006 Posts: 5343 Location: Bavaria
|
Posted: Tue Jan 14, 2025 2:39 pm Post subject: |
|
|
o5gmmob8 wrote: | If I understand correctly, I could use efibootmgr or grub, those are just tools to get my system booted. [...] The last time I was using Gentoo, I was still using BIOS so that might explain why I didn't have this issue then, but also so many things changed since 2020. |
No, you can use a bootmanager/bootloader (like grub) to boot your kernel ... OR ... your UEFI start your kernel directly. With “efibootmgr” you can only edit/view/create your UEFI setting(s). Boot with our GentooLiveCD and do a "efibootmgr". This will tell you the boot entries of your UEFI. So, even if you work with grub, there must be (*) an UEFI entry "pointing" to grub ->
UEFI boots -> grub (1st part) FROM ESP (EfiSystemPartition) -> grub (2nd part) from /boot/grub (on your root partition) -> kernel (from /boot)
OR
UEFI boots -> kernel FROM ESP
*) ... and therefore the installation routine of grub (grub-install) CALLS the efibootmgr to CREATE an entry "pointing" to grub (1st part)
In both cases there must be an entry in the UEFI boot table (you will see with "efibootmgr") "pointing" to the bootloader/kernel/Windows it has to start. Maybe read this to understand UEFI booting better: https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/Boot_kernel_via_UEFI (only the chapter: "Prerequisites for an UEFI boot"). _________________ https://wiki.gentoo.org/wiki/User:Pietinger
Last edited by pietinger on Tue Jan 14, 2025 2:55 pm; edited 1 time in total |
|
Back to top |
|
|
o5gmmob8 Guru
Joined: 17 Oct 2003 Posts: 502
|
Posted: Tue Jan 14, 2025 2:54 pm Post subject: |
|
|
I followed the guide and created entries for the kernels. I did not see any information regarding initramfs, so I am confused how it would work since the initramfs is needed since it provides ZFS and crypt support.
When I booted up, I did see the newly created entries, but it does not boot those entries, it instead falls back to Dell's memory test EFI.
Please point me in the right direction. If GRUB should work, what might I be missing there? If I don't need GRUB, what do I do with the initramfs and kernel command line? Shouldn't the kernel command line be embedded in the initramfs as well as the location of the kernel?
EDIT:
I saw this:
https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Bootloader
And did this:
Code: |
efibootmgr --create --disk /dev/sda --part 1 --label "gentoo" --loader "\EFI\Gentoo\bzImage.efi" --unicode "initrd=\EFI\Gentoo\initramfs.img"
|
I omitted the disk argument because that should be in my initramfs. When I rebooted, I did not see that boot option, but did see nvme0n1p1 listed and tried to boot that, but it didn't work.
Last edited by o5gmmob8 on Tue Jan 14, 2025 3:11 pm; edited 1 time in total |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|