| View previous topic :: View next topic |
| Author |
Message |
nottobay
n00b
Joined: 22 Feb 2018
Posts: 12
|
 Posted: Fri Mar 02, 2018 5:32 pm Post subject: initrd and kernal failing to load with full disk encryption. |
 |
|
I have an encrypted root partition on /dev/sda4. I am not using a lvm. Can anyone tell me want might be of with my configs?
/ect/default/grub
| Code: |
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
#
# To populate all changes in this file you need to regenerate your
# grub configuration file afterwards:
# 'grub2-mkconfig -o /boot/grub/grub.cfg'
#
# See the grub info page for documentation on possible variables and
# their associated values.
GRUB_DISTRIBUTOR="Gentoo"
# Default menu entry
#GRUB_DEFAULT=0
# Boot the default entry this many seconds after the menu is displayed
#GRUB_TIMEOUT=5
#GRUB_TIMEOUT_STYLE=menu
# Append parameters to the linux kernel command line
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda4:root"
#GRUB_CMDLINE_LINUX="rd.luks.name=/dev/sda4=root"
GRUB_CMDLINE_LINUX="root=/dev/mapper/root"
# Examples:
#
# Boot with network interface renaming disabled
# GRUB_CMDLINE_LINUX="net.ifnames=0"
#
# Boot with systemd instead of sysvinit (openrc)
# GRUB_CMDLINE_LINUX="init=/usr/lib/systemd/systemd"
# Append parameters to the linux kernel command line for non-recovery entries
#GRUB_CMDLINE_LINUX_DEFAULT=""
# Uncomment to disable graphical terminal (grub-pc only)
#GRUB_TERMINAL=console
# The resolution used on graphical terminal.
# Note that you can use only modes which your graphic card supports via VBE.
# You can see them in real GRUB with the command `vbeinfo'.
#GRUB_GFXMODE=640x480
# Set to 'text' to force the Linux kernel to boot in normal text
# mode, 'keep' to preserve the graphics mode set using
# 'GRUB_GFXMODE', 'WIDTHxHEIGHT'['xDEPTH'] to set a particular
# graphics mode, or a sequence of these separated by commas or
# semicolons to try several modes in sequence.
#GRUB_GFXPAYLOAD_LINUX=
# Path to theme spec txt file.
# The starfield is by default provided with use truetype.
# NOTE: when enabling custom theme, ensure you have required font/etc.
#GRUB_THEME="/boot/grub/themes/starfield/theme.txt"
# Background image used on graphical terminal.
# Can be in various bitmap formats.
#GRUB_BACKGROUND="/boot/grub/mybackground.png"
# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to kernel
#GRUB_DISABLE_LINUX_UUID=true
# Uncomment to disable generation of recovery mode menu entries
#GRUB_DISABLE_RECOVERY=true
# Uncomment to disable generation of the submenu and put all choices on
# the top-level menu.
# Besides the visual affect of no sub menu, this makes navigation of the
# menu easier for a user who can't see the screen.
#GRUB_DISABLE_SUBMENU=y
# Uncomment to play a tone when the main menu is displayed.
# This is useful, for example, to allow users who can't see the screen
# to know when they can make a choice on the menu.
#GRUB_INIT_TUNE="60 800 1"
[code]
/boot/grub/grub.conf
[/code]#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#
### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
load_env
fi
if [ "${next_entry}" ] ; then
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
else
set default="0"
fi
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
else
menuentry_id_option=""
fi
export menuentry_id_option
if [ "${prev_saved_entry}" ]; then
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
fi
}
function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}
if loadfont unicode ; then
set gfxmode=auto
load_video
insmod gfxterm
set locale_dir=$prefix/locale
set lang=en_US
insmod gettext
fi
terminal_output gfxterm
if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
set timeout=5
fi
### END /etc/grub.d/00_header ###
### BEGIN /etc/grub.d/10_linux ###
menuentry 'Gentoo GNU/Linux' --class gentoo --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-de9abd99-5b27-45f9-abbd-1255d4e04e58' {
load_video
if [ "x$grub_platform" = xefi ]; then
set gfxpayload=keep
fi
insmod gzio
insmod part_gpt
insmod fat
set root='hd0,gpt1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 069A-1255
else
search --no-floppy --fs-uuid --set=root 069A-1255
fi
echo 'Loading Linux 4.9.76-gentoo-r1 ...'
linux /vmlinuz-4.9.76-gentoo-r1 root=UUID=de9abd99-5b27-45f9-abbd-1255d4e04e58 ro root=/dev/mapper/root
echo 'Loading initial ramdisk ...'
initrd /initramfs-genkernel-x86_64-4.9.76-gentoo-r1
}
submenu 'Advanced options for Gentoo GNU/Linux' $menuentry_id_option 'gnulinux-advanced-de9abd99-5b27-45f9-abbd-1255d4e04e58' {
menuentry 'Gentoo GNU/Linux, with Linux 4.9.76-gentoo-r1' --class gentoo --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.9.76-gentoo-r1-advanced-de9abd99-5b27-45f9-abbd-1255d4e04e58' {
load_video
if [ "x$grub_platform" = xefi ]; then
set gfxpayload=keep
fi
insmod gzio
insmod part_gpt
insmod fat
set root='hd0,gpt1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 069A-1255
else
search --no-floppy --fs-uuid --set=root 069A-1255
fi
echo 'Loading Linux 4.9.76-gentoo-r1 ...'
linux /vmlinuz-4.9.76-gentoo-r1 root=UUID=de9abd99-5b27-45f9-abbd-1255d4e04e58 ro root=/dev/mapper/root
echo 'Loading initial ramdisk ...'
initrd /initramfs-genkernel-x86_64-4.9.76-gentoo-r1
}
menuentry 'Gentoo GNU/Linux, with Linux 4.9.76-gentoo-r1 (recovery mode)' --class gentoo --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.9.76-gentoo-r1-recovery-de9abd99-5b27-45f9-abbd-1255d4e04e58' {
load_video
if [ "x$grub_platform" = xefi ]; then
set gfxpayload=keep
fi
insmod gzio
insmod part_gpt
insmod fat
set root='hd0,gpt1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 069A-1255
else
search --no-floppy --fs-uuid --set=root 069A-1255
fi
echo 'Loading Linux 4.9.76-gentoo-r1 ...'
linux /vmlinuz-4.9.76-gentoo-r1 root=UUID=de9abd99-5b27-45f9-abbd-1255d4e04e58 ro single root=/dev/mapper/root
echo 'Loading initial ramdisk ...'
initrd /initramfs-genkernel-x86_64-4.9.76-gentoo-r1
}
}
### END /etc/grub.d/10_linux ###
### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###
### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###
### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###
### BEGIN /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; then
source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###
|
/ect/genkernel.conf
| Code: |
# Configuration file for genkernel
# This file is sourced by genkernel at startup and determines which options
# we will be using to compile our kernel. The order of precidence is simple,
# with the internal settings being least important, configuration file
# settings next, and command line options being most important.
# =========Common Command Line Option Defaults=========
# Should we install to $BOOTDIR? Default is "no" because genkernel is used in
# catalyst and stage building.
#INSTALL="yes"
# Run 'make oldconfig' before compiling this kernel?
OLDCONFIG="yes"
# Run 'make menuconfig' before compiling this kernel?
MENUCONFIG="no"
# Run 'make clean' before compilation?
# If set to NO, implies MRPROPER WILL NOT be run
# Also, if clean is NO, it won't copy over any configuration
# file, it will use what's there.
CLEAN="yes"
# Run 'make mrproper' before configuration/compilation?
MRPROPER="yes"
# Override the arch detection?
#ARCH_OVERRIDE="x86"
# Mount BOOTDIR automatically if it isn't mounted?
MOUNTBOOT="yes"
# Make symlinks in BOOTDIR automatically?
SYMLINK="no"
# Save the new configuration in /etc/kernels upon
# successfull compilation
SAVE_CONFIG="yes"
# Use Color output in Genkernel?
USECOLOR="yes"
# Clear build cache dir
#CLEAR_CACHE_DIR="yes"
# Clear all tmp files and caches after genkernel has run
#POSTCLEAR="1"
# Genkernel uses an independent configuration for MAKEOPTS, and does not source
# /etc/make.conf . You can override the default setting by uncommenting and
# tweaking the following line. Default setting is set up by
# ${GK_SHARE}/${ARCH_OVERRIDE}/config.sh . The recommended value for -j
# argument is: <number of processors>*<number of cores per processor>+1
#MAKEOPTS="$(portageq envvar MAKEOPTS)"
# Add in LVM support from static binaries if they exist on the system, or
# compile static LVM binaries if static ones do not exist.
LVM="no"
# Add in Luks support. Needs sys-fs/cryptsetup with -dynamic installed.
LUKS="yes"
# Add in GnuPG support
#GPG="no"
# Add DMRAID support.
#DMRAID="no"
# Include (or suppresses the inclusion of) busybox in the initrd or initramfs.
# If included, busybox is rebuilt if the cached copy is out of date.
#BUSYBOX="yes"
# Includes mdadm/mdmon binaries in initramfs.
# Without sys-fs/mdadm[static] installed, this will build a static mdadm.
#MDADM="no"
# Specify a custom mdadm.conf.
# By default the ramdisk will be built *without* an mdadm.conf and will auto-detect
# arrays during bootup. Usually, this should not be needed.
#MDADM_CONFIG="/etc/mdadm.conf"
# Add Multipath support.
#MULTIPATH="no"
# Add iSCSI support.
#ISCSI="no"
# Add e2fsprogs support.
#E2FSPROGS="no"
# Include support for unionfs
#UNIONFS="1"
# Include support for zfs volume management.
#ZFS="no"
# Add BTRFS support.
#BTRFS="no"
# Enable copying of firmware into initramfs
#FIRMWARE="no"
# Specify directory to pull from
#FIRMWARE_DIR="/lib/firmware"
# Specify specific firmware files to include. This overrides FIRMWARE_DIR
#FIRMWARE_FILES=""
# Enable disklabel support (copies blkid to initrd)
DISKLABEL="yes"
# Add new kernel to grub?
BOOTLOADER="grub"
# Enable splashutils in early space (initrd). Default is "no".
#SPLASH="yes"
# Use this splash theme. If commented out - the "default" name theme is used.
# Also, SPLASH="yes" needs to be enabled for this one to one work.
# This supersedes the "SPLASH_THEME" option of /etc/conf.d/splash (in early space).
#SPLASH_THEME="gentoo"
# Run the specified command in the current environment after the kernel and
# modules have been compiled, useful to rebuild external kernel module
# (use "emerge --quiet @module-rebuild" for >=portage-2.2) or installing additional
# files (use 'copy_image_with_preserve dtb path/to/dtb dtb ${KNAME}-${ARCH}-${KV}')
#CMD_CALLBACK=""
# =========Keymap Settings=========
#
# Force keymap selection at boot
#DOKEYMAPAUTO="yes"
# Disables keymap selection support
#KEYMAP="0"
# =========Low Level Compile Settings=========
#
# GNU Make to use for kernel. See also the --kernel-make command line option.
#KERNEL_MAKE="make"
# Compiler to use for the kernel (e.g. distcc). See also the --kernel-cc
# command line option.
#KERNEL_CC="gcc"
# Assembler to use for the kernel. See also the --kernel-as command line
# option.
#KERNEL_AS="as"
# Linker to use for the kernel. See also the --kernel-ld command line option.
#KERNEL_LD="ld"
# GNU Make to use for the utilities. See also the --utils-make command line
# option.
#UTILS_MAKE="make"
# Compiler to use for the utilities (e.g. distcc). See also the --utils-cc
# command line option.
#UTILS_CC="gcc"
# Assembler to use for the utilities. See also the --utils-as command line
# option.
#UTILS_AS="as"
# Linker to use for the utilities. See also the --utils-ld command line
# option.
#UTILS_LD="ld"
# Common prefix of cros compile commands
#UTILS_CROSS_COMPILE="x86_64-pc-linux-gnu"
# Value of CROSS_COMPILE utils variable
# during kernel compilation
#KERNEL_CROSS_COMPILE="x86_64-pc-linux-gnu"
# Override default make target (bzImage). See also the --kernel-target
# command line option. Useful to build a uImage on arm
#KERNEL_MAKE_DIRECTIVE_OVERRIDE="fooImage"
# Override default kernel binary path. See also the --kernel-binary
# command line option. Useful to install a uImage on arm
#KERNEL_BINARY_OVERRIDE="arch/foo/boot/bar"
# =========GENKERNEL LOCATION CONFIGURATION============
# Variables:
# %%ARCH%% - Final determined architecture
# %%CACHE%% - Final determined cache location
# Set genkernel's temporary work directory. Default is /var/tmp/genkernel
#TMPDIR="/var/tmp/genkernel"
# Set the boot directory, default is /boot
#BOOTDIR="/boot"
# Default share directory location
GK_SHARE="${GK_SHARE:-/usr/share/genkernel}"
# Location of the default cache
CACHE_DIR="/var/cache/genkernel"
# Location of DISTDIR, where our source tarballs are stored
DISTDIR="${GK_SHARE}/distfiles"
# Log output file
LOGFILE="/var/log/genkernel.log"
# Debug Level
LOGLEVEL=1
# =========COMPILED UTILS CONFIGURATION============
#
# Default location of kernel source
DEFAULT_KERNEL_SOURCE="/usr/src/linux"
# Default kernel config (only use to override using
# arch/%%ARCH%%/kernel-config-${VER}.${PAT} !)
#DEFAULT_KERNEL_CONFIG="${GK_SHARE}/arch/%%ARCH%%/kernel-config"
# Specifies a user created busybox config
#BUSYBOX_CONFIG="/path/to/file"
#BUSYBOX_APPLETS="[ ash sh mount uname echo cut cat"
# NOTE: Since genkernel 3.4.41 the version of
# busybox, lvm, mdadm, .. have been moved to
# /usr/share/genkernel/defaults/software.sh in order to
# reduce the merging you have to do during etc-update.
# You can still override these settings in here.
# =========MISC KERNEL CONFIGURATION============
#
# Tag the kernel and ramdisk with a name:
# If not defined the option defaults to
# 'genkernel'
#KNAME="genkernel"
# This option is only valid if kerncache is
# defined. If there is a valid kerncache no checks
# will be made against a kernel source tree
#KERNEL_SOURCES="0"
# Build a static (monolithic kernel)
#BUILD_STATIC="1"
# Make and install kernelz image (PowerPC)
#GENZIMAGE="1"
# File to output a .tar.bz2'd kernel contents
# of /lib/modules/ and the kernel config
# NOTE: This is created before the callbacks
# are run!
#KERNCACHE="/path/to/file"
# Prefix to kernel module destination, modules
# will be installed in <prefix>/lib/modules
# (.conf equivalent of --module-prefix=<dir>)
#INSTALL_MOD_PATH=""
# =========MISC INITRD CONFIGURATION============
#
# Copy all kernel modules to the ramdisk
#ALLRAMDISKMODULES="1"
# Don't copy any modules to the ramdisk
RAMDISKMODULES="0"
# File to output a .tar.bz2'd kernel and ramdisk:
# No modules outside of the ramdisk will be
# included...
#MINKERNPACKAGE="/path/to/file.bz2"
# File to output a .tar.bz2'd modules after the
# callbacks have run
#MODULESPACKAGE="/path/to/file.bz2"
# Directory structure to include in the initramfs,
# only available on >=2.6 kernels
#INITRAMFS_OVERLAY=""
# Build the generated initramfs into the kernel instead of
# keeping it as a separate file
#INTEGRATED_INITRAMFS="1"
# Compress generated initramfs
#COMPRESS_INITRD="yes"
# Types of compression: best, xz, lzma, bzip2, gzip, lzop, fastest
# "best" selects the best available compression method
# "fastest" selects the fastest available compression method
#COMPRESS_INITRD_TYPE="best"
# wrap initramfs using mkimage for u-boot bootloader
# WRAP_INITRD=no
# Create a self-contained env in the initramfs
#NETBOOT="1"
# =========MISC BOOT CONFIGURATION============
#
# Specify a default for real_root=
#REAL_ROOT="/dev/one/two/gentoo"
|
|
|
| Back to top |
|
 |
fturco
Veteran
Joined: 08 Dec 2010
Posts: 1181
|
| Posted: Fri Mar 02, 2018 6:40 pm Post subject: Re: initrd and kernal failing to load with full disk encrypt |
|
|
| nottobay wrote: | | Code: | GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda4:root"
#GRUB_CMDLINE_LINUX="rd.luks.name=/dev/sda4=root"
GRUB_CMDLINE_LINUX="root=/dev/mapper/root" |
|
You defined GRUB_CMDLINE_LINUX twice. I think you should have written it only once.
This is what I use for my system with btrfs, systemd and genkernel-next:
| Code: | | GRUB_CMDLINE_LINUX="crypt_root=UUID=38641600-9879-4886-a1c4-5c30829c96ec root=/dev/mapper/root keymap=it rootflags=subvol=@ quiet init=/lib/systemd/systemd" |
- 38641600-9879-4886-a1c4-5c30829c96ec is the UUID of /dev/sda4, which is a LUKS partition.
- You don't need rootflags=subvol=@ when not using btrfs subvolumes.
- You don't need keymap=it if you use the default American keyboard layout
|
|
| Back to top |
|
|
nottobay
n00b
Joined: 22 Feb 2018
Posts: 12
|
| Posted: Sun Mar 04, 2018 3:40 pm Post subject: |
|
|
| Thanks, I try that when I get home. |
|
| Back to top |
|
|
nottobay
n00b
Joined: 22 Feb 2018
Posts: 12
|
| Posted: Sun Mar 04, 2018 11:31 pm Post subject: |
|
|
| Ok, I tried that is there any thing else it could be? |
|
| Back to top |
|
|
nottobay
n00b
Joined: 22 Feb 2018
Posts: 12
|
| Posted: Mon Mar 05, 2018 12:46 am Post subject: |
|
|
| I'm using openrc, if that helps. |
|
| Back to top |
|
|
fturco
Veteran
Joined: 08 Dec 2010
Posts: 1181
|
| Posted: Mon Mar 05, 2018 10:40 am Post subject: |
|
|
Sorry, I don't have any other ideas... Moreover I don't use OpenRC, unfortunately...  |
|
| Back to top |
|
|
PrSo
Tux's lil' helper
Joined: 01 Jun 2017
Posts: 136
|
| Posted: Mon Mar 05, 2018 11:32 am Post subject: |
|
|
Hi nottobay,
Please tell us how the early boot log looks like? Are you dumped to kernel shell?
Can you manually unlock luks partiton via "cryptsetup luksOpen" command? |
|
| Back to top |
|
|
nottobay
n00b
Joined: 22 Feb 2018
Posts: 12
|
|
| Back to top |
|
|
PrSo
Tux's lil' helper
Joined: 01 Jun 2017
Posts: 136
|
| Posted: Mon Mar 05, 2018 4:43 pm Post subject: |
|
|
If I understand this correctly you aren't dropped to kernel shell, and system just remain "hanged" on that screen?
Please, could you post here the output of "cat /etc/crypttab", "cat /etc/fstab", "blkid" and "ls /boot" commands?
Since you are not using LVM I suppose that you commented out the "root=/dev/mapper/root" in your grub file as fturco suggested.
IMHO there should be only something like "crypt_root=UUID="your crypt partition UUID" root=UUID="your root partition UUID"" in GRUB_CMDLINE_LINUX if its luks without LVM. |
|
| Back to top |
|
|
fturco
Veteran
Joined: 08 Dec 2010
Posts: 1181
|
| Posted: Tue Mar 06, 2018 11:26 am Post subject: |
|
|
| I had to enable LVM support in genkernel-next even if I don't use LVM. See this for details. I'm aware it's not the same exact problem @nottobay is having, but it may help anyway... |
|
| Back to top |
|
|
nottobay
n00b
Joined: 22 Feb 2018
Posts: 12
|
| Posted: Tue Mar 06, 2018 7:41 pm Post subject: |
|
|
blkid
| Code: |
/dev/sda2: UUID="15813806-5f15-4c8d-ab2f-cf1a2702a5a7" TYPE="crypto_LUKS" PARTUUID="37c7cfcb-c57f-4a6d-a87c-06bee0f1721b"
/dev/sda3: UUID="ed3af9d0-8bfa-4184-ba60-022b0318a1b9" TYPE="crypto_LUKS" PARTUUID="282ca364-afe8-4a61-aada-c2900bea58a9"
/dev/sda4: UUID="6d9ad6eb-0f2e-448a-97c7-fe9dd29c28f6" TYPE="crypto_LUKS" PARTUUID="555ac8df-f751-470e-b0be-928d8ef35c82"
/dev/sda5: UUID="3b51f781-9447-4645-9fe3-929c1b594f8e" TYPE="crypto_LUKS" PARTUUID="cfbe1ad5-f715-43fe-a39a-70467c570431"
/dev/sdb1: UUID="2017-11-23-21-05-03-79" LABEL="LIVESLAK" TYPE="iso9660" PTUUID="0cf1e9d4" PTTYPE="dos" PARTUUID="0cf1e9d4-01"
/dev/sdb2: SEC_TYPE="msdos" UUID="9E12-3F03" TYPE="vfat" PARTUUID="0cf1e9d4-02"
/dev/sda1: LABEL="BOOT" UUID="069A-1255" TYPE="vfat" PARTLABEL="boot" PARTUUID="46f553a5-8f29-4eb2-97a0-496fbca80fa9"
/dev/loop0: TYPE="squashfs"
/dev/loop1: TYPE="squashfs"
/dev/loop2: TYPE="squashfs"
/dev/loop3: TYPE="squashfs"
/dev/loop4: TYPE="squashfs"
/dev/loop5: TYPE="squashfs"
/dev/mmcblk0p1: UUID="d4ecdd5e-fa22-4889-9715-2ad8a16fc86b" TYPE="ext4" PARTUUID="624e9890-eac3-41d9-8c20-920777463f21"
/dev/mapper/root: UUID="de9abd99-5b27-45f9-abbd-1255d4e04e58" TYPE="ext4"
/dev/mapper/var: UUID="2a1d4b15-a520-4748-9e61-ba9819e72652" TYPE="ext4"
/dev/mmcblk0: PTUUID="c809d37e-2da1-4021-a007-ee6e8060d85e" PTTYPE="gpt"
|
ls /boot
| Code: |
EFI grub
System.map-4.9.76-gentoo-r1 initramfs-genkernel-x86_64-4.9.76-gentoo-r1
config-4.9.76-gentoo-r1 vmlinuz-4.9.76-gentoo-r1
|
fstab
| Code: |
/dev/sda1 /boot vfat noauto,noatime 1 2
/dev/mapper/root / ext4 defaults 0 0
/dev/mapper/var /var/ ext4 defaults 0 3
/dev/mapper/swap none swap defaults 0 4
|
crypttab
| Code: |
var /dev/mapper/var /keys/var-key
swap /dev/mapper/swap /keys/swap-key
|
|
|
| Back to top |
|
|
PrSo
Tux's lil' helper
Joined: 01 Jun 2017
Posts: 136
|
| Posted: Tue Mar 06, 2018 10:03 pm Post subject: |
|
|
Thanks for posting this.
Your "/etc/crypttab" should look like this:
| Code: | var UUID=your-var-/dev/sdaX-UUID /keys/var-key luks
swap UUID=your-swap-/dev/sdaX-UUID /keys/swap-key luks |
, and also you should put the root partition there too:
| Code: | | root UUID=6d9ad6eb-0f2e-448a-97c7-fe9dd29c28f6 none luks |
if it is enabled by passphrase.
GRUB_CMDLINE_LINUX should look like this:
| Code: | | GRUB_CMDLINE_LINUX="crypt_root=UUID=6d9ad6eb-0f2e-448a-97c7-fe9dd29c28f6 root=UUID=de9abd99-5b27-45f9-abbd-1255d4e04e58" |
After changes in "/etc/crypttab" you have to recreate initrd, maybe enabling in genkernel.conf LVM could be helpful as fturco wrote.
Update your grub and please try to reboot the PC. |
|
| Back to top |
|
|
Tyrus
Guru
Joined: 03 Feb 2018
Posts: 300
|
| Posted: Tue Mar 06, 2018 10:51 pm Post subject: |
|
|
Well with OpenRC you don't need /etc/crypttab. That part goes in /etc/conf.d/dmcrypt instead. Crypttab is for systemd what I know about that.
OpenRC has a service dmcrypt that needs to go in to the boot runlevel and unlocks the other stuff for you during boot.
The kernel-bootparameters belongs to /etc/default/grub. I don't know if that part works in genkernel.cfg also. But I use genkernel only for building my initramfs.
Thats my /etc/default/grub:
| Code: |
GRUB_GFXPAYLOAD_LINUX=1280x1024
GRUB_DISTRIBUTOR="Gentoo"
GRUB_TIMEOUT=8
GRUB_ENABLE_CRYPTODISK=1
GRUB_CMDLINE_LINUX_RECOVERY='crypt_root=UUID=d5a3428b-b21c-42b4-a4ce-0818c92bca9c real_root=/dev/mapper/GENTOO-ROOT root_keydev=UUID=E716-DA12 root_key=dmcrypt-2.key single'
GRUB_TERMINAL_OUTPUT=gfxterm
GRUB_DEFAULT=saved
GRUB_GFXMODE=1280x1024
GRUB_SAVEDEFAULT=true
GRUB_CMDLINE_LINUX_DEFAULT='crypt_root=UUID=d5a3428b-b21c-42b4-a4ce-0818c92bca9c real_root=/dev/mapper/GENTOO-ROOT root_keydev=UUID=E716-DA12 root_key=dmcrypt-2.key splash'
GRUB_TIMEOUT_STYLE=menu
GRUB_THEME=/boot/grub/themes/starfield/theme.txt
GRUB_CMDLINE_LINUX="dobtrfs dolvm"
|
Use it as template. Maybe it helps. 
The UUIDs are not mandatory but better. The root_keydev and root_key parameters are for unlocking via a keyfile. I use an usb-stick for that. If you prefer the password unlocking you need to integrate a suitable keyboard-driver to type your password without problems.
You build the kernel with genkernel? Do you use the option "--luks". Its mandatory for the initramfs. I also would use "--lvm" even if you don't use it. But luks depends on it. The keyboard-driver goes into the initramfs. You need it early if you have to password-unlock the crypt-disk. For that I would use "--do-keymap-auto" but not sure with that parameter.
I'm using a crypted root filesystem and lvm. And that with OpenRC.
Edit-1:
Just to make sure. You emerged sys-boot/grub with the useflag "device-mapper"?
Edit-2:
You builld the kernel-stuff and install it at /boot. Then you need an initramfs that supports the luks-stuff. I build it like this - just as template
| Code: |
genkernel --luks --lvm initramfs
|
If you build your kernel with genkernel completly, can you please post the output here? Just want to see if luks and lvm are really integrated for the initramfs,
Then you need to update grub.cfg. With my /etc/default/grub I can just use
| Code: |
grub-mkconfig -o /boot/grub/grub.cfg
|
for that.
Grub will output some lines for each kernel it finds.
If you get no errors you can reboot and hope it works.
Edit-3:
Ups - I missed the dmcrypt part sorry. Just look in the wiki here: https://wiki.gentoo.org/wiki/Dm-crypt
You find an example. Its at the end. And don't forget to add dmcrypt to the 'boot'-runlevel. |
|
| Back to top |
|
|
nottobay
n00b
Joined: 22 Feb 2018
Posts: 12
|
|
| Back to top |
|
|
Tyrus
Guru
Joined: 03 Feb 2018
Posts: 300
|
| Posted: Wed Mar 07, 2018 10:19 pm Post subject: |
|
|
Ok looks like grub crashes. I have a guess for that.
But first - you did all that stuff after chrooting in the new gentoo-system first I hope? It's nowhere said but important, so just asking once.
I noticed that you have an EFI-directory in /boot. You are on a UEFI platform, correct? That means you need to setup grub for that. Just my guess - but I assume that could be the reason why grub crashes. There is a Wiki for that here where you can read about it: https://wiki.gentoo.org/wiki/GRUB2
Do this only if you are on an UEFI-Platform and grub is not setup already for that:
First you need to add this to your /etc/portage/make.conf:
| Code: |
GRUB_PLATFORMS="<your platform>"
|
Then you need to reemerge grub:
| Code: |
emerge --ask --newuse --deep sys-boot/grub:2
|
Then read under "UEFI with GPT".
It means that your partition layout should be GPT. (If your partition layout is different please post here.)
You need to mount the boot device if not mounted already and then install grub again.
| Code: |
grub-install --efi-directory=/boot/EFI
|
That's a template that fits for my system. Please check the wiki.
If grub installed correctly you should find a grubXXX.efi file under EFI/gentoo.
At last you can refresh grub.cfg again:
| Code: |
grub-mkconfig -o /boot/grub/grub.cfg
|
The warning you get there is not important because you don't use LVM. lvmetad is a service that is not running because you don't use LVM later. |
|
| Back to top |
|
|
PrSo
Tux's lil' helper
Joined: 01 Jun 2017
Posts: 136
|
| Posted: Thu Mar 08, 2018 8:49 am Post subject: |
|
|
@Tyrus
| nottobay wrote: | | I'm using openrc, if that helps. |
Yeah, it seems that I missed that.
@nottobay
Since kernel vmlinuz supports UEFI with ESP (EFI System Partition) you may consider efibootmgr and write entries directly to EFI. |
|
| Back to top |
|
|
nottobay
n00b
Joined: 22 Feb 2018
Posts: 12
|
| Posted: Thu Mar 08, 2018 8:36 pm Post subject: |
|
|
| Tyrus, I have been doing the chroot each time. I've tried your suggestions and it still doesn't work. |
|
| Back to top |
|
|
Tyrus
Guru
Joined: 03 Feb 2018
Posts: 300
|
| Posted: Thu Mar 08, 2018 8:57 pm Post subject: |
|
|
Can you please try this;
| Code: |
parted -a optimal /dev/sda
|
And then use the following commands:
print
quit
I would like to see the output of print. Just to see your partition layout and the flags.
Other question do you have a grub*.efi file now? You checked that? |
|
| Back to top |
|
|
nottobay
n00b
Joined: 22 Feb 2018
Posts: 12
|
| Posted: Sat Mar 10, 2018 1:16 am Post subject: |
|
|
| Thanks for your help. When I was emerging parted I ran into about a screen full of dependency issues, so I've desided to just reinstall from scratch. |
|
| Back to top |
|
|
Princess Nell
l33t
Joined: 15 Apr 2005
Posts: 927
|
| Posted: Sun Nov 03, 2019 6:03 pm Post subject: |
|
|
Apologies for reviving this old discussion, but I have the same problem as the OP.
https://wiki.gentoo.org/wiki/GRUB2/Advanced_storage has only a single instruction for booting from luks, but it clearly is not enough. I've also tried variations of /etc/default/grub
| Code: |
GRUB_CMDLINE_LINUX_DEFAULT="crypt_root=UUID=53262dc7-3035-4235-b0e4-a66e4a6541a4 real_root=UUID=c7b1c1c3-3456-4db8-d124-6a9d71577a3b"
|
but no luck.
The environment here is: BIOS boot, encrypted data HDD with MBR. SSD with GPT and encrypted root fs. All luks partitions in LUKS1 format as I read grub doesn't support LUKS2 yet. OpenRC, custom kernel, no initramfs.
I would say I have browsed a pretty comprehensive set of tutorials and one question I'm not clear on whether an initramfs is required here. |
|
| Back to top |
|
|
fturco
Veteran
Joined: 08 Dec 2010
Posts: 1181
|
| Posted: Mon Nov 04, 2019 10:21 am Post subject: |
|
|
| Princess Nell: I think a initramfs is required when you set up an encrypted root filesystem because there need to be some way of prompting the user for the password. |
|
| Back to top |
|
|
Princess Nell
l33t
Joined: 15 Apr 2005
Posts: 927
|
| Posted: Tue Nov 05, 2019 12:49 am Post subject: |
|
|
My reading of the grub manual, cryptomount directive, is that grub should do it all. https://www.gnu.org/software/grub/manual/grub/html_node/cryptomount.html.
One thing I discovered in the meantime is that grub needs to be built with the device-mapper USE flag. And I don't remember seeing that in any tutorial or wiki. This really makes a difference for the generated grub.cfg has the expected additions after adding GRUB_ENABLE_CRYPTODISK=y.
| Code: |
insmod part_gpt
insmod cryptodisk
insmod luks
insmod gcry_serpent
insmod gcry_serpent
insmod gcry_whirlpool
insmod ext2
cryptomount -u 76393dc730354235b0e4a66f4f7251a4
set root='cryptouuid/76393dc730354235b0e4a66f4f7251a4'
|
Kernel still fails to find a valid root fs. |
|
| Back to top |
|
|
freifunk_connewitz
Apprentice
Joined: 08 Feb 2006
Posts: 236
|
| Posted: Tue Nov 05, 2019 4:08 pm Post subject: |
|
|
Interesting point. In support of fturco I would say that you always need a kernel and initram to unlock the encrypted container and then hand over to the init system on it. Grub's cryptodisk function indeed seems to offer exactly that: decrypting a container and hand over do a bootable system found in it. I really wonder why no full-encrypted-system tutorial just simply uses this approach. There must be some thing else against it. Normally, in a fulldisk encryption environment, Grub needs to find a pre-baked initramfs in /boot, connected to a kernel found there. grub-mkconfig then installs entries for every kernel-initramfs pair found in /boot.
However, if you really have the same problem as the OP, meaning: a frozen boot after "Loading initramfs", then it fails way before cryptsetup. It fails to start the kernel at all. Most probably you should check your kernel and initramfs configuration. |
|
| Back to top |
|
|
GDH-gentoo
Veteran
Joined: 20 Jul 2019
Posts: 1791
Location: South America
|
| Posted: Tue Nov 05, 2019 8:20 pm Post subject: |
|
|
| Princess Nell wrote: | My reading of the grub manual, cryptomount directive, is that grub should do it all. https://www.gnu.org/software/grub/manual/grub/html_node/cryptomount.html.
[...]
| Code: |
insmod part_gpt
insmod cryptodisk
insmod luks
insmod gcry_serpent
insmod gcry_serpent
insmod gcry_whirlpool
insmod ext2
cryptomount -u 76393dc730354235b0e4a66f4f7251a4
set root='cryptouuid/76393dc730354235b0e4a66f4f7251a4'
|
|
I would expect this to be useful only if GRUB itself needs to access a file in an encrypted volume, and expect an initramfs to still be needed to open the one with the rootfs for the kernel once GRUB hands control to it. |
|
| Back to top |
|
|
Princess Nell
l33t
Joined: 15 Apr 2005
Posts: 927
|
| Posted: Wed Nov 06, 2019 1:00 pm Post subject: |
|
|
Noted.
I got it to work - with an initramfs. The crucial step was the device-mapper USE flag for grub, then carefully going over the setup again.
One thing I find a bit unclean is that the passphrase prompt is drowning in hw (usb) initialization messages. What can be done to change that, adding "quiet" to the cmd line in /etc/default/grub? |
|
| Back to top |
|
|
|
Installing Gentoo
