View previous topic :: View next topic |
Author |
Message |
Fulgurance Veteran
Joined: 15 Feb 2017 Posts: 1233
|
Posted: Tue Jan 02, 2024 2:57 pm Post subject: Dracut+Openrc+LVM on LUKS - Wrong password |
|
|
Hi everyone, today I was testing for my project if the disk encryption with LVM work properly, and I tried to make an initramfs with Dracut.
So it's a system generated by the package manager I am making.
It's a system based on Openrc init system.
So my system is configured like that in a VM under VirtualBox:
/dev/sda1 (/boot/efi) FAT32
/dev/sda2 (/boot) BTRFS
/dev/sda3 (/) LVM on LUKS with 2 volumes, Swap and Root
The password is very simple, just 3 letters. And I checked, at boot the keyboard work properly, so the issue is not from the keyboard.
I generated the initramfs with dracut with the linux kernel 6.5.1, and I added the elogind support for the initramfs.
When I restart the VM to boot the new system, the prompt ask for the password, but even the password is right, it say it's wrong
Then, it show 2 errors:
Code: | libgcc_s.so.1 must be installed for pthread_exit to work
Wrong password |
Linux kernel version: 6.5.1
Dracut version: 059
Openrc version: 0.52.1
I did a screenshot as well if you want to see: https://www.zupimages.net/viewer.php?id=24/01/f8r1.png
I generated the initramfs like that:
Code: | dracut --force --kver=6.5.1 |
In the dracut.conf, I added the required line for elogind (adapted to my system):
Code: | install_items="/lib/elogind/elogind-uaccess-command" |
And grub generated the grub.cfg with the disk encryption enabled.
Let me know if you need information. _________________ My actual project: https://github.com/Fulgurance/ISM
Ingenius Software Manager is a tool to build and manage a Linux system from scratch.
It will able to manage a linux installation just with a given path to the futur root path |
|
Back to top |
|
|
sMueggli Guru
Joined: 03 Sep 2022 Posts: 501
|
Posted: Tue Jan 02, 2024 3:31 pm Post subject: Re: Dracut+Openrc+LVM on LUKS - Wrong password |
|
|
Fulgurance wrote: | And grub generated the grub.cfg with the disk encryption enabled. |
What do you mean? That you added GRUB_ENABLE_CRYPTODISK=y to /etc/default/grub?
Can you please post the /boot/grub/grub.cfg? |
|
Back to top |
|
|
Fulgurance Veteran
Joined: 15 Feb 2017 Posts: 1233
|
Posted: Tue Jan 02, 2024 4:38 pm Post subject: |
|
|
Yes it's what I mean.
So this is the /etc/default/grub:
Code: | GRUB_DISTRIBUTOR="ISM"
GRUB_ENABLE_CRYPTODISK=y
#GRUB_CMDLINE_LINUX_DEFAULT="dolvm dobtrfs crypt_root=/dev/sda3 root=/dev/mapper/System-Root root_trim=yes selinux=0 enforcing=0 quiet"
GRUB_CMDLINE_LINUX_DEFAULT="dolvm dobtrfs rd.driver.pre=btrfs rd.luks.uuid=luks-75c173db-3fb5-4e8f-a445-c3b109bae1cf rd.lvm.lv=System/Root root=/dev/mapper/System-Root root_trim=yes selinux=0 enforcing=0 quiet"
#GRUB_GFXMODE=1920x1080x32
GRUB_GFXPAYLOAD_LINUX=keep
#GRUB_FONT=/boot/grub/fonts/terminus32b.pf2
#GRUB_BACKGROUND="/boot/grub/ism.png"
GRUB_DISABLE_LINUX_PARTUUID=false |
/boot/grub/grub.cfg:
Code: | #
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#
### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
load_env
fi
if [ "${next_entry}" ] ; then
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
else
set default="0"
fi
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
else
menuentry_id_option=""
fi
export menuentry_id_option
if [ "${prev_saved_entry}" ]; then
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
fi
}
function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}
if [ x$feature_default_font_path = xy ] ; then
font=unicode
else
insmod lvm
insmod btrfs
set root='lvmid/TuCj9I-Myo5-HxrN-bxca-KIZi-xOjo-WxPf5W/fQI20o-iEYf-MwyU-wXd4-GI9d-6wL0-SToxCz'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint='lvmid/TuCj9I-Myo5-HxrN-bxca-KIZi-xOjo-WxPf5W/fQI20o-iEYf-MwyU-wXd4-GI9d-6wL0-SToxCz' fdcea882-d2dd-4088-980b-b2767e4edc33
else
search --no-floppy --fs-uuid --set=root fdcea882-d2dd-4088-980b-b2767e4edc33
fi
font="/usr/share/grub/unicode.pf2"
fi
if loadfont $font ; then
set gfxmode=auto
load_video
insmod gfxterm
set locale_dir=$prefix/locale
set lang=C
insmod gettext
fi
terminal_output gfxterm
if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
set timeout=5
fi
### END /etc/grub.d/00_header ###
### BEGIN /etc/grub.d/10_linux ###
menuentry 'ISM GNU/Linux' --class ism --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-fdcea882-d2dd-4088-980b-b2767e4edc33' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_gpt
insmod btrfs
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 cd787f59-6dfe-46bc-a830-19e58acaa987
else
search --no-floppy --fs-uuid --set=root cd787f59-6dfe-46bc-a830-19e58acaa987
fi
echo 'Loading Linux 6.5.1 ...'
linux /vmlinuz-6.5.1 root=/dev/mapper/System-Root ro dolvm dobtrfs rd.driver.pre=btrfs rd.luks.uuid=luks-75c173db-3fb5-4e8f-a445-c3b109bae1cf rd.lvm.lv=System/Root root=/dev/mapper/System-Root root_trim=yes selinux=0 enforcing=0 quiet
echo 'Loading initial ramdisk ...'
initrd /initramfs-6.5.1.img
}
submenu 'Advanced options for ISM GNU/Linux' $menuentry_id_option 'gnulinux-advanced-fdcea882-d2dd-4088-980b-b2767e4edc33' {
menuentry 'ISM GNU/Linux, with Linux 6.5.1' --class ism --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-6.5.1-advanced-fdcea882-d2dd-4088-980b-b2767e4edc33' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_gpt
insmod btrfs
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 cd787f59-6dfe-46bc-a830-19e58acaa987
else
search --no-floppy --fs-uuid --set=root cd787f59-6dfe-46bc-a830-19e58acaa987
fi
echo 'Loading Linux 6.5.1 ...'
linux /vmlinuz-6.5.1 root=/dev/mapper/System-Root ro dolvm dobtrfs rd.driver.pre=btrfs rd.luks.uuid=luks-75c173db-3fb5-4e8f-a445-c3b109bae1cf rd.lvm.lv=System/Root root=/dev/mapper/System-Root root_trim=yes selinux=0 enforcing=0 quiet
echo 'Loading initial ramdisk ...'
initrd /initramfs-6.5.1.img
}
menuentry 'ISM GNU/Linux, with Linux 6.5.1 (recovery mode)' --class ism --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-6.5.1-recovery-fdcea882-d2dd-4088-980b-b2767e4edc33' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_gpt
insmod btrfs
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 cd787f59-6dfe-46bc-a830-19e58acaa987
else
search --no-floppy --fs-uuid --set=root cd787f59-6dfe-46bc-a830-19e58acaa987
fi
echo 'Loading Linux 6.5.1 ...'
linux /vmlinuz-6.5.1 root=/dev/mapper/System-Root ro single
echo 'Loading initial ramdisk ...'
initrd /initramfs-6.5.1.img
}
}
### END /etc/grub.d/10_linux ###
### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###
### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###
### BEGIN /etc/grub.d/30_uefi-firmware ###
### END /etc/grub.d/30_uefi-firmware ###
### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###
### BEGIN /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; then
source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
source $prefix/custom.cfg
fi
### END /etc/grub.d/41_custom ### |
And the output when I generated the initramfs: https://textup.fr/753720dp _________________ My actual project: https://github.com/Fulgurance/ISM
Ingenius Software Manager is a tool to build and manage a Linux system from scratch.
It will able to manage a linux installation just with a given path to the futur root path |
|
Back to top |
|
|
Fulgurance Veteran
Joined: 15 Feb 2017 Posts: 1233
|
Posted: Tue Jan 02, 2024 4:53 pm Post subject: |
|
|
I find how to do.
I had to add one more file apart of the one for elogind to the dracut.conf:
Code: | install_items=" /lib/elogind/elogind-uaccess-command /usr/lib/libgcc_s.so.1 " |
Is it normal dracut didn't include it ? _________________ My actual project: https://github.com/Fulgurance/ISM
Ingenius Software Manager is a tool to build and manage a Linux system from scratch.
It will able to manage a linux installation just with a given path to the futur root path |
|
Back to top |
|
|
sMueggli Guru
Joined: 03 Sep 2022 Posts: 501
|
Posted: Tue Jan 02, 2024 5:35 pm Post subject: |
|
|
The option "GRUB_ENABLE_CRYPTODISK=y" is not needed, because your /boot is not encrypted. And in your /boot/grub/grub.cfg are no traces that the Grub module "cryptodisk" is loaded. |
|
Back to top |
|
|
Fulgurance Veteran
Joined: 15 Feb 2017 Posts: 1233
|
Posted: Tue Jan 02, 2024 6:07 pm Post subject: |
|
|
This option is definitely needed. It's not my first installation of an encrypted system.
And it's loaded.
As I said in my previous message, I solved the problem. The initramfs just missed one file: /usr/lib/libgcc_s.so.1
I find the solution. But thank you very much _________________ My actual project: https://github.com/Fulgurance/ISM
Ingenius Software Manager is a tool to build and manage a Linux system from scratch.
It will able to manage a linux installation just with a given path to the futur root path |
|
Back to top |
|
|
|