Grub2 and Encrypted Root and LVM

airbus001 · 2012-06-05 00:19:06

Hello,

I am trying to move my current un-encrypted archlinux on a non-LVM partition to a LUKS encrypted LVM partition using a key file. The trouble is that my bootloader is GRUB2 controlled by an never used Ubuntu install. So I installed encrypted the whole LVM(all logical volumes are encrypted with one key file), installed archlinux on logical volumes within the LVM partition, and the archlinux install has a seperate primary /boot partition which contains the initrd images and grub1. I ran os-prober from Ubuntu, but for some reason it did not detect the images on the boot partition.

So my question is: Is there any way to make a custom grub2 menu entry to boot my archlinux install referenced above. I have come up with the following GRUB2 custom entry:

menuentry "Encrypted Arch Linux" {
	insmod lvm
	cryptdevice=/dev/sdXY:<vgName> root=/dev/mapper/<vgName>-<lvName_of_root> ro cryptkey=/dev/disk/by-uuid/<UUID_of_USB>:vfat:/secret.key 
	linux (hdX,Y-1)/vmlinuz-linux root=/dev/mapper/<vgName>-<lvName_of_root> ro
	initrd (hdX,Y-1)/initramfs-linux.img
}

Where sdXY is the encrypted LVM partiton, and (hdX,Y-1) is the location of separate /boot partition.
For some odd reason I get the error:
"Error: fd0 disk read error
No such partition.
Need to boot kernel first."

Thanks,
airbus001

Last edited by airbus001 (2012-06-06 23:40:53)

Gcool · 2012-06-05 06:57:07

So if I understand correctly; during boot you're prompted with Ubuntu's GRUB2 bootloader which doesn't contain an entry in order to point to the Arch GRUB bootloader which then loads Arch?

Sounds unnecessarily complicated. Perhaps simply consider sticking to one bootloader, configure any os you want to boot in it and then (re)install it whereever the primary bootloader currently is (mbr,...).

airbus001 · 2012-06-05 19:31:29

Gcool : Yes that is the situation. The only problem with overwriting Ubuntu's GRUB2 bootloader, is that my Ubuntu partition is also installed on a LVM with Encryption, so then I would have to write an entry for Ubuntu. More importantly everything else other than my latest Arch Installation works fine(I have other OSs), and I don't want to overwrite the MBR and install GRUB1 and possibly have my older usable Arch install not bootable.

Gcool · 2012-06-05 21:08:46

You could simply do the same thing but then install GRUB2 in the mbr.

In any case, have a look here for instructions on how to set up a multiboot using GRUB2 (so you can keep the existing setup if that's what you want).

airbus001 · 2012-06-06 01:35:02

Gcool: Yes I want to keep the existing set up for now, as I don't want to change everything for a setup that may not work(ie sleep and hibernate may not work ....)
I have been able to come up with the following and would really appreciate if someone could help me:

menuentry "Encrypted Arch Linux" {
	insmod lvm
	cryptdevice=/dev/sdXY:<vgName> root=/dev/mapper/<vgName>-<lvName_of_root> ro cryptkey=/dev/disk/by-uuid/<UUID_of_USB>:vfat:/secret.key 
	linux (hdX,Y-1)/vmlinuz-linux root=/dev/mapper/<vgName>-<lvName_of_root> ro
	initrd (hdX,Y-1)/initramfs-linux.img
}

Where sdXY is the encrypted LVM partiton, and (hdX,Y-1) is the location of separate /boot partition.
For some odd reason I get the error:
"Error: fd0 disk read error
No such partition.
Need to boot kernel first."

Thanks for the help,
airbus001

Last edited by airbus001 (2012-06-06 23:41:13)

airbus001 · 2012-06-06 23:19:24

Is this problem that easy to solve that no one is responding? Or is that uncommon. I would really appreciate any help as I need to set up my system by July 1, otherwise I am stuck with another OS

/dev/zero · 2012-06-06 23:44:04

airbus001 wrote:

Is this problem that easy to solve that no one is responding? Or is that uncommon.

When someone asks for help, they should show that they've first put a lot of thought and effort into solving it by themselves. When faced with someone who does not put in any effort, I can either suggest they get their act together, or else just ignore them. I was ignoring you.

Bang your head against the wall a bit more, do some googling, experiment, and read some manuals. If you still can't solve it, at least you can then edit your OP and say "I've tried X, Y and Z, and I've read these forum posts where someone using Fedora had the same problem, and I looked through the manuals and tried this other solution, and still I can't get it to work."

After that, not only will everyone be in a much more informed position to be able to help you, but you will also have more people deigning to give you their time.

airbus001 wrote:

I would really appreciate any help as I need to set up my system by July 1, otherwise I am stuck with another OS

If you use some other OS, that is no one's problem but yours. It could well be that you made the wrong choice by switching to Arch in the first place. No harm, no foul.

airbus001 · 2012-06-07 05:35:25

First I have been using Arch+XMonad for 1.5 years, as my only os. So I have not just recently moved over from some other OS.

Second although my post may not show it, I have easily spent 15-25 hours on this problem and have been trying to migrate over to a system encryption + SElinux install of Arch to no avail unfortunately.. I have looked at forums, google'd, read the grub 1.99 manual, visited the grub channel on freenode, wrote a custom.cfg file that sort of chainloads my /boot partition that bricked my bootloader, installed grub2 in my encrypted arch install to get the custom.cfg file to work, wrote a dozen or so 40_custom entries, etc........ I just don't see why in this situation I should index all of my failures; I simply want to write a custom menu entry for grub2 so I can boot into my encrypted arch setup, see if everything works out there and begin doing the other items on my todo list. I have until July 1 when I start my new position and have asked my IT department if I could use Arch, they said fine as long as it is whole disk encryption. Of course if I can not set it up by that time, I will be stuck using something easier to set up like Ubuntu. Although I immensely enjoyed using Arch and XMonad for the past year and half, it would have all been in vein as I will be stuck using Ubuntu as I simply won't have as much free time in the future.

You should also consider that not everyone has the same skill set, what takes you one hour may take me three.
Sad thing is that there are many extremely knowledgeable(apparently including yourself) people on here that could have easily told me the current menu entry was arrant rubbish... would have taken what 1 minute.

Nonetheless, I'm off to find a place where I can get some help....

Last edited by airbus001 (2012-06-07 05:39:12)

/dev/zero · 2012-06-07 06:00:56

airbus001 wrote:

Second although my post may not show it, I have easily spent 15-25 hours on this problem ........ I just don't see why in this situation I should index all of my failures

You index your failures for two reasons: so that people helping know what not to tell you, and to demonstrate that you really have a significant problem that can't be solved by standard problem solving methods such as trial-and-error, stfwing, and rtfming.

But if you couldn't be bothered, then why should anyone else be bothered helping?

airbus001 wrote:

You should also consider that not everyone has the same skill set, what takes you one hour may take me three.

You should consider that the forums attract a large number of people who expect easy answers without thinking first. I'm not here to baby sit. I'm happy to help people who make it clear that they've really tried by themselves before asking for help.

airbus001 wrote:

Sad thing is that there are many extremely knowledgeable(apparently including yourself) people on here that could have easily told me the current menu entry was arrant rubbish... would have taken what 1 minute.

If you receive help without first thinking for yourself, you gain nothing.

Lekensteyn · 2012-06-20 13:42:21

airbus001 wrote:

Gcool: Yes I want to keep the existing set up for now, as I don't want to change everything for a setup that may not work(ie sleep and hibernate may not work ....)
I have been able to come up with the following and would really appreciate if someone could help me:
menuentry "Encrypted Arch Linux" {
	insmod lvm
	cryptdevice=/dev/sdXY:<vgName> root=/dev/mapper/<vgName>-<lvName_of_root> ro cryptkey=/dev/disk/by-uuid/<UUID_of_USB>:vfat:/secret.key 
	linux (hdX,Y-1)/vmlinuz-linux root=/dev/mapper/<vgName>-<lvName_of_root> ro
	initrd (hdX,Y-1)/initramfs-linux.img
}
Where sdXY is the encrypted LVM partiton, and (hdX,Y-1) is the location of separate /boot partition.
For some odd reason I get the error:
"Error: fd0 disk read error
No such partition.
Need to boot kernel first."
Thanks for the help,
airbus001

If I'm not mistaken, the whole line with "cryptdevice=... ..." is a kernel option. Try appending it to the "linux" line.

Arch Linux

#1 2012-06-05 00:19:06

Grub2 and Encrypted Root and LVM

#2 2012-06-05 06:57:07

Re: Grub2 and Encrypted Root and LVM

#3 2012-06-05 19:31:29

Re: Grub2 and Encrypted Root and LVM

#4 2012-06-05 21:08:46

Re: Grub2 and Encrypted Root and LVM

#5 2012-06-06 01:35:02

Re: Grub2 and Encrypted Root and LVM

#6 2012-06-06 23:19:24

Re: Grub2 and Encrypted Root and LVM

#7 2012-06-06 23:44:04

Re: Grub2 and Encrypted Root and LVM

#8 2012-06-07 05:35:25

Re: Grub2 and Encrypted Root and LVM

#9 2012-06-07 06:00:56

Re: Grub2 and Encrypted Root and LVM

#10 2012-06-20 13:42:21

Re: Grub2 and Encrypted Root and LVM

Board footer