You are not logged in.
After several attempts I can't successfully install/boot Arch onto a LUKS-encrypted usb stick.
I've followed the wiki article - http://wiki.archlinux.org/index.php/LUK … Bootloader and finally got Arch installed onto the stick, but I can't get it to boot.
I have gone for a pretty complex setup as I want it as secure as possible. Setup is like so :
/dev/mapper/home7 /home jfs defaults,noatime 0 1
/dev/mapper/ntfs11 /ntfs vfat defaults,noauto 0 0
/dev/mapper/root8 / jfs defaults,noatime 0 1
/dev/mapper/swap10 swap swap defaults 0 0
/dev/mapper/tmp5 /tmp jfs defaults,noexec,nosuid 0 1
/dev/mapper/usr9 /usr jfs defaults,ro 0 1
/dev/mapper/var6 /var reiserfs defaults,noexec,nosuid 0 1
/dev/sdb1 /boot ext2 defaults 0 1
My mkinitcpio.conf has the correct hooks according the the wiki -
# This setup loads an lvm2 volume group on a usb device.
# HOOKS="base udev usb lvm2 filesystems"
HOOKS="base udev autodetect pata scsi sata usbinput keymap encrypt filesystems"
menu.lst looks like this -
# (0) Arch Linux
title Arch Linux
root (hd1,0)
kernel /vmlinuz26 cryptdevice=/dev/sdb8:root root=/dev/mapper/root8 ro
initrd /kernel26.img
# (1) Arch Linux
title Arch Linux Fallback
root (hd1,0)
kernel /vmlinuz26 cryptdevice=/dev/sdb8:root root=/dev/mapper/root8 ro
initrd /kernel26-fallback.img
When I try to boot from grub (installed on sdb) I get error 15: no file found
I'm out of ideas. Anyone else got one?
Thanks in advance
Spoov
Last edited by spoovy (2010-10-19 20:18:10)
Offline
I've been happily using LVM on top of an encrypted partition for ages. Very easy to setup and manage (changing partition sizes etc)
You set up a small partition as /boot and a second partition as the rest. You encrypt the second partition then set up LVM on top.
So I enter one long password on boot to unlock all the LVM partitions.
Offline
I'm not familiar with LVM so I thought i'd keep it simple and leave LVM out of it. Maybe not so simple after all though, as i've been trying to do it all day!
Offline
Perhaps the BIOS is re-ordering the drives so the one you boot to is "first", thus being sda instead of sdb?
Try changing your cryptdevice line to:
cryptdevice=/dev/sda8:root
Offline
Have you tried modifying the kernel and initrd lines during boot? i.e. using tab completion to find out what disk/partition/directories grub thinks it is looking at?
e.g.
kernel (hd<TAB>
kernel (hd1,<TAB>
etc
Offline
vacant - Good idea. Using tab complete at line 1 and changing line one to
root= (hd0,0)
Does at least boot to initramfs, but I can't get past there. The jist of the error message is that /dev/sda8:root doesn't exist, and that dev/mapper/root8 is not an encrypted volume. It then dumps me into initramfs for recovery, but I can't do anything from there.
Using tabcomplete on the other grub lines gets me nowhere, no options are presented at any stage.
Xyem - I tried that, it actually doesn't make any difference, the same errors pop up either way, just referring to sda or sdb depending on the grub line entry. Wierd!
Last edited by spoovy (2010-10-20 18:06:38)
Offline
What happens if you keep the "root" line the same and just alter /dev/sda8 back to /dev/sdb8?
Check the partitions in /boot/grub/device.map
Offline
What happens if you keep the "root" line the same and just alter /dev/sda8 back to /dev/sdb8?
Then i'd be back where I started!
If you mean have the root line as hd0,0 and sdb, it makes no difference. No combination seems to make any difference.
The error messages in a bit more detail, are -
/dev/sda(or b)8 is not a luks volume
and
the cryptsetup= variable is not set.
I'm sure the partitions are encrypted I have checked.
Offline
First, you have to change your cryptdevice to:
cryptdevice=/dev/sda8:root8
or
cryptdevice=/dev/sdb8:root8
this is so the "decrypted" partition is accessible from '/dev/mapper/root8' (as it is in your fstab) instead of '/dev/mapper/root'
If it has the wrong device to try to decrypt from.. try to open them [abcdef... however many disks you've got] while you are in the ramfs, until you find the right one to decrypt. For example:
cryptsetup luksOpen /dev/sda8 root8
And then modify the cryptdevice parameter when you find the correct device (which may be /dev/sdc8).
Last edited by Xyem (2010-10-21 12:03:50)
Offline