You are not logged in.

#1 2010-10-19 18:51:54

spoovy
Member
From: Vatican XII
Registered: 2010-03-23
Posts: 32

Booting Arch from LUKS-encrypted USB stick - Problem

After several attempts I can't successfully install/boot Arch onto a LUKS-encrypted usb stick.

I've followed the wiki article - http://wiki.archlinux.org/index.php/LUK … Bootloader and finally got Arch installed onto the stick, but I can't get it to boot.

I have gone for a pretty complex setup as I want it as secure as possible.  Setup is like so :

/dev/mapper/home7 /home jfs defaults,noatime 0 1
/dev/mapper/ntfs11 /ntfs vfat defaults,noauto 0 0
/dev/mapper/root8 / jfs defaults,noatime 0 1
/dev/mapper/swap10 swap swap defaults 0 0
/dev/mapper/tmp5 /tmp jfs defaults,noexec,nosuid 0 1
/dev/mapper/usr9 /usr jfs defaults,ro 0 1
/dev/mapper/var6 /var reiserfs defaults,noexec,nosuid 0 1
/dev/sdb1 /boot ext2 defaults 0 1


My mkinitcpio.conf has the correct hooks according the the wiki -

#    This setup loads an lvm2 volume group on a usb device.
#    HOOKS="base udev usb lvm2 filesystems"
HOOKS="base udev autodetect pata scsi sata usbinput keymap encrypt filesystems"

menu.lst looks like this -

# (0) Arch Linux
title  Arch Linux
root   (hd1,0)
kernel /vmlinuz26 cryptdevice=/dev/sdb8:root root=/dev/mapper/root8 ro
initrd /kernel26.img

# (1) Arch Linux
title  Arch Linux Fallback
root   (hd1,0)
kernel /vmlinuz26 cryptdevice=/dev/sdb8:root root=/dev/mapper/root8 ro
initrd /kernel26-fallback.img


When I try to boot from grub (installed on sdb) I get error 15:  no file found

I'm out of ideas.  Anyone else got one?

Thanks in advance

Spoov

Last edited by spoovy (2010-10-19 20:18:10)

Offline

#2 2010-10-19 19:33:26

vacant
Member
From: downstairs
Registered: 2004-11-05
Posts: 816

Re: Booting Arch from LUKS-encrypted USB stick - Problem

I've been happily using LVM on top of an encrypted partition for ages. Very easy to setup and manage (changing partition sizes etc)

You set up a small partition as /boot and a second partition as the rest. You encrypt the second partition then set up LVM on top.

So I enter one long password on boot to unlock all the LVM partitions.

Offline

#3 2010-10-19 21:13:42

spoovy
Member
From: Vatican XII
Registered: 2010-03-23
Posts: 32

Re: Booting Arch from LUKS-encrypted USB stick - Problem

I'm not familiar with LVM so I thought i'd keep it simple and leave LVM out of it.  Maybe not so simple after all though, as i've been trying to do it all day!

Offline

#4 2010-10-20 10:06:54

Xyem
Member
Registered: 2010-08-14
Posts: 20

Re: Booting Arch from LUKS-encrypted USB stick - Problem

Perhaps the BIOS is re-ordering the drives so the one you boot to is "first", thus being sda instead of sdb?

Try changing your cryptdevice line to:
cryptdevice=/dev/sda8:root

Offline

#5 2010-10-20 10:22:06

vacant
Member
From: downstairs
Registered: 2004-11-05
Posts: 816

Re: Booting Arch from LUKS-encrypted USB stick - Problem

Have you tried modifying the kernel and initrd lines during boot? i.e. using tab completion to find out what disk/partition/directories grub thinks it is looking at?

e.g.

kernel (hd<TAB>
kernel (hd1,<TAB>

etc

Offline

#6 2010-10-20 17:37:36

spoovy
Member
From: Vatican XII
Registered: 2010-03-23
Posts: 32

Re: Booting Arch from LUKS-encrypted USB stick - Problem

vacant - Good idea.  Using tab complete at line 1 and changing line one to

root= (hd0,0)

Does at least boot to initramfs, but I can't get past there.  The jist of the error message is that /dev/sda8:root doesn't exist, and that dev/mapper/root8 is not an encrypted volume.  It then dumps me into initramfs for recovery, but I can't do anything from there.

Using tabcomplete on the other grub lines gets me nowhere, no options are presented at any stage.

Xyem - I tried that, it actually doesn't make any difference, the same errors pop up either way, just referring to sda or sdb depending on the grub line entry.  Wierd!

Last edited by spoovy (2010-10-20 18:06:38)

Offline

#7 2010-10-20 19:40:22

vacant
Member
From: downstairs
Registered: 2004-11-05
Posts: 816

Re: Booting Arch from LUKS-encrypted USB stick - Problem

What happens if you keep the "root" line the same and just alter /dev/sda8 back to /dev/sdb8?

Check the partitions in /boot/grub/device.map

Offline

#8 2010-10-20 21:50:50

spoovy
Member
From: Vatican XII
Registered: 2010-03-23
Posts: 32

Re: Booting Arch from LUKS-encrypted USB stick - Problem

What happens if you keep the "root" line the same and just alter /dev/sda8 back to /dev/sdb8?

Then i'd be back where I started! smile

If you mean have the root line as hd0,0 and sdb, it makes no difference.  No combination seems to make any difference.

The error messages in a bit more detail, are -

/dev/sda(or b)8 is not a luks volume

and

the cryptsetup= variable is not set.


I'm sure the partitions are encrypted I have checked.

Offline

#9 2010-10-21 07:53:44

Xyem
Member
Registered: 2010-08-14
Posts: 20

Re: Booting Arch from LUKS-encrypted USB stick - Problem

First, you have to change your cryptdevice to:

cryptdevice=/dev/sda8:root8

or

cryptdevice=/dev/sdb8:root8

this is so the "decrypted" partition is accessible from '/dev/mapper/root8' (as it is in your fstab) instead of '/dev/mapper/root'

If it has the wrong device to try to decrypt from.. try to open them [abcdef... however many disks you've got] while you are in the ramfs, until you find the right one to decrypt. For example:

cryptsetup luksOpen /dev/sda8 root8

And then modify the cryptdevice parameter when you find the correct device (which may be /dev/sdc8).

Last edited by Xyem (2010-10-21 12:03:50)

Offline

Board footer

Powered by FluxBB