View previous topic :: View next topic |
Author |
Message |
kind_gentooman n00b
Joined: 16 Jul 2024 Posts: 7
|
Posted: Thu Jul 18, 2024 2:59 pm Post subject: [SOLVED] dracut cannot decrypt LUKS LVM but boots fine |
|
|
I get this error on boot:
Code: | dracut Warning: Could not boot.
dracut Warning: /dev/mapper/gentoovm-root does not exist |
and then I'm dropped in a dracut shell. I run these commands:
Code: | dracut:/# cryptsetup luksOpen /dev/nvmXXXp2 gentoovm --key-file /boot/volume.key
dracut:/# exit |
Upon exiting, the system detects everything and boots pefectly. So it's not performing the luksOpen.
Code: |
/dev/nvmXXXp1 is /boot/efi/
/dev/nvmXXXp2: 1234
gentoovm: 9999
gentoovm-root 0000
/etc/default/grub:
GRUB_CMDLINE_DEFAULT="root=UUID=0000 rd.luks.uuid=1234 rd.lvm.vg=gentoovm"
/etc/dracut.conf.d/10-crypt.conf:
install_items+=" /boot/volume.key /etc/crypttab "
add_dracutmodules+=" lvm crypt dm "
/etc/crypttab:
gentoovm UUID=1234 /boot/volume.key luks
/etc/portage/package.use:
sys-fs/lvm2 lvm
sys-boot/grub:2 device-mapper
|
Additionally I ran Code: | rc-update add lvm boot |
what am I doing wrong?
Last edited by kind_gentooman on Sun Jul 21, 2024 8:06 am; edited 2 times in total |
|
Back to top |
|
|
wanne32 n00b
Joined: 11 Nov 2023 Posts: 69
|
Posted: Thu Jul 18, 2024 4:59 pm Post subject: |
|
|
I assume same problem as here: https://forums.gentoo.org/viewtopic-t-1169994-highlight-.html
The --install "/boot/volume.key /etc/crypttab" still works. But I assume that it will still have other problems. Since dracut is now (like systemd) ignoring most of the time the crypttab entirely. |
|
Back to top |
|
|
kind_gentooman n00b
Joined: 16 Jul 2024 Posts: 7
|
Posted: Sat Jul 20, 2024 1:58 pm Post subject: |
|
|
thanks a lot, I'm trying UGRD now but it's hard to find info on the format for using a key-file
Code: |
modules = [
"ugrd.kmod.standard_mask",
"ugrd.crypto.cryptsetup",
"ugrd.fs.lvm",
]
kmod_autodetect_lspci = true
kmod_autodetect_lsmod = true
[cryptsetup.gentoovm]
uuid = "..."
key_file = "/boot/volume.key"
[copies.key]
source = "/boot/volume.key"
destination = "/boot/volume.key"
|
This is as far as I got, but it's wrong. I'm not sure where to go from here. |
|
Back to top |
|
|
sMueggli Guru
Joined: 03 Sep 2022 Posts: 495
|
Posted: Sat Jul 20, 2024 3:29 pm Post subject: |
|
|
Is your key-file on an unencrypted device? |
|
Back to top |
|
|
kind_gentooman n00b
Joined: 16 Jul 2024 Posts: 7
|
|
Back to top |
|
|
kind_gentooman n00b
Joined: 16 Jul 2024 Posts: 7
|
|
Back to top |
|
|
sMueggli Guru
Joined: 03 Sep 2022 Posts: 495
|
Posted: Sun Jul 21, 2024 7:58 am Post subject: |
|
|
In the linked guide the ESP is mounted to /boot/efi. And your infos in the first post show that the first partition is mounted to /boot. Assuming that the first partition is the ESP then your initramfs and /boot/volume.key are not encrypted whereas in the linked guide the initramfs and key are encrypted because they reside on the encrypted /. |
|
Back to top |
|
|
kind_gentooman n00b
Joined: 16 Jul 2024 Posts: 7
|
Posted: Sun Jul 21, 2024 8:05 am Post subject: |
|
|
Thanks I made a typo and corrected it.
first partition is /boot/efi/ which is FAT. /boot is on / and is encrypted |
|
Back to top |
|
|
|