You are not logged in.
Hi All,
I posted this description under some other posts however they are marked as [SOLVED] and they generally talk about sligtly different issue.
I'm trying to build 64bit virtualbox guest which I can later upload to linode. I was successful building such setup for my home computer I'm writing to you from however that was somehow easier because I was not limited to GRUB (I prefer syslinux as I find it simpler).
So my problem is that I have built my virtualbox guest, followed roughly the tutorial found on arch wiki (dm-crypt + luks) and went all way down to booting into my new system. And it remains on "Booting..." forever.
I was trying to play around with autodetect option in mkinitcpio HOOKS - no luck.
When I try to boot - GRUB does not seem to be loading at all.
So I have double checked if my sdc have boot flag set - it does (again - I used fdisk to do all partitioning work whereas I'm used to use gdisk so maybe I missed something there... The only thing that differs for my sdc - boot disk - is that I have toggled >>boot<< flag).
That's how I mount my filesystem when booted from liveCD:
cryptsetup luksOpen /dev/sda1 root
cryptsetup luksOpen /dev/sdb1 var
mount /dev/mapper/root /mnt
mount /dev/mapper/var /mnt/var
mount /dev/sdc1 /mnt/boot
grub.cfg line where cryptsetup is specified:
linux /vmlinuz-linux root=/dev/mapper/root cryptdevice=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx:root ro quiet
So I'm out of ideas..
I would appreciate any help.. Thanks!
Last edited by Gregosky (2013-07-28 20:55:35)
Offline
Try replacing the UUID which you selected for cryptdevice with the partition ("cryptdevice=/dev/sda2:root" probably).
Have you created crypttab for var?
Offline
Hi Strike0, thanks for hints. I have actually been trying different configurations and came up to conclusion GRUB is not loading at all. It hangs on "Booting..." and does not indicate any error even when logging level was increased. I'm wondering if I need this BIOS partition as currently my boot disk is partitioned with a single 128MB partition (/dev/sdc1). What do you think? Do I need one?
Can It be that somehow GRUB is silently waiting for password in order to decrypt my root partition?
Last edited by Gregosky (2013-07-27 22:52:21)
Offline
No, it won't wait for any password until you selected a kernel to boot in the menu. So it gets stuck before that now and the install did not work. Which wiki method did you follow to install it?
No need for a bios partition if you are using basic mbr/fdisk. Reading your original post again I am actually not clear about your partition layout. Why sda/b/c anyway in the virtual machine? Should be sda1/2/3. Are you trying to mimic something to move that to linode (which i have not experience with) easier?
Offline
I'm also unclear about your partition layout but if grub doesn't load at all then the problem cannot be with your LUKS setup, I don't think, because you haven't got that far. More likely you missed a step installing grub.
Incidentally, how do you plan to decrypt the second LUKS container?
CLI Paste | How To Ask Questions
Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L
Offline
Guys,
I followed some wiki articles (beginners guide, grub, pacman, dm-crypt + luks)
This is the procedure I followed:
0. Create new vm in VM-Box
set RAM value matching plan RAM value
use fixed size VDI hdd
1. Fill hard drives in with random data
shred --verbose --random-source=/dev/urandom -n3 /dev/sda
shred --verbose --random-source=/dev/urandom -n3 /dev/sdb
2. Prepare /boot (128MB)
fdisk /dev/sdc > p >n > w
mkfs.ext3 /dev/sdc1
3. Prepare other partitions
fdisk /dev/sda > p > n > w
fdisk /dev/sdb > p > n > w
4. Encrypt partitions
cryptsetup --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random --verify-passphrase luksFormat /dev/sda1
cryptsetup --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random --verify-passphrase luksFormat /dev/sdb1
5. Open encrypted partitions
cryptsetup open /dev/sda1 root
cryptsetup open /dev/sdb1 var
6. Prepare encrypted partitions
mkfs.ext4 /dev/mapper/root
mkfs.ext4 /dev/mapper/var
7. Mount file system
mount /dev/mapper/root /mnt
mkdir /mnt/var
mount /dev/mapper/var /mnt/var
mkdir /mnt/boot
mount /dev/sdc1 /mnt/boot
8. Create base folder structure
mkdir /mnt/{var}
chmod -R 0640 /mnt
9. Install base system
mkdir -p /mnt/var/lib/pacman
pacman -r /mnt -Sy base grub haveged
10. Basic configuration
genfstab -U /mnt >> /mnt/etc/fstab
arch-chroot /mnt
ln -s /usr/share/zoneinfo/Europe/London /etc/localtime
nano /etc/hostname > enter hostname and save
nano /etc/locale.gen > uncomment your locale
nano /etc/locale.conf > LANG="en_GB.UTF-8"
locale-gen
nano /etc/vconsole.conf > KEYMAP="uk" FONT=Lat2-Terminus16 FONT_MAP=
nano /etc/mkinitcpio.conf > add 'keymap encrypt' into 'HOOKS' array - before filesystem; add 'dm_mod' into 'MODULES' array (you may also add 'ext3' and 'ext4')
10. Prepare package manager
haveged -w 1024
pacman-key --init
pkill haveged
pacman-key --populate archlinux
11. Configure bootloader
grub-install --recheck /dev/sdc
grub-mkconfig -o /boot/grub/grub.cfg
12. edit /boot/grub/grub.cfg
I have built couple of machines before however I was never forced to use GRUB therefore I'm not quite sure what to expect. I was trying to turn on debugging flag in grub.cfg - no additional information appears during boot.
Offline
If you are going to autogenerate grub.cfg (as most people do), then it is better to edit /etc/default/grub before generating it than to try to edit the file afterwards. If you need to add something particular, you can do so in /etc/grub.d - again, before generating grub.cfg.
Is grub not loading at all? That is, it doesn't find anything?
CLI Paste | How To Ask Questions
Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L
Offline
When I try to boot my virtualbox the only message I see is that:
Booting...
It appears exactly that way. No further logs are being shown. I tried to change improving logging level but no additional information was revealed.
I will try to follow your advice - edit the /etc/default/grub and then generate it.
I also have gone through a couple of articles/posts on this forum and noticed some people are using grub-bios rather than grub package. Do you think that might be the root of the problem?
Offline
No. grub-bios and grub-efi used to be separate packages but were merged some time ago. So that's not the problem - there's just grub now.
CLI Paste | How To Ask Questions
Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L
Offline
cfr, I followed your advice and modified /etc/default/grub
(...)
GRUB_CMDLINE_LINUX="cryptdevice=/dev/disk/by_uuid/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
(...)
Regenerate grub.cfg
mv /boot/grub/grub.cfg /boot/grub/grub.cfg.2013JUL28_1
grub-install --recheck /dev/sdc
grub-mkconfig -o /boot/grub/grub.cfg
Doublecheck mkinitcpio HOOKS
HOOKS="(...) keymap encrypt filesystem (...)"
Regenerate mkinitcpio (just in case I missed anything):
mkinitcpio -p linux
No errors noticed while executing any step above.
Unmount filesystem, close encrypted containers and reboot.
Still no improvement:
Booting...
I must be doing something fundamentally wrong... I'm out of ideas :-(
Offline
Any initramfs configuration is irrelevant if you never get to the point where it's unpacked and its /init executed.
Seems like a case similar to: https://bbs.archlinux.org/viewtopic.php?id=167090
semi-related: I've no idea why you would go about creating an image for a domU in this way...
Last edited by falconindy (2013-07-28 17:34:10)
Offline
Hi falconindy,
I try to follow what I'm familiar with. I used to build arch for my home development machine with one difference - syslinux as a boot loader. At home I have multiple HDD's I use to keep things backed up multiple times. So I mimic similar configuration here having in mind two factors - uploading those images on Linode and then backing them up separately rather than 10GB in one go. Of course I'm not arguing this makes much sense and knowing the fact I'm not linux guru like you guys I'm sure there are other ways to do it better (and I would appreciate any hints)
Anyway - great thanks for link, I'll go through and try to apply on my build.
---
Following the article I made sure the system I have built is up to date.
I also doublechecked my /dev/sdc is a boot device by running:
parted /dev/sdc set 1 boot on
I have also added 'debug' option and removed 'quiet' option from kernel boot line in grub.cfg.
Result:
Booting...
I'm going to build completely new vm without encryption and see if it will boot. However I will appreciate if anybody have any thoughts... Thanks!
Last edited by Gregosky (2013-07-28 19:20:25)
Offline
cfr, I followed your advice and modified /etc/default/grub
(...) GRUB_CMDLINE_LINUX="cryptdevice=/dev/disk/by_uuid/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx (...)
If it is not a typo you are missing a quotation mark at the end of the line.
No errors noticed while executing any step above.
This seems unlikely. At least, mkinitcpio -p linux usually throws at least some warnings even though they are usually entirely innocuous and nothing to worry about. Are you sure you didn't miss anything?
CLI Paste | How To Ask Questions
Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L
Offline
cfr, typo you noticed was just myself copying the value to the forum. both quotation marks are present in the config file.
You are right noticing there were warnings when running mkinitcpio, however not errors - hence my statement :-)
I have just built a virtualbox arch without dm-crypt - GRUB starts and displays options available. The only other difference is that /dev/sda1 is a boot partition and /dev/sdb1 is where root filesystem is. Apart from that I just followed procedure I posted above. I'm going to repeat it once again - just this time will prepare exactly the same partitioning scheme.
---
Ok, I think I'm on the path to find the root of the problem.
This partition scheme works:
/dev/sdb1 -> /
/dev/sda1 -> /boot
This partition scheme produces behavior I'm observing:
/dev/sda1 -> /
/dev/sdb1 -> /boot
---
Just quick note - I have changed the order of disk images in virtualbox configuration and bootloader seems to load now.
I have no clue why does it work that way. Unlucky to spend three evenings to find out this sort of strange configuration issue in the end.
---
At this moment I don't have much time to spend in order to understand what is happening here, I'm just going to rebuild my encrypted system to have /dev/sda1 mounted as boot.
Guys, I know I ask for much but maybe you could explain so I understand what the problem is?
Thanks,
Greg
Last edited by Gregosky (2013-07-28 21:12:01)
Offline
Maybe you are hitting some oddity with virtualbox and grub. Whatever you experience has nothing to do with dm-crypt for sure.
All that have replied here seem to be wondering about your partition layout for that VM. Please post lsblk from inside the VM.
Offline
Hi Strike0,
I will as soon as it's uploaded to Linode (which with my internet link will probably happen in next 6 hours). I'm interested in gaining understanding why one disks layout is good for virtualbox and another is not.
Offline
Once it is up there and works, it does not matter really.
Obviously, you had problems whenever you had /boot and grub mbr install on something else (sdc1, sdb1) than the first disk. But I have no pointer why that should be a problem..
Offline
Just for the record - my current lsblk:
sda 8:0 0 128M 0 disk
|_sda1 8:1 0 127M 0 part /boot
sdb 8:16 0 5G 0 disk
|_sdb1 8:17 0 5G 0 part
|_root 254:0 0 5G 0 crypt /
sdc 8:32 0 5G 0 disk
|_sdc1 8:33 0 5G 0 part
|_var 254:1 0 5G 0 crypt /var
This is working configuration. Boot was sitting on sdc1 (and system was not booting) before I decided to rearrange it.
I'm now playing around with pv-grub on Linode - it looks like it requires menu.lst which is generated by grub-legacy which is no more supported.. Looks like another evening or two of fun :-)
Thank you everyone for your helpful hints!
Greg
Offline
grub-legacy is available from AUR, though. (And is updated for the latest filesystem changes etc. i.e. it is happy with all the binaries in /usr/bin.)
CLI Paste | How To Ask Questions
Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L
Offline
I'm living final note closing this topic.
This article describes quite well how to set up encrypted system on Linode. From Arch perspective important thing to note is that there is no need to use grub-legacy. The only thing that needs to be done is menu.lst creation that contain correct information in terms of root mount point.
Once again many thanks to everyone who helped.
Greg
Offline