| View previous topic :: View next topic |
| Author |
Message |
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 5310
Location: Bavaria
|
|
| Back to top |
|
 |
o5gmmob8
Guru
Joined: 17 Oct 2003
Posts: 489
|
 Posted: Wed Jan 15, 2025 10:44 am Post subject: |
 |
|
I think I went wrong somewhere.
I am presently reinstalling Gentoo with the hopes that it will work with grub. If nothing else, I will hopefully learn what I did wrong and can document for my own (possibly others) edification to prevent future mishaps.
EDIT:
I reinstalled Gentoo onto another disk and was able to install GRUB, I will try to boot to see if this worked and then try to restore my old install onto this disk.
Upon rebooting, I enter my passphrase to unlock the disk and get
error: Invalid passphrase
error: disk `cryptouuid/...' not found.
The "Invalid passphrase" error is printed immediately so I think it is more of a configuration issue, perhaps the path to the disk is incorrect.
I am referencing:
https://wiki.gentoo.org/wiki/Dracut
https://wiki.gentoo.org/wiki/Rootfs_encryption
https://wiki.gentoo.org/wiki/ZFS/rootfs#ZFS_userland_utilities_and_kernel_module
I have my EFI partition mounted at both /efi and /boot because I see that emerge --config gentoo-kernel is putting files under /boot. I also set /etc/dracut.conf.d/some-conf to include zfs and crypt modules as well as set the kernel command line (root uuid rd.luks uuid). I also specify the command line in /etc/defaults/grub.
I am running dracut manually though I thought emerge --config gentoo-kernel would essentially be calling it so I'm not hopeful it will boot after running that.
I don't see rd.luks anywhere which I think is critical because after the device is unlocked, it needs to perform a zpool import.
I modified /etc/defaults/grub and instead of setting GRUB_CMDLINE_LINUX_DEFAULT with the crypt and root device, I set GRUB_CMDLINE_LINUX. The boot entries created look more sensical now, but I get the same error. I wonder if the file is placed in the right place.
Again, that file is in the EFI partition, /efi/grub/grub.cfg.
Last edited by o5gmmob8 on Wed Jan 15, 2025 5:23 pm; edited 1 time in total |
|
| Back to top |
|
|
sMueggli
Guru
Joined: 03 Sep 2022
Posts: 524
|
| Posted: Wed Jan 15, 2025 5:16 pm Post subject: |
|
|
| Are you using LUKS1 or LUKS2? If you use LUKS2, which PBKDF are you using? Argon? |
|
| Back to top |
|
|
o5gmmob8
Guru
Joined: 17 Oct 2003
Posts: 489
|
| Posted: Wed Jan 15, 2025 5:26 pm Post subject: |
|
|
| Good question, I believe the version of cryptsetup installed is 2.7.5, but I don't think that is what you're asking. I did not set the argon2 use flag though I plan to tinker more once I get the thing to actually boot and will consider possible benefits from using argon2 which I suspect is a newer, more secure algorithm. |
|
| Back to top |
|
|
sMueggli
Guru
Joined: 03 Sep 2022
Posts: 524
|
|
| Back to top |
|
|
o5gmmob8
Guru
Joined: 17 Oct 2003
Posts: 489
|
| Posted: Wed Jan 15, 2025 5:55 pm Post subject: |
|
|
| Yes, it is luks 2, epoch 3. It is using argon2 |
|
| Back to top |
|
|
o5gmmob8
Guru
Joined: 17 Oct 2003
Posts: 489
|
| Posted: Wed Jan 15, 2025 6:18 pm Post subject: |
|
|
Thanks, but I'm not seeing anything stand out. Back then, I do recall having a /etc/crypttab, but I think that is no longer needed with grub and dracut. I also used genkernel back then and that has since been deprecated too.
I'd like to keep this as simple as possible or I should say, as plain vanilla as possible and consistent with the gentoo documentation. If the documentation needs updated, I'm happy to help. |
|
| Back to top |
|
|
o5gmmob8
Guru
Joined: 17 Oct 2003
Posts: 489
|
| Posted: Wed Jan 15, 2025 7:42 pm Post subject: |
|
|
I think the kernel commandline isn't right, I'm not using LVM, but just ZFS. I have rd.luks.uuid there, but I think that is for LVM.
I basically just need to run cryptsetup /dev/disk/by-uuid/some-uuid root, zpool import /dev/mapper/root. I think once I figure out the command line, then maybe it will boot.
Referencing:
https://forums.gentoo.org/viewtopic-t-1171423-start-0.html
This is my current setup:
| Code: |
/dev/sda1:/efi, vfat, 1GB
/dev/sda2:encrypted with cryptsetup, zfs on top of that
|
/dev/sda1 partition
| Code: |
/efi/EFI/gentoo/grubx64.efi
/efi/EFI/gentoo/grub.cfg
/efi/EFI/gentoo/System.map
/efi/EFI/gentoo/kernel
/efi/EFI/gentoo/initramfs
/efi/kernel
/efi/initramfs
/efi/System.map
/efi/grub/System.map
/efi/grub/kernel
/efi/initramfs
|
I put the kernel and init in multiple places because it didn't appear to be picked up, so I was hoping that one of those places might have worked.
I intend my system to boot as follows:
| Code: |
1. EFI loads EFI, either grubx64.efi or bootx64.efi
2. initramfs and kernel are loaded with appropriate arguments, encrypted volume (/dev/sda2 or its uuid) and the ZFS root volume
3. initramfs prompts me to unlock encrypted volume
4. initramfs proceeds to unlock encrypted volume, import ZFS pool, mount ZFS root volume
5. system boots, additional configuration as needed
|
I found an old grub.cfg from my last known working configuration. It appears I was using funtoo at the time. Irrelevant bits removed:
| Code: |
insmod all_video
insmod cryptodisk
insmod luks
# unlock encrypted boot (remove hypens)
cryptomount -u BOOT_UUID
set root=(crypto0)
menuentry 'funtoo.1' {
#root=hd0,gpt2
linux /kernel-genkernel-x86_64-4.19.27-gentoo-r1 consoleblank=300 root=/dev/80.7/root.1 crypt_root=/dev/disk/by-uuid/ROOT_UUID root=/dev/80.7/root.1 real_root=/dev/80.7/root.1 rootfstype=squashfs dolvm doluks overlayfs_device=/dev/80.7/rw.1 apparmor=1 security=apparmor
#scandelay=2
#restore_luks_device=/dev/disk/by-uuid/ROOT_UUID restore_luks_volume=/dev/64.2/projects softlevel=nonetwork
initrd /initramfs-genkernel-x86_64-4.19.27-gentoo-r1
}
|
This was booting old school BIOS / MBR, and the kernel and init were in /boot, I believe I used ext4 then for that partition. So, from this configuration, I need to translate crypt_root, real_root, and root to whatever it should be now. |
|
| Back to top |
|
|
o5gmmob8
Guru
Joined: 17 Oct 2003
Posts: 489
|
| Posted: Wed Jan 15, 2025 9:26 pm Post subject: |
|
|
I am digging into the initramfs as I used to do many years ago. I think I need to pass zfs:AUTO.
EDIT:
Still no luck, the outcome is the same, no change in messages or anything.
EDIT:
I decided to try efibootmgr and had much better success. At least I can see the initramfs is being loaded, so I know my settings are being picked up. I think I'm much closer, but it still isn't working, it isn't finding that device by UUID. I would expect that I would see some devices under /dev, but there weren't any disks there. Perhaps that is why this isn't finding the disk by UUID and when I try grub, it fails saying incorrect password. Perhaps the init is being loaded in both places, but it's not scanning for devices, so my initramfs might not be complete? |
|
| Back to top |
|
|
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 5310
Location: Bavaria
|
| Posted: Wed Jan 15, 2025 11:41 pm Post subject: |
|
|
| o5gmmob8 wrote: | [..]
I decided to try efibootmgr and had much better success. At least I can see the initramfs is being loaded, so I know my settings are being picked up. I think I'm much closer, but it still isn't working, it isn't finding that device by UUID. I would expect that I would see some devices under /dev, but there weren't any disks there. Perhaps that is why this isn't finding the disk by UUID and when I try grub, it fails saying incorrect password. Perhaps the init is being loaded in both places, but it's not scanning for devices, so my initramfs might not be complete? |
I guess you have now booted your kernel directly via UEFI and made an UEFI entry with efibootmgr -c ... -u "initrd=... ...", so your kernel AND the associated initramfs are loaded ... now I guess also you made your initramfs with dracut. Maybe take a look into https://wiki.gentoo.org/wiki/UgRD
After that you can examine this new initramfs with: https://wiki.gentoo.org/wiki/Custom_Initramfs#Extracting_the_cpio_archive
(Maybe read before this Overview: https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/Initramfs_Overview because understanding how to build it manually can help to understand these automatic tools.)
_________________
https://wiki.gentoo.org/wiki/User:Pietinger |
|
| Back to top |
|
|
o5gmmob8
Guru
Joined: 17 Oct 2003
Posts: 489
|
| Posted: Thu Jan 16, 2025 12:12 am Post subject: |
|
|
Yes, and yes.
I examined the initramfs using that.
I was about to check ugrd, but I don't see zfs support. Since I've been away from that for awhile, I was hoping to ease into customization. I used to do that stuff, but that isn't something I want to do right away. It looks like ugrd will soon support ZFS: https://github.com/desultory/ugrd/issues/112. |
|
| Back to top |
|
|
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 5310
Location: Bavaria
|
| Posted: Thu Jan 16, 2025 12:28 am Post subject: |
|
|
I can well imagine that you will get help very soon, because the developer is very active in our forum ... let's just wait for @zen_desu ... 
(unfortunately I can't help with ZFS because I'm a noob here).
_________________
https://wiki.gentoo.org/wiki/User:Pietinger
Last edited by pietinger on Thu Jan 16, 2025 12:29 am; edited 1 time in total |
|
| Back to top |
|
|
o5gmmob8
Guru
Joined: 17 Oct 2003
Posts: 489
|
| Posted: Thu Jan 16, 2025 12:28 am Post subject: |
|
|
Magic, I sorted it out. This takes me back to 4 years ago where I was reading these scripts more ...
Here is what I had to do to get my system to boot:
1. update kernel cmdline to: root=zfs:<POOL/SET> rd.luks.UUID=<UUID of encrypted device> initrd=\EFI\gentoo\initramfs
/etc/default/grub
/etc/dracut.conf.d/zol.conf (or /etc/dracut.conf ...)
efibootmgr
2. rebuild init, emerge --config gentoo-sources
3. move generated init into ESP partition @ /EFI/gentoo/initramfs
I now have a booting system. I think I will forego grub and just use efibootmgr. |
|
| Back to top |
|
|
zen_desu
Tux's lil' helper
Joined: 25 Oct 2024
Posts: 103
|
| Posted: Thu Jan 16, 2025 12:37 am Post subject: |
|
|
| o5gmmob8 wrote: | Yes, and yes.
I examined the initramfs using that.
I was about to check ugrd, but I don't see zfs support. Since I've been away from that for awhile, I was hoping to ease into customization. I used to do that stuff, but that isn't something I want to do right away. It looks like ugrd will soon support ZFS: https://github.com/desultory/ugrd/issues/112. |
There is a ZFS branch which has very basic support: https://github.com/desultory/ugrd/tree/zfs
It currently only supports basic ZFS setups (not encrypted): https://github.com/desultory/ugrd/compare/main...zfs#diff-a2299033c75ce2e6e1de22d2d622911ba7f099300e74a5357b3df4ccb44d4ceaR8
I need to rebase that branch, and may try to setup a test setup with ZFS under LUKS later.
If you're interested in testing it, I can help you run the test branch. I think the main issue is that right now, dist-kernel is setup so it tries to run the initramfs generator on the initial kernel install (before zfs kmods are installed) so ugrd raises an exception because it can't find the kmods it needs. I think the best solution for this is to first install the kernel without an initramfs, then install zfs kmods, then re-install the kernel with an initramfs so it gets all necessary modules. I'm considering making it allow missing ZFS modules but spit out a really noisy error just so things can function smoothly.
Nevermind, I see you sorted it out  if you're interested in testing, I'd appreciate it. This is something I've got planned, but a few things (such as my general lack of knowledge about zfs) are holding it back.
_________________
µgRD dev
Wiki writer |
|
| Back to top |
|
|
o5gmmob8
Guru
Joined: 17 Oct 2003
Posts: 489
|
| Posted: Thu Jan 16, 2025 12:40 am Post subject: |
|
|
I am interested in testing it, let me get my system running with a UI first before I mess with the boot loader more  . |
|
| Back to top |
|
|
o5gmmob8
Guru
Joined: 17 Oct 2003
Posts: 489
|
| Posted: Thu Jan 16, 2025 12:51 am Post subject: |
|
|
Random question, but why do my boot options get messed up when I add a new one? I can no longer boot to the one I just got working after adding an entry to my internal NVMe drive.
EDIT:
I think I specified the wrong device for nvme0n1 when I ran efibootmgr ... |
|
| Back to top |
|
|
|
Installing Gentoo
