| View previous topic :: View next topic |
| Author |
Message |
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 5307
Location: Bavaria
|
|
| Back to top |
|
 |
o5gmmob8
Guru
Joined: 17 Oct 2003
Posts: 485
|
 Posted: Wed Jan 15, 2025 10:44 am Post subject: |
 |
|
I think I went wrong somewhere.
I am presently reinstalling Gentoo with the hopes that it will work with grub. If nothing else, I will hopefully learn what I did wrong and can document for my own (possibly others) edification to prevent future mishaps.
EDIT:
I reinstalled Gentoo onto another disk and was able to install GRUB, I will try to boot to see if this worked and then try to restore my old install onto this disk.
Upon rebooting, I enter my passphrase to unlock the disk and get
error: Invalid passphrase
error: disk `cryptouuid/...' not found.
The "Invalid passphrase" error is printed immediately so I think it is more of a configuration issue, perhaps the path to the disk is incorrect.
I am referencing:
https://wiki.gentoo.org/wiki/Dracut
https://wiki.gentoo.org/wiki/Rootfs_encryption
https://wiki.gentoo.org/wiki/ZFS/rootfs#ZFS_userland_utilities_and_kernel_module
I have my EFI partition mounted at both /efi and /boot because I see that emerge --config gentoo-kernel is putting files under /boot. I also set /etc/dracut.conf.d/some-conf to include zfs and crypt modules as well as set the kernel command line (root uuid rd.luks uuid). I also specify the command line in /etc/defaults/grub.
I am running dracut manually though I thought emerge --config gentoo-kernel would essentially be calling it so I'm not hopeful it will boot after running that.
I don't see rd.luks anywhere which I think is critical because after the device is unlocked, it needs to perform a zpool import.
I modified /etc/defaults/grub and instead of setting GRUB_CMDLINE_LINUX_DEFAULT with the crypt and root device, I set GRUB_CMDLINE_LINUX. The boot entries created look more sensical now, but I get the same error. I wonder if the file is placed in the right place.
Again, that file is in the EFI partition, /efi/grub/grub.cfg.
Last edited by o5gmmob8 on Wed Jan 15, 2025 5:23 pm; edited 1 time in total |
|
| Back to top |
|
|
sMueggli
Guru
Joined: 03 Sep 2022
Posts: 524
|
| Posted: Wed Jan 15, 2025 5:16 pm Post subject: |
|
|
| Are you using LUKS1 or LUKS2? If you use LUKS2, which PBKDF are you using? Argon? |
|
| Back to top |
|
|
o5gmmob8
Guru
Joined: 17 Oct 2003
Posts: 485
|
| Posted: Wed Jan 15, 2025 5:26 pm Post subject: |
|
|
| Good question, I believe the version of cryptsetup installed is 2.7.5, but I don't think that is what you're asking. I did not set the argon2 use flag though I plan to tinker more once I get the thing to actually boot and will consider possible benefits from using argon2 which I suspect is a newer, more secure algorithm. |
|
| Back to top |
|
|
sMueggli
Guru
Joined: 03 Sep 2022
Posts: 524
|
|
| Back to top |
|
|
o5gmmob8
Guru
Joined: 17 Oct 2003
Posts: 485
|
| Posted: Wed Jan 15, 2025 5:55 pm Post subject: |
|
|
| Yes, it is luks 2, epoch 3. It is using argon2 |
|
| Back to top |
|
|
o5gmmob8
Guru
Joined: 17 Oct 2003
Posts: 485
|
| Posted: Wed Jan 15, 2025 6:18 pm Post subject: |
|
|
Thanks, but I'm not seeing anything stand out. Back then, I do recall having a /etc/crypttab, but I think that is no longer needed with grub and dracut. I also used genkernel back then and that has since been deprecated too.
I'd like to keep this as simple as possible or I should say, as plain vanilla as possible and consistent with the gentoo documentation. If the documentation needs updated, I'm happy to help. |
|
| Back to top |
|
|
o5gmmob8
Guru
Joined: 17 Oct 2003
Posts: 485
|
| Posted: Wed Jan 15, 2025 7:42 pm Post subject: |
|
|
I think the kernel commandline isn't right, I'm not using LVM, but just ZFS. I have rd.luks.uuid there, but I think that is for LVM.
I basically just need to run cryptsetup /dev/disk/by-uuid/some-uuid root, zpool import /dev/mapper/root. I think once I figure out the command line, then maybe it will boot.
Referencing:
https://forums.gentoo.org/viewtopic-t-1171423-start-0.html
This is my current setup:
| Code: |
/dev/sda1:/efi, vfat, 1GB
/dev/sda2:encrypted with cryptsetup, zfs on top of that
|
/dev/sda1 partition
| Code: |
/efi/EFI/gentoo/grubx64.efi
/efi/EFI/gentoo/grub.cfg
/efi/EFI/gentoo/System.map
/efi/EFI/gentoo/kernel
/efi/EFI/gentoo/initramfs
/efi/kernel
/efi/initramfs
/efi/System.map
/efi/grub/System.map
/efi/grub/kernel
/efi/initramfs
|
I put the kernel and init in multiple places because it didn't appear to be picked up, so I was hoping that one of those places might have worked.
I intend my system to boot as follows:
| Code: |
1. EFI loads EFI, either grubx64.efi or bootx64.efi
2. initramfs and kernel are loaded with appropriate arguments, encrypted volume (/dev/sda2 or its uuid) and the ZFS root volume
3. initramfs prompts me to unlock encrypted volume
4. initramfs proceeds to unlock encrypted volume, import ZFS pool, mount ZFS root volume
5. system boots, additional configuration as needed
|
I found an old grub.cfg from my last known working configuration. It appears I was using funtoo at the time. Irrelevant bits removed:
| Code: |
insmod all_video
insmod cryptodisk
insmod luks
# unlock encrypted boot (remove hypens)
cryptomount -u BOOT_UUID
set root=(crypto0)
menuentry 'funtoo.1' {
#root=hd0,gpt2
linux /kernel-genkernel-x86_64-4.19.27-gentoo-r1 consoleblank=300 root=/dev/80.7/root.1 crypt_root=/dev/disk/by-uuid/ROOT_UUID root=/dev/80.7/root.1 real_root=/dev/80.7/root.1 rootfstype=squashfs dolvm doluks overlayfs_device=/dev/80.7/rw.1 apparmor=1 security=apparmor
#scandelay=2
#restore_luks_device=/dev/disk/by-uuid/ROOT_UUID restore_luks_volume=/dev/64.2/projects softlevel=nonetwork
initrd /initramfs-genkernel-x86_64-4.19.27-gentoo-r1
}
|
This was booting old school BIOS / MBR, and the kernel and init were in /boot, I believe I used ext4 then for that partition. So, from this configuration, I need to translate crypt_root, real_root, and root to whatever it should be now. |
|
| Back to top |
|
|
o5gmmob8
Guru
Joined: 17 Oct 2003
Posts: 485
|
| Posted: Wed Jan 15, 2025 9:26 pm Post subject: |
|
|
I am digging into the initramfs as I used to do many years ago. I think I need to pass zfs:AUTO.
EDIT:
Still no luck, the outcome is the same, no change in messages or anything.
EDIT:
I decided to try efibootmgr and had much better success. At least I can see the initramfs is being loaded, so I know my settings are being picked up. I think I'm much closer, but it still isn't working, it isn't finding that device by UUID. I would expect that I would see some devices under /dev, but there weren't any disks there. Perhaps that is why this isn't finding the disk by UUID and when I try grub, it fails saying incorrect password. Perhaps the init is being loaded in both places, but it's not scanning for devices, so my initramfs might not be complete? |
|
| Back to top |
|
|
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 5307
Location: Bavaria
|
| Posted: Wed Jan 15, 2025 11:41 pm Post subject: |
|
|
| o5gmmob8 wrote: | [..]
I decided to try efibootmgr and had much better success. At least I can see the initramfs is being loaded, so I know my settings are being picked up. I think I'm much closer, but it still isn't working, it isn't finding that device by UUID. I would expect that I would see some devices under /dev, but there weren't any disks there. Perhaps that is why this isn't finding the disk by UUID and when I try grub, it fails saying incorrect password. Perhaps the init is being loaded in both places, but it's not scanning for devices, so my initramfs might not be complete? |
I guess you have now booted your kernel directly via UEFI and made an UEFI entry with efibootmgr -c ... -u "initrd=... ...", so your kernel AND the associated initramfs are loaded ... now I guess also you made your initramfs with dracut. Maybe take a look into https://wiki.gentoo.org/wiki/UgRD
After that you can examine this new initramfs with: https://wiki.gentoo.org/wiki/Custom_Initramfs#Extracting_the_cpio_archive
(Maybe read before this Overview: https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/Initramfs_Overview because understanding how to build it manually can help to understand these automatic tools.)
_________________
https://wiki.gentoo.org/wiki/User:Pietinger |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Installing Gentoo
