| View previous topic :: View next topic |
| Author |
Message |
NeverSloppy
n00b
Joined: 03 Nov 2022
Posts: 29
|
 Posted: Mon Nov 07, 2022 2:33 am Post subject: LUKS with UEFI/GPT in virt manager unable to load with GRUB |
 |
|
Hello all  I am looking to install Gentoo soon on my hardware. For now I am practicing on virt-manager.
My problem is that I am making a mistake somewhere and I can't figure out where because GRUB does not want to find or load my kernel or
encrypted partition.
This is all in a virt manager. Once I install GRUB and reboot nothing shows up in the GUI.
here is my fstab
| Code: |
// I replace </dev/..> with blkid UUID output
UUID=</dev/sda1 id> /boot vfat noauto,noatime 1 2
UUID=<./dev/sda2 id> none swap defaults 0 0
UUID=<./dev/mapper/root id> / ext4 defaults 0 1
|
and my /etc/default/grub
| Code: |
GRUB_CMDLINE_LINUX="crypt_root=UUID=</dev/sda3 id>"
|
After I run these commands
| Code: |
grub-install --target=x86_64-efi --efi-directory=/boot
grub-mkconfig -o /boot/grub/grub.cfg
|
then I reboot and grub cannot load me into the password prompt.. Anybody know what I'm doing wrong?
--------------------------------------------
Here is how I setup LUKS from outside of chroot. Also the tutorial mentioned using LVM but I just skip that part. Maybe that's what I'm doing wrong?
LUKS encrypt /dev/sda3 (root)
| Code: |
cryptsetup -c aes-xts-plain64 -s 512 -y luksFormat /dev/sda3
cryptsetup luksOpen /dev/sda3 myname
mkfs.ext4 /dev/mapper/myname
mount /dev/mapper/myname /mnt/gentoo
|
-----------------------------------------
this is how I install grub
| Code: |
emerge sys-fs/cryptsetup
echo "sys-boot/grub:2 device-mapper" >> /etc/portage/package.use/sys-boot
emerge -av grub
|
----------------------------------------
will placing this in make.conf fix it? Can't test it as it takes me about an hour to start from scratch.
| Code: |
echo 'GRUB_PLATFORMS="efi-64"' >> /etc/portage/make.conf
|
|
|
| Back to top |
|
 |
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3957
|
| Posted: Mon Nov 07, 2022 12:16 pm Post subject: |
|
|
You are missing initramfs.
You absolutely need one.
Try with dracut.
Plz post
You absolutely need "efi-64" in make.conf and re-emerging grub.
You need then to install grub
| Code: |
grub-install --target=x86_64-efi.................etc
|
In /etc/default/grub
| Code: |
GRUB_CMDLINE_LINUX="cryptdevice=UUID=</dev/sda3 id>:root root=/dev/mapper/root"
#####if you use dracut
GRUB_PRELOAD_MODULES="luks"
|
Enable dmcrypt@boot.
Use
| Code: |
cryptsetup luksOpen /dev/sda3 root
|
In fstab you dont need UUID for /
| Code: |
/dev/mapper/root / ext4 defaults 0 0
|
should ok.
Also create an entry in /etc/crypttab
| Code: |
root <UUID-of-/dev/sda3> none luks,initramfs
|
_________________
|
|
| Back to top |
|
|
NeverSloppy
n00b
Joined: 03 Nov 2022
Posts: 29
|
| Posted: Mon Nov 07, 2022 5:08 pm Post subject: |
|
|
Does this command not deal with creating initramfs?
| Code: |
genkernel --luks all
|
Btw, It seems I'm missing the above command in my install process as I'm following from the notes
I wrote down on paper. Don't see genkernal anywhere.. Could this be the reason I'm failing?  |
|
| Back to top |
|
|
grknight
Retired Dev
Joined: 20 Feb 2015
Posts: 2046
|
| Posted: Mon Nov 07, 2022 5:15 pm Post subject: |
|
|
First off, GRUB won't ask for a password unless its boot data is encrypted. As sda1 is vfat, this is unlikely.
What should be asking is the initramfs created by genkernel because of crypt_root=.
Please give more detail or possibly a screenshot of what appears last when booting.
Also post your /boot/grub/grub.cfg |
|
| Back to top |
|
|
NeverSloppy
n00b
Joined: 03 Nov 2022
Posts: 29
|
| Posted: Mon Nov 07, 2022 5:29 pm Post subject: |
|
|
Apparently, I've been skipping genkernel --luks all.
Waiting for cryptsetup to finish compiling as I started a new VM. Next I will run the above command
and then install grub. That has to be my issue that I couldn't find lol. |
|
| Back to top |
|
|
NeverSloppy
n00b
Joined: 03 Nov 2022
Posts: 29
|
| Posted: Mon Nov 07, 2022 8:04 pm Post subject: |
|
|
Well the good news is that Grub found my kernel.
The bad news is that I'm now getting this:
| Code: |
Block device /dev/mapper/root is not a valid root device
Could not find the root block device in /dev/mapper/root.
|
|
|
| Back to top |
|
|
NeverSloppy
n00b
Joined: 03 Nov 2022
Posts: 29
|
| Posted: Mon Nov 07, 2022 8:13 pm Post subject: |
|
|
| grknight wrote: | First off, GRUB won't ask for a password unless its boot data is encrypted. As sda1 is vfat, this is unlikely.
What should be asking is the initramfs created by genkernel because of crypt_root=.
Please give more detail or possibly a screenshot of what appears last when booting.
Also post your /boot/grub/grub.cfg |
Here you go
https://imgur.com/a/nAmUjGY |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54987
Location: 56N 3W
|
| Posted: Mon Nov 07, 2022 8:15 pm Post subject: |
|
|
NeverSloppy,
You should have been asked for your passphrase before that point.
The error should have dropped you to a shell.
What do you have in /dev/mapper ?
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
NeverSloppy
n00b
Joined: 03 Nov 2022
Posts: 29
|
| Posted: Mon Nov 07, 2022 8:19 pm Post subject: |
|
|
| NeddySeagoon wrote: | NeverSloppy,
You should have been asked for your passphrase before that point.
The error should have dropped you to a shell.
What do you have in /dev/mapper ? |
Ok I typed shell and then ls /dev/mapper/
Only says a file called "control"
----------------
Didn't get any password prompt after selecting Gentoo on grub gui
Also I didn't create an /etc/crypttab as suggested above by user alamahant
And I changed my /etc/fstab from the UUID to /dev/mapper/root ..
This is my partition (lsblk -f) output before exiting and rebooting:
https://imgur.com/a/XX7RgYe
------------------
I've been using gdisk to partiton my virtual disk. Could it be because I forget to give them a name using the "c" command?
-----------------
ok so I screwed it up now lol. Was messing with the virtual machine's boot order and changed it from VirtIO Disk 1 to SATA CDROM1
and now i can't boot up GRUB... rip. |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54987
Location: 56N 3W
|
| Posted: Mon Nov 07, 2022 10:13 pm Post subject: |
|
|
NeverSloppy,
The password unlocks the encrypted container.
Until the container is unlocked, your root filesystem is not visible.
The immediate problem is why you did not get prompted for your pass phrase.
In the shell, you can give the command to unlock the container.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
NeverSloppy
n00b
Joined: 03 Nov 2022
Posts: 29
|
| Posted: Mon Nov 07, 2022 11:06 pm Post subject: |
|
|
IDK I'm still a noob..
Is there a difference between cryptdevice=UUID and crypt_root=UUID??
One thing I don't do is run update-grub because I run grub-mkconfig -o /boot/grub/grub.cfg
right after grub-install --target.... But before both of these commands I run emerge -av grub
and then I edit /etc/default/grub with crypt_root=UUID....
Or maybe because my VM's bus is VirtIO??
Next time I will only use UUID to make sure everything is set correct. |
|
| Back to top |
|
|
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3957
|
| Posted: Mon Nov 07, 2022 11:19 pm Post subject: |
|
|
| Quote: |
Is there a difference between cryptdevice=UUID and crypt_root=UUID??
|
The first understood by dracut, the second by genkernel.
_________________
|
|
| Back to top |
|
|
NeverSloppy
n00b
Joined: 03 Nov 2022
Posts: 29
|
| Posted: Mon Nov 07, 2022 11:28 pm Post subject: |
|
|
| alamahant wrote: | | Quote: |
Is there a difference between cryptdevice=UUID and crypt_root=UUID??
|
The first understood by dracut, the second by genkernel. |
Well I can't remember if I used cryptdevice or crypt_root. Could this be why
I couldn't get a password prompt? |
|
| Back to top |
|
|
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3957
|
| Posted: Mon Nov 07, 2022 11:37 pm Post subject: |
|
|
I like dracut so i would use "cryptdevice=UUID=" with dracut.
Do you have dracut?
In any case remember to recreate your initramfs after modifying /etc/default/grub.
Again I am biased towards dracut so i would advice you to use it.
Did you create the /etc/crypttab entry?
If not plz do so now.
Then
| Code: |
#edit /etc/default/grub
#edit /etc/crypttab
#then
dracut --force --kver $(ls /lib/modules | tail -n 1)
grub-mkconfig -o /boot/grub/grub.cfg
|
_________________
Last edited by alamahant on Mon Nov 07, 2022 11:48 pm; edited 2 times in total |
|
| Back to top |
|
|
NeverSloppy
n00b
Joined: 03 Nov 2022
Posts: 29
|
| Posted: Mon Nov 07, 2022 11:42 pm Post subject: |
|
|
I am reading the Dracut wiki now. But I am still noob and following this tutorial that mentions nothing
about dracut or building your own kernel. Plus I'm doing this in a VM. Once I go to hardware I will
use dracut.
https://wiki.gentoo.org/wiki/Full_Disk_Encryption_From_Scratch_Simplified
--------------------
Also was cryptdevice=UUID my problem as I used Genkernel?
Don't plan on retrying until tomorrow. |
|
| Back to top |
|
|
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3957
|
| Posted: Mon Nov 07, 2022 11:47 pm Post subject: |
|
|
| Quote: |
Also was cryptdevice=UUID my problem as I used Genkernel?
|
Yes probably.
Plz see my last post above.
_________________
|
|
| Back to top |
|
|
NeverSloppy
n00b
Joined: 03 Nov 2022
Posts: 29
|
| Posted: Tue Nov 08, 2022 12:30 am Post subject: |
|
|
ok, thanks I will try dracut the next time I create a VM. It will play nice with Genkernel??
Lastly, before I retry the whole process, could I be having problems because I'm using
admincd-amd64.-xxx.iso ??
I don't know what the difference between minimal and admin is. I picked it because
I thought it would work better with a hardened stage3 which I plan on installing on my hardware. |
|
| Back to top |
|
|
NeverSloppy
n00b
Joined: 03 Nov 2022
Posts: 29
|
| Posted: Tue Nov 08, 2022 6:42 am Post subject: |
|
|
NeddySeagoon, now grub loads me into a password prompt but I end up in the same situation.
/dev/mapper/myname is not a valid root device. Please check the images of my virtual machine.
https://imgur.com/a/1ibZaD5 |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54987
Location: 56N 3W
|
| Posted: Tue Nov 08, 2022 1:19 pm Post subject: |
|
|
NeverSloppy,
Do not redo the whole thing. Its only your kernel and initrd that need to be fixed.
You won't fix it by redoing everything. Its likely you will just make a different mistake instead.
Gentoo is not like binary distros and responds badly to treating it as if it was.
As long as you keep the kernel command line as one single line and less than the maximum permitted length, it's OK to have redundant information there.
Whats not understood by the kernel or initrd will just be ignore.
The boot media does not matter. Its just a toolkit used to perform the install.
None of its code goes into your install.
Have a read of PC Boot Process to help understand what is going on.
I suspect that using the wrong cryptdevice=UUID and crypt_root=UUID will cause the initrd to skip unlocking the encrypted container, so you won't be asked for a pass phrase.
There is an easy test.
At the grub menu, choose the entry to boot and press 'e' to edit it.
Follow the on screen instructions and swap cryptdevice= for crypt_root= in the kernel command line.
Boot that. Is it any different?
That's an in memory change only. If it works now, redo your grub.cfg.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54987
Location: 56N 3W
|
| Posted: Tue Nov 08, 2022 1:24 pm Post subject: |
|
|
NeverSloppy,
We cross posted. :)
In the shell, what do you have in
It should be control and your root device, whatever that is.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
NeverSloppy
n00b
Joined: 03 Nov 2022
Posts: 29
|
| Posted: Tue Nov 08, 2022 2:08 pm Post subject: |
|
|
This is how my GRUB is looking: https://imgur.com/a/svDj81K
| Code: | rescueshell / # ls /dev/mapper
control root
|
--------------------
I feel like I'm confused on what the name of /dev/mapper/<this part> should be.
Is it not supposed to be the name I used when running cryptsetup luksOpen /dev/sda3 myname ?????
Or do I always have to use /dev/mapper/root ?
Last edited by NeverSloppy on Tue Nov 08, 2022 2:11 pm; edited 2 times in total |
|
| Back to top |
|
|
grknight
Retired Dev
Joined: 20 Feb 2015
Posts: 2046
|
| Posted: Tue Nov 08, 2022 2:10 pm Post subject: |
|
|
| NeverSloppy wrote: | This is how my GRUB is looking: https://imgur.com/a/svDj81K
ls /dev/mapper lists two files control and root
--------------------
I feel like I'm confused on what the name of /dev/mapper/<this part> should be.
Is it not supposed to be the name I used when running cryptsetup luksOpen /dev/sda3 myname ?????
Or do I always have to use /dev/mapper/root ? |
With a genkernel initramfs, it will always open as /dev/mapper/root.
With other initramfs, the name might be able to be specified
If you remove the root=/dev/mappper/myname from grub, it should just work. |
|
| Back to top |
|
|
NeverSloppy
n00b
Joined: 03 Nov 2022
Posts: 29
|
| Posted: Tue Nov 08, 2022 2:17 pm Post subject: |
|
|
Ah, I see now.
Yay! I'm in now after changing grub cmdline to root=/dev/mapper/root
Thank you to everyone that helped out. Really learned a lot. |
|
| Back to top |
|
|
NeverSloppy
n00b
Joined: 03 Nov 2022
Posts: 29
|
| Posted: Tue Nov 08, 2022 6:02 pm Post subject: |
|
|
Don't know if it's ok to get some help on something else in this thread, now that my last problem is solved.
After entering successfully to my encrypted root, I checked ping -c and was unsuccessful in getting any ethernet.
Was I supposed to install dhcpcd before exiting chroot? Because I didn't.
I am rebuilding the kernel with makeconfig and I unchecked a bunch of bloat. Also I added some Intel ethernet drivers
since I believe that's what virt manager is using..
just followed the instructions from here https://www.overclockers.com/forums/threads/gentoo-eth0-wont-come-up-netmount-needed.405863/
| Code: |
When you built your kernel, did you enable the driver for your ethernet chipset? They are disabled by default. If you did not, you will need to rebuild your kernel.
cd /usr/src/linux
make menuconfig
<add your driver and save>
make && make modules_install
then copy the stuff as it says in the manual and reboot. |
Man, Genkernel is a pain. |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54987
Location: 56N 3W
|
| Posted: Tue Nov 08, 2022 6:30 pm Post subject: |
|
|
NeverSloppy,
Its good practice to start a new topic for a new problem as your helpers for the old problem may not be able to help with the new one.
New helpers may not look at topics they have already passed by.
First of all, don't guess.
Run is your guest VW and look for the numbers for the Vendor and Device ID of the device in question. This example uses my real hardware but in won't matter. The technique is the same.
| Code: | 06:00.0 Ethernet controller [0200]: Intel Corporation I211 Gigabit Network Connection [8086:1539] (rev 03)
Subsystem: ASUSTeK Computer Inc. Device [1043:85f0]
Kernel driver in use: igb |
The Vendor and device ID here is from the first line.
As a bonus, it says | Code: | | Kernel driver in use: igb |
so my running kernel is good and the driver is loaded.
Put Linux PCI 8086:1539 into your favourite search engine and look for hits from cateee.net.
That tells me at the top of the page CONFIG_IGB.
Make sure that kernel symbol is set as =y or =m in
Rebuild the kernel if needed and boot into it.
Once you get Kernel driver in use ... your kernel is good.
Now run DOes your ethernent interface appear there and does it have an IP Address ?
| Code: | $ ifconfig -a
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.25 netmask 255.255.255.255 broadcast 192.168.100.255
inet6 <removed> prefixlen 64 scopeid 0x0<global>
inet6 fe80::fe34:97ff:feb7:d44 prefixlen 64 scopeid 0x20<link>
ether fc:34:97:b7:0d:44 txqueuelen 1000 (Ethernet)
RX packets 165348707 bytes 34287103192 (31.9 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 158247583 bytes 17142553424 (15.9 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xfc600000-fc61ffff |
is good.
| Code: | eth1: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether fc:34:97:b7:0d:45 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 |
The kernel is good but the setup is missing
Ignore lo: and sit0:
Your interface is unlikely to be named ethX as udev will have renamed it for you.
Next you need a dhcpcd of some sort. Busybox will do. Its in your initrd, so you have the sources.
is a good enough test.
bb starts the shell exit quits it again.
should work if needed without an internet connection.
| Code: | | ifconfig dhcpcd <interface_name> |
should fall back to busyboxes uhcpcd, if needed.
That last step will bring your network up until your dhcp lease expires.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
|
Installing Gentoo
