View previous topic :: View next topic |
Author |
Message |
avdb n00b
Joined: 16 Aug 2020 Posts: 65 Location: Netherlands
|
Posted: Wed Aug 19, 2020 3:12 pm Post subject: [SOLVED] Encrypted BTRFS installation can't find root device |
|
|
After losing my data twice with LUKS on LVM encryption, I wanted to give BTRFS a try. I looked around on the internet and after a day and a half I finally got a new installation ready. The only problem being that my system got some trouble booting up.
I loosely followed this guide:
https://wiki.gentoo.org/wiki/Full_Encrypted_Btrfs/Native_System_Root_Guide
Note the difference between my mtab and fstab, I don't think that this could have caused problems but correct me if I'm wrong. I generated the same kernel as in the guide and enabled the same settings but I'm running into a kernel panic nonetheless.
If there's any additional information necessary to help me out, please let me know.
This is what I'm greeted with when I boot up my system:
Code: |
raid6: sse2x2 xor() 9387 MB/s
raid6: sse2x1 gen() 11503 MB/s
raid6: sse2x1 xor() 6996 MB/s
raid6: using algorithm aux2x4 gent() 33466 MB/s
raid6: .... xor() 12499 MB/s, rmw enabled
raid6: using avx2x2 recovery algorithm
xor: automatically using best checksumming function avx
async_tx: api initialized (async)
raid456 raidS raid6& raid10 linear multipath
:: Loading from fs: Btrfs loaded, crc32c=crc32c-generic, asser=on, ref-verify=on
btrfs JFS: nTxBlock = 8192, nTxLock = 65536
jfs sd 5:0:0:0: [sdd] Attached SCSI removable disk
sd 5:0:0:3: [sdg] Attached SCSI removable disk
RPC: Registered named UNIX socket transport module.
RPC: Registered udp transport module.
RPC: Registered tcp transport module.
RPC: Registered tcp NFSv4.1 backchannel transport module.
sd 6:0:0:0: [sdh] Attached SCSI removable disk
sd 5:0:0:2: [sdf] Attached SCSI removable disk
sd 5:0:0:1: [sde] Attached SCSI removable disk
nfs sdc: sdci sdc2
sd 4:0:0:0: [sdc] Attached SCSI removable disk
fuse: init (API version 7.31)
fuse
:: Loading from net: bnx2 e1000: Intel(R) PRO/1000 Network Driver - version 7.3.21-k8-NAPI
©1000: Copyright (c) 1999-2006 Intel Corporation.
©1000 penet32 r8169 sky2: driver version 1.30
sky2 pps_core: LinuxPPS API ver. 1 registered
pps_core: Software ver. 5.3.6 — Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>
PTP clock support registered
tg3 maculan cxgb cxgb3 tulip dca service started, version 1.12.1
lxgbe: Intel(R) 10 Gigabit PCI Express Network Driver - version 5.1.0-k
lxgbe: Copyright (c) 1999-2016 Intel Corporation.
lxgbe ixgb: Intel(R) PRO/10GbE Network Driver - version 1.0.135-k2-NAPI
lxgb: Copyright (c) 1999-2008 Intel Corporation.
lxgb
:: Loading from iscsi: Loading iSCSI transport class v2 .0-870.
scsi_transport_iscsi libiscsi
:: Loading from crypto: sha1_generic sha512_generic aes_generic
:: Loading from virtio:
>> Initializing root device...
!! Unable to resolve root: UUID=dec8278e-2287-4b9f-8117-f5fdZ2Ob2f970
!! Could not find the root block device in UUID=dec8278e-2287-4b9f-8117-f5fdZ2Ob2f970.
!! Please specify another value or:
!! — press Enter for the same
!! — type “shell” for a shell
!! — type “q" to skip...
root block device (UUID=dec8278e-2287-4b9f-8117-fF5fdZ2Ob2f970) ::
|
Output of /etc/mtab:
Code: | /dev/mapper/btrfs / btrfs rw,noatime,compress=lzo,ssd,space_cache,subvolid=256,subvol=@ 0 0
/dev/mapper/btrfs /boot btrfs rw,noatime,compress=lzo,ssd,space_cache,subvolid=257,subvol=@boot 0 0
/dev/mapper/btrfs /home btrfs rw,noatime,compress=lzo,ssd,space_cache,subvolid=258,subvol=@home 0 0
/dev/mapper/btrfs /var btrfs rw,noatime,compress=lzo,ssd,space_cache,subvolid=259,subvol=@var 0 0
/dev/mapper/btrfs /.snapshots btrfs rw,noatime,compress=lzo,ssd,space_cache,subvolid=260,subvol=@snapshots 0 0 |
Output of /etc/fstab:
Code: | LABEL=btrfs / btrfs defaults,noatime,compress=lzo,subvol=@ 0 0
LABEL=btrfs /boot btrfs defaults,noatime,subvol=@boot 0 0
LABEL=btrfs /home btrfs defaults,noatime,compress=lzo,subvol=@home 0 0
LABEL=btrfs /var btrfs defaults,noatime,subvol=@var 0 0
LABEL=btrfs /.snapshots btrfs defaults,noatime,subvol=@snapshots 0 0
|
Output of /etc/default/grub:
Code: | GRUB_DISTRIBUTOR="Gentoo"
GRUB_ENABLE_CRYPTODISK=y
GRUB_CMDLINE_LINUX_DEFAULT="rd.luks=1 rd.luks.key=/root/secretkey rd.luks.uuid=luks-1024e0c1-9fa3-4cd8-988f-267f6a82554d" |
Output of /boot/grub/grub.cfg:
Code: |
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#
### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
load_env
fi
if [ "${next_entry}" ] ; then
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
else
set default="0"
fi
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
else
menuentry_id_option=""
fi
export menuentry_id_option
if [ "${prev_saved_entry}" ]; then
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
fi
}
function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}
if [ x$feature_default_font_path = xy ] ; then
font=unicode
else
insmod part_gpt
insmod cryptodisk
insmod luks
insmod gcry_serpent
insmod gcry_serpent
insmod gcry_sha512
insmod btrfs
cryptomount -u 1024e0c19fa34cd8988f267f6a82554d
set root='cryptouuid/1024e0c19fa34cd8988f267f6a82554d'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint='cryptouuid/1024e0c19fa34cd8988f267f6a82554d' dec8278e-2287-4b9f-8117-f5fd20b2f970
else
search --no-floppy --fs-uuid --set=root dec8278e-2287-4b9f-8117-f5fd20b2f970
fi
font="/@/usr/share/grub/unicode.pf2"
fi
if loadfont $font ; then
set gfxmode=auto
load_video
insmod gfxterm
set locale_dir=$prefix/locale
set lang=en_US
insmod gettext
fi
terminal_output gfxterm
if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
set timeout=5
fi
### END /etc/grub.d/00_header ###
### BEGIN /etc/grub.d/10_linux ###
menuentry 'Gentoo GNU/Linux' --class gentoo --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-dec8278e-2287-4b9f-8117-f5fd20b2f970' {
load_video
if [ "x$grub_platform" = xefi ]; then
set gfxpayload=keep
fi
insmod gzio
insmod part_gpt
insmod cryptodisk
insmod luks
insmod gcry_serpent
insmod gcry_serpent
insmod gcry_sha512
insmod btrfs
cryptomount -u 1024e0c19fa34cd8988f267f6a82554d
set root='cryptouuid/1024e0c19fa34cd8988f267f6a82554d'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint='cryptouuid/1024e0c19fa34cd8988f267f6a82554d' dec8278e-2287-4b9f-8117-f5fd20b2f970
else
search --no-floppy --fs-uuid --set=root dec8278e-2287-4b9f-8117-f5fd20b2f970
fi
echo 'Loading Linux x86_64-5.8.1-gentoo ...'
linux /@boot/kernel-genkernel-x86_64-5.8.1-gentoo root=UUID=dec8278e-2287-4b9f-8117-f5fd20b2f970 ro rootflags=subvol=@ rd.luks=1 rd.luks.key=/root/secretkey rd.luks.uuid=luks-1024e0c1-9fa3-4cd8-988f-267f6a82554d
echo 'Loading initial ramdisk ...'
initrd /@boot/initramfs-genkernel-x86_64-5.8.1-gentoo
}
submenu 'Advanced options for Gentoo GNU/Linux' $menuentry_id_option 'gnulinux-advanced-dec8278e-2287-4b9f-8117-f5fd20b2f970' {
menuentry 'Gentoo GNU/Linux, with Linux x86_64-5.8.1-gentoo' --class gentoo --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-x86_64-5.8.1-gentoo-advanced-dec8278e-2287-4b9f-8117-f5fd20b2f970' {
load_video
if [ "x$grub_platform" = xefi ]; then
set gfxpayload=keep
fi
insmod gzio
insmod part_gpt
insmod cryptodisk
insmod luks
insmod gcry_serpent
insmod gcry_serpent
insmod gcry_sha512
insmod btrfs
cryptomount -u 1024e0c19fa34cd8988f267f6a82554d
set root='cryptouuid/1024e0c19fa34cd8988f267f6a82554d'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint='cryptouuid/1024e0c19fa34cd8988f267f6a82554d' dec8278e-2287-4b9f-8117-f5fd20b2f970
else
search --no-floppy --fs-uuid --set=root dec8278e-2287-4b9f-8117-f5fd20b2f970
fi
echo 'Loading Linux x86_64-5.8.1-gentoo ...'
linux /@boot/kernel-genkernel-x86_64-5.8.1-gentoo root=UUID=dec8278e-2287-4b9f-8117-f5fd20b2f970 ro rootflags=subvol=@ rd.luks=1 rd.luks.key=/root/secretkey rd.luks.uuid=luks-1024e0c1-9fa3-4cd8-988f-267f6a82554d
echo 'Loading initial ramdisk ...'
initrd /@boot/initramfs-genkernel-x86_64-5.8.1-gentoo
}
menuentry 'Gentoo GNU/Linux, with Linux x86_64-5.8.1-gentoo (recovery mode)' --class gentoo --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-x86_64-5.8.1-gentoo-recovery-dec8278e-2287-4b9f-8117-f5fd20b2f970' {
load_video
if [ "x$grub_platform" = xefi ]; then
set gfxpayload=keep
fi
insmod gzio
insmod part_gpt
insmod cryptodisk
insmod luks
insmod gcry_serpent
insmod gcry_serpent
insmod gcry_sha512
insmod btrfs
cryptomount -u 1024e0c19fa34cd8988f267f6a82554d
set root='cryptouuid/1024e0c19fa34cd8988f267f6a82554d'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint='cryptouuid/1024e0c19fa34cd8988f267f6a82554d' dec8278e-2287-4b9f-8117-f5fd20b2f970
else
search --no-floppy --fs-uuid --set=root dec8278e-2287-4b9f-8117-f5fd20b2f970
fi
echo 'Loading Linux x86_64-5.8.1-gentoo ...'
linux /@boot/kernel-genkernel-x86_64-5.8.1-gentoo root=UUID=dec8278e-2287-4b9f-8117-f5fd20b2f970 ro single rootflags=subvol=@
echo 'Loading initial ramdisk ...'
initrd /@boot/initramfs-genkernel-x86_64-5.8.1-gentoo
}
}
### END /etc/grub.d/10_linux ###
### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###
### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###
### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###
### BEGIN /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; then
source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ### |
Last edited by avdb on Fri Aug 21, 2020 9:29 am; edited 1 time in total |
|
Back to top |
|
|
fturco Veteran
Joined: 08 Dec 2010 Posts: 1181 Location: Italy
|
Posted: Thu Aug 20, 2020 5:35 am Post subject: |
|
|
Please post the output of the following command:
Did you use the --btrfs, --lvm, and/or --luks options with genkernel? |
|
Back to top |
|
|
superjaded l33t
Joined: 05 Jul 2002 Posts: 802
|
Posted: Thu Aug 20, 2020 5:50 am Post subject: |
|
|
I've never had great luck with genkernel so I'm not going to be much help with that in particular, but I do notice the guide you are referencing seems to be using dracut for creating the initramfs. As such, your /etc/default/grub is wrong for use with a genkernel initramfs.
Take a look at the Generating an initramfs section of one of Gentoo's full disk encryption articles for the different ways in which you would formulate your kernel command line based on which initramfs you are using. TLDR; none of the rd.* command line options are likely to work outside of dracut. |
|
Back to top |
|
|
fturco Veteran
Joined: 08 Dec 2010 Posts: 1181 Location: Italy
|
Posted: Thu Aug 20, 2020 8:03 am Post subject: |
|
|
Right. OP should try the crypt_root=UUID=xxxxx root=UUID=yyyyy options, too. |
|
Back to top |
|
|
Whissi Retired Dev
Joined: 12 Jan 2011 Posts: 222
|
Posted: Thu Aug 20, 2020 12:32 pm Post subject: |
|
|
Code: | echo 'Loading Linux x86_64-5.8.1-gentoo ...'
linux /@boot/kernel-genkernel-x86_64-5.8.1-gentoo root=UUID=dec8278e-2287-4b9f-8117-f5fd20b2f970 ro rootflags=subvol=@ rd.luks=1 rd.luks.key=/root/secretkey rd.luks.uuid=luks-1024e0c1-9fa3-4cd8-988f-267f6a82554d
echo 'Loading initial ramdisk ...'
initrd /@boot/initramfs-genkernel-x86_64-5.8.1-gentoo | This is not how a kernel command-line for genkernel usage should look like. You are using dracut syntax here (all the rd.* stuff is dracut). Please re-read output from genkernel after it created kernel/initramfs for you (it will tell you required parameters) and see genkernel's man page or Wiki for more details. _________________ Regards,
Whissi |
|
Back to top |
|
|
avdb n00b
Joined: 16 Aug 2020 Posts: 65 Location: Netherlands
|
Posted: Fri Aug 21, 2020 9:26 am Post subject: |
|
|
Somebody on the Gentoo Freenode channel told me that I was indeed loading the wrong initramfs file.
After hours of troubleshooting I decided to look at genkernel's configuration files. Turned out that they only turn on AES-XTS-PLAIN64 by default while I was SERPENT-XTS-PLAIN64, generating an initramfs with Dracut wasn't even necessary. |
|
Back to top |
|
|
Whissi Retired Dev
Joined: 12 Jan 2011 Posts: 222
|
|
Back to top |
|
|
avdb n00b
Joined: 16 Aug 2020 Posts: 65 Location: Netherlands
|
Posted: Fri Aug 21, 2020 6:44 pm Post subject: |
|
|
That's kind of you, but I think I'm the only one that uses it and was unaware that I had to enable it in the configuration file. 99% of people will just stick with AES. |
|
Back to top |
|
|
Whissi Retired Dev
Joined: 12 Jan 2011 Posts: 222
|
Posted: Fri Aug 21, 2020 7:34 pm Post subject: |
|
|
I added this primarily because it looks like Arch Linux's dm-crypt wiki page, even used by many Gentoo users, is now recommending (or at least using) SERPENT-XTS-PLAIN64 in shown examples. So I expect that we will see multiple people running into this, soon. _________________ Regards,
Whissi |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|