View previous topic :: View next topic |
Author |
Message |
tbaac n00b
Joined: 02 Mar 2008 Posts: 24 Location: UK
|
Posted: Sat Mar 21, 2020 4:45 pm Post subject: [SOLVED] dracut.kernel (cannot open root device on LUKS/LVM) |
|
|
Hi
Coming back to gentoo, I recently installed gentoo on a laptop, using:
https://wiki.gentoo.org/wiki/Full_Disk_Encryption_From_Scratch_Simplified
as a basis.
I used genkernel and eventually it worked.
I've now been trying to move to manual kernel configuration, and I need an initramfs for this as I have used luks and lvm.
Similar to the link above, my /dev/sda3 uses luks, and my root is /dev/mapper/vg0-root on that partition.
I used dracut to build an initramfs but when I try to boot it, it gives an error that it can't open root device mapper/vg0-root
(it hasn't asked for the luks password yet).
In dracut.conf:
dracutmodules+="btrfs crypt crypt-gpg lvm dm root-fs block"
(wasn't sure if I needed some of those but I included them anyway)
I've been banging my head against the wall for a few hours and visited some related web pages in the gentoo, arch and fedora communities but I've still not got it working.
From what I can see, this page:
https://wiki.gentoo.org/wiki/Dracut
advises:
Quote: | To boot from a root residing on an LVM volume located inside of an encrypted LUKS container these kernel command line options can be used: root=UUID=<root volume UUID> rd.luks.uuid=<LUKS partition UUID> rd.lvm.vg=<volume group name>. rd.lvm.vg might not be need depending on specific configuration but might lead to not all LVM partitions being activated. If for example the system has the following partitions: |
How do I do that please? I can't see if dracut.kernel is a file, or if the above options should just be used as parameters when running 'dracut' on the command line. But the variations that I've tried so far haven't worked.
Thanks for your help.
Last edited by tbaac on Sun Mar 22, 2020 5:34 pm; edited 1 time in total |
|
Back to top |
|
|
fturco Veteran
Joined: 08 Dec 2010 Posts: 1181 Location: Italy
|
Posted: Sat Mar 21, 2020 5:31 pm Post subject: |
|
|
The root, rd.luks.uuid, and rd.lvm.vg are all kernel parameters. If you use the GRUB bootloader you should add them to /etc/default/grub and then regenerate its configuration file with the grub-mkconfig -o /boot/grub/grub.cfg command.
As for the actual values to use, you can run the lsblk -f or blkid commands to show them. |
|
Back to top |
|
|
tbaac n00b
Joined: 02 Mar 2008 Posts: 24 Location: UK
|
Posted: Sat Mar 21, 2020 8:27 pm Post subject: |
|
|
Thanks very much for the reply.
I didn't think of /etc/default/grub.
Unfortunately now I get a kernel panic. Some of the output disappears off screen but it looks to be failing in mount_block_root, mount_root.
I can't see what the issue is.
My /etc/default/grub has these lines in (along with lots of other stuff obviously). The commented line is what worked for genkernel, the uncommented line is what I've been trying when I got the kernel panic:
Quote: |
#GRUB_CMDLINE_LINUX="dolvm crypt_root=UUID=314630a5-32eb-41e4-bb52-265b519bb86a root=/dev/mapper/vg0-root"
GRUB_CMDLINE_LINUX="dolvm root=UUID=5dc54235-a0ef-4dcc-8c6f-f47ddf73a0b2 rd.luks.uuid=314630a5-32eb-41e4-bb52-265b519bb86a rd.lvm.vg=vg0"
|
blkid: (I was booted from a live cd and chroot'd)
Quote: |
/dev/mapper/vg0-root: UUID="5dc54235-a0ef-4dcc-8c6f-f47ddf73a0b2" UUID_SUB="3c6730c1-e6f1-4ab2-ba4d-528f2514363b" TYPE="btrfs"
/dev/mapper/lvm: UUID="Rsa8TL-dux0-HFyq-t8WL-rZko-G3NJ-8x5E5e" TYPE="LVM2_member"
/dev/sda3: UUID="314630a5-32eb-41e4-bb52-265b519bb86a" TYPE="crypto_LUKS" PARTLABEL="lvm" PARTUUID="142db1bf-c82f-4399-a561-178aabb17203"
/dev/sda2: UUID="4829-61A3" TYPE="vfat" PARTLABEL="boot" PARTUUID="0cdc5545-9d96-44e1-ab3e-3a4e7b74380b"
/dev/mapper/vg0-swap: UUID="978c7ce7-29f7-4f31-a635-c9e7c526b91a" TYPE="swap"
/dev/loop0: TYPE="squashfs"
/dev/sda1: UUID="8a2774f9-9ae1-439d-8a52-73312b19be25" TYPE="ext4" PARTLABEL="grub" PARTUUID="30cacfbd-f580-4a94-8b3a-e084342b40d7"
/dev/sr0: UUID="0a28350b4553442d" LABEL="ESD-ISO" TYPE="udf"
/dev/sdb1: LABEL="USB DISK" UUID="223D-DC12" TYPE="vfat" PARTUUID="c3072e18-01"
/dev/mapper/vg0-var: UUID="aa55dc2f-beeb-476e-882f-7c37ebc91611" UUID_SUB="18cc597b-5193-4c71-aade-b37f8a7afceb" TYPE="btrfs"
/dev/mapper/vg0-home: UUID="33d79249-234e-4f3b-922a-d6d141f9b49f" UUID_SUB="60d25473-cc71-4b0b-add8-7d670e4ab38a" TYPE="btrfs"
|
/etc/dracut.conf:
Quote: |
hostonly="yes"
dracutmodules+="btrfs crypt crypt-gpg lvm dm rootfs-block"
|
building with this:
Quote: |
dracut --hostonly --force --kver 4.19.97-gentoo -a crypt
|
Can you see where I've gone wrong? Thanks again.
edit: I tried removed '-a crypt' from the dracut line and dolvm from the Grub config but I still get the same result. |
|
Back to top |
|
|
fturco Veteran
Joined: 08 Dec 2010 Posts: 1181 Location: Italy
|
Posted: Sun Mar 22, 2020 10:11 am Post subject: |
|
|
According to this:
Quote: | In some instances it might not work to add root option as Dracut also adds the default on its own. You might end up with a duplication that will cause the kernel to fail. |
So you may try to remove root=UUID=5dc54235-a0ef-4dcc-8c6f-f47ddf73a0b2 from GRUB_CMDLINE_LINUX and then regenerate /boot/grub/grub.cfg.
Also, please show us the output of the dracut command when generating the initramfs. |
|
Back to top |
|
|
tbaac n00b
Joined: 02 Mar 2008 Posts: 24 Location: UK
|
Posted: Sun Mar 22, 2020 11:18 am Post subject: |
|
|
Hi
Thanks again for the reply.
I ran it twice, once with the the GRUB_CMD_LINE as of yesterday, and once with the updated version:
Quote: |
#GRUB_CMDLINE_LINUX="dolvm crypt_root=UUID=314630a5-32eb-41e4-bb52-265b519bb86a root=/dev/mapper/vg0-root"
#GRUB_CMDLINE_LINUX="root=UUID=5dc54235-a0ef-4dcc-8c6f-f47ddf73a0b2 rd.luks.uuid=314630a5-32eb-41e4-bb52-265b519bb86a rd.lvm.vg=vg0"
GRUB_CMDLINE_LINUX="rd.luks.uuid=314630a5-32eb-41e4-bb52-265b519bb86a rd.lvm.vg=vg0"
|
Here's the output before I changed GRUB_CMD_LINE:
Quote: |
(chroot) kubuntu / # dracut --hostonly --force --kver 4.19.97-gentoo
dracut: Executing: /usr/bin/dracut --hostonly --force --kver 4.19.97-gentoo
dracut: *** Including module: btrfs ***
dracut: *** Including module: crypt ***
dracut: *** Including module: dm ***
dracut: Skipping udev rule: 64-device-mapper.rules
dracut: Skipping udev rule: 60-persistent-storage-dm.rules
dracut: Skipping udev rule: 55-dm.rules
dracut: *** Including module: lvm ***
dracut: Skipping program /bin/systemd-run using in udev rule 69-dm-lvm-metad.rules as it cannot be found
dracut: Skipping udev rule: 64-device-mapper.rules
dracut: Skipping udev rule: 56-lvm.rules
dracut: Skipping udev rule: 60-persistent-storage-lvm.rules
dracut: *** Including module: crypt-gpg ***
dracut: *** Including module: rootfs-block ***
dracut: *** Including module: udev-rules ***
dracut: Skipping udev rule: 40-redhat.rules
dracut: Skipping udev rule: 50-firmware.rules
dracut: Skipping udev rule: 50-udev.rules
dracut: Skipping udev rule: 91-permissions.rules
dracut: Skipping udev rule: 80-drivers-modprobe.rules
dracut: *** Including module: fs-lib ***
dracut: *** Including modules done ***
dracut: *** Installing kernel module dependencies ***
dracut: *** Installing kernel module dependencies done ***
dracut: *** Resolving executable dependencies ***
dracut: *** Resolving executable dependencies done***
dracut: *** Stripping files ***
dracut: *** Stripping files done ***
dracut: *** Generating early-microcode cpio image ***
dracut: *** Store current command line parameters ***
dracut: Stored kernel commandline:
dracut: rd.luks.uuid=luks-314630a5-32eb-41e4-bb52-265b519bb86a
dracut: rd.lvm.lv=vg0/root
rd.lvm.lv=vg0/swap
dracut: root=/dev/mapper/vg0-root rootfstype=btrfs rootflags=rw,relatime,space_cache,subvolid=5,subvol=/,
dracut: *** Creating image file '/boot/initramfs-4.19.97-gentoo.img' ***
dracut: *** Creating initramfs image file '/boot/initramfs-4.19.97-gentoo.img' done ***
|
And after the update:
Quote: |
(chroot) kubuntu / # dracut --hostonly --force --kver 4.19.97-gentoo > /home/tony/output1.txt
dracut: Executing: /usr/bin/dracut --hostonly --force --kver 4.19.97-gentoo
dracut: *** Including module: btrfs ***
dracut: *** Including module: crypt ***
dracut: *** Including module: dm ***
dracut: Skipping udev rule: 64-device-mapper.rules
dracut: Skipping udev rule: 60-persistent-storage-dm.rules
dracut: Skipping udev rule: 55-dm.rules
dracut: *** Including module: lvm ***
dracut: Skipping program /bin/systemd-run using in udev rule 69-dm-lvm-metad.rules as it cannot be found
dracut: Skipping udev rule: 64-device-mapper.rules
dracut: Skipping udev rule: 56-lvm.rules
dracut: Skipping udev rule: 60-persistent-storage-lvm.rules
dracut: *** Including module: crypt-gpg ***
dracut: *** Including module: rootfs-block ***
dracut: *** Including module: udev-rules ***
dracut: Skipping udev rule: 40-redhat.rules
dracut: Skipping udev rule: 50-firmware.rules
dracut: Skipping udev rule: 50-udev.rules
dracut: Skipping udev rule: 91-permissions.rules
dracut: Skipping udev rule: 80-drivers-modprobe.rules
dracut: *** Including module: fs-lib ***
dracut: *** Including modules done ***
dracut: *** Installing kernel module dependencies ***
dracut: *** Installing kernel module dependencies done ***
dracut: *** Resolving executable dependencies ***
dracut: *** Resolving executable dependencies done***
dracut: *** Stripping files ***
dracut: *** Stripping files done ***
dracut: *** Generating early-microcode cpio image ***
dracut: *** Store current command line parameters ***
dracut: Stored kernel commandline:
dracut: rd.luks.uuid=luks-314630a5-32eb-41e4-bb52-265b519bb86a
dracut: rd.lvm.lv=vg0/root
rd.lvm.lv=vg0/swap
dracut: root=/dev/mapper/vg0-root rootfstype=btrfs rootflags=rw,relatime,space_cache,subvolid=5,subvol=/,
dracut: *** Creating image file '/boot/initramfs-4.19.97-gentoo.img' ***
dracut: *** Creating initramfs image file '/boot/initramfs-4.19.97-gentoo.img' done ***
|
Can you see something wrong there? It looks okay to me, other than the kernel panic...
Thanks again. |
|
Back to top |
|
|
fturco Veteran
Joined: 08 Dec 2010 Posts: 1181 Location: Italy
|
Posted: Sun Mar 22, 2020 11:44 am Post subject: |
|
|
I don't see anything wrong with your dracut output.
Some other ideas:
- Did you enable btrfs support in the kernel?
- Did you enable support for LUKS and LVM in the kernel?
- Does your system ask for the LUKS password at boot?
- Do you really need to use dracut instead of genkernel?
|
|
Back to top |
|
|
tbaac n00b
Joined: 02 Mar 2008 Posts: 24 Location: UK
|
Posted: Sun Mar 22, 2020 12:33 pm Post subject: |
|
|
Thanks again for the reply.
Symbol BTRFS_FS [=y]
I used the kernel options from this page to set for LVM: https://wiki.gentoo.org/wiki/LVM
For LUKS, CRYPTO [=y], are there other options needed, I couldn't find them?
When I've been trying with dracut, I get the kernel panic a couple of seconds after the boot starts, I don't get asked for the LUKS password.
------------
I tried dracut after Genkernel wouldn't work for me for the initramfs (it did work when I used genkernel for both the kernel and the initramfs).
I just retried using Genkernel (after changing the GRUB_CMD_LINE settings back).
It asked for the LUKS password but fails booting after that.
Activating mdev...
Loading modules...
Loading from lvm
Loading from fs: reiserfs jfs xfs <---- no btrfs?
Loading from crypto:
(loaded other modules as well)
Scanning for volume groups....
Reading all physical volumes This may take a while...
Activating volume groups...
Enter passphrase for /dev/sda3:
device-mapper: reload ioctl on failed: No such file or directory
!! Failed to open LUKS device /dev/sda3
!! Could not find the root in /dev/sda3
!! Please specify another value or:
(etc.)
Ah, it looks like for btrfs support I need to add
--btrfs
as an option when building genkernel and
dobtrfs
specifying in GRUB_CMD_LINE.
I'll give that a go, thanks.
I'd probably prefer dracut, but if it works with genkernel's initramfs then least I'll be up again.
Thanks |
|
Back to top |
|
|
tbaac n00b
Joined: 02 Mar 2008 Posts: 24 Location: UK
|
Posted: Sun Mar 22, 2020 3:24 pm Post subject: |
|
|
I couldn't get Genkernel's initamfs to work still.
Extract from boot:
Quote: |
Loading from fs: reiserfs jfs xfs
Loading from crypto:
>>Scanning for volume groups ...
Reading all physical volumes. This may take a while...
>>Activating volume groups ...
>>Scanning for BTRFS devices ...
Scanning for Btrfs filesystems
Enter passphrase for /dev/sda3:
device-mapper: reload on ioctrl on failed: No such file or directory
!! Failed to open LUKS device /dev/sda3
!! Could not find the root in /dev/sda3
!! Please specify another values or:
....
|
I reread the dracut wiki page and saw that dracutmodules in dracut.conf is optional.
If you don't specify it then it tries to add everything (although some aren't added because they don't exist, such as dmraid).
Then I tried again, booting with the dracut created version and it asked for the LUKS passcode!
But halfway through typing it, it gives an error for random: 6 random warning(s) missed due to ratelimiting
device-mapper: table: 254:0: crypt: Error allocating crypto tfm
So, still a bit stuck. Not sure why it can't open the LUKS device with Genkernel's initramfs.
It opened it okay when I used genkernel for the Kernel and initramfs together, so I'm not sure what the issue is.
Thanks again. |
|
Back to top |
|
|
fturco Veteran
Joined: 08 Dec 2010 Posts: 1181 Location: Italy
|
Posted: Sun Mar 22, 2020 4:38 pm Post subject: |
|
|
Please check if you enabled in the kernel all the required LUKS algorithms.
But first you need to know which one you really need:
Code: | cryptsetup luksDump /dev/sda3 |
For example on my system I get:
Quote: | cipher: aes-xts-plain64 |
So I need to enable at least CONFIG_CRYPTO_XTS and CONFIG_CRYPTO_AES.
Another idea is to check if you enabled CONFIG_BLK_DEV_DM and CONFIG_DM_CRYPT. |
|
Back to top |
|
|
tbaac n00b
Joined: 02 Mar 2008 Posts: 24 Location: UK
|
Posted: Sun Mar 22, 2020 5:33 pm Post subject: |
|
|
Thanks very much for your patience.
Luckily I have the same cipher as you, so I could just use your list of required kernel options
I was missing CONFIG_CRYPTO_XTS, and after adding that and rebuilding the kernel and then rebuilding the initramfs with dracut, it booted
It turned out that (as the page I'd read suggested), the error
Quote: |
random: 6 random warning(s) missed due to ratelimiting
|
wasn't important. (It just looked like it might be as the error with dracut had suggested that the password was wrong, and the above error appears halfway through typing the password).
And as above, to resolve the kernel panic I had to use the default list of modules for dracut rather than specifying my own.
Sometime I'll have to try working out which modules I needed to include with dracut.
So thanks again, I'm in now |
|
Back to top |
|
|
|