grub-install --efi-directory=/efi - unknown filesystem

[pietinger]

UEFI can start a kernel WITHOUT an external initramfs ... OR a kernel WITH an external initramfs ... please see this post/thread:
https://forums.gentoo.org/viewtopic-p-8805827.html#8805827
_________________
https://wiki.gentoo.org/wiki/User:Pietinger

[o5gmmob8]

I think I went wrong somewhere.

I am presently reinstalling Gentoo with the hopes that it will work with grub. If nothing else, I will hopefully learn what I did wrong and can document for my own (possibly others) edification to prevent future mishaps.

EDIT:

I reinstalled Gentoo onto another disk and was able to install GRUB, I will try to boot to see if this worked and then try to restore my old install onto this disk.

Upon rebooting, I enter my passphrase to unlock the disk and get
error: Invalid passphrase
error: disk `cryptouuid/...' not found.

The "Invalid passphrase" error is printed immediately so I think it is more of a configuration issue, perhaps the path to the disk is incorrect.

I am referencing:
https://wiki.gentoo.org/wiki/Dracut
https://wiki.gentoo.org/wiki/Rootfs_encryption
https://wiki.gentoo.org/wiki/ZFS/rootfs#ZFS_userland_utilities_and_kernel_module

I have my EFI partition mounted at both /efi and /boot because I see that emerge --config gentoo-kernel is putting files under /boot. I also set /etc/dracut.conf.d/some-conf to include zfs and crypt modules as well as set the kernel command line (root uuid rd.luks uuid). I also specify the command line in /etc/defaults/grub.

I am running dracut manually though I thought emerge --config gentoo-kernel would essentially be calling it so I'm not hopeful it will boot after running that.

I don't see rd.luks anywhere which I think is critical because after the device is unlocked, it needs to perform a zpool import.

I modified /etc/defaults/grub and instead of setting GRUB_CMDLINE_LINUX_DEFAULT with the crypt and root device, I set GRUB_CMDLINE_LINUX. The boot entries created look more sensical now, but I get the same error. I wonder if the file is placed in the right place.

Again, that file is in the EFI partition, /efi/grub/grub.cfg.

[sMueggli]

Are you using LUKS1 or LUKS2? If you use LUKS2, which PBKDF are you using? Argon?

[o5gmmob8]

Good question, I believe the version of cryptsetup installed is 2.7.5, but I don't think that is what you're asking. I did not set the argon2 use flag though I plan to tinker more once I get the thing to actually boot and will consider possible benefits from using argon2 which I suspect is a newer, more secure algorithm.

[sMueggli]

Check it with "cryptsetup luksDump". You should not post the output as it might contain sensitive data.

See also https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html for more pointers (maybe luksConvertKey is all you need?).

[o5gmmob8]

Yes, it is luks 2, epoch 3. It is using argon2

[o5gmmob8]

Thanks, but I'm not seeing anything stand out. Back then, I do recall having a /etc/crypttab, but I think that is no longer needed with grub and dracut. I also used genkernel back then and that has since been deprecated too.

I'd like to keep this as simple as possible or I should say, as plain vanilla as possible and consistent with the gentoo documentation. If the documentation needs updated, I'm happy to help.

[o5gmmob8]

I think the kernel commandline isn't right, I'm not using LVM, but just ZFS. I have rd.luks.uuid there, but I think that is for LVM.

I basically just need to run cryptsetup /dev/disk/by-uuid/some-uuid root, zpool import /dev/mapper/root. I think once I figure out the command line, then maybe it will boot.

Referencing:
https://forums.gentoo.org/viewtopic-t-1171423-start-0.html

This is my current setup: