You are not logged in.
- Topics: Active | Unanswered
Pages: 1
Topic closed
#1 2013-12-21 14:58:19
- titaniumbones
- Member
- Registered: 2013-12-20
- Posts: 52
gummiboot and encrypted / partition
Hi,
This is my first experience with Arch, with GPT, with LUKS, and with gummiboot, so I have a lot of sources of ignorance.
I am trying to set up a LUKS-encrypted system with encrypted swap. I have followed the beginner's guide and the dm-crypt with LUKS guide pretty carefully and have no problem creating the encrypted partitions. However, I don't quite understand how to construct the gummiboot entry for booting into the system.
the gummiboot wiki page has some instructions:
An example entry for encrypted root (dm-crypt with LUKS)
$esp/loader/entries/arch-encrypted.conf
title Arch Linux (Encrypted)
linux \\path\\to\\vmlinuz-linux
options initrd=\\path\\to\\initramfs-linux.img cryptdevice=UUID=<UUID>:luks-<UUID> root=UUID=<luks-UUID> rwIn the encrypted example, not that the initrd is in options -- this does not appear to be discretionary at this time. Note that UUID is used for in this example. PARTUUID should be able to replace the UUID, if so desired.
much of this is foreign to me. In particular, how do I identify the various UUID's:
cryptdevice=UUID=<UUID>:luks-<UUID> root=UUID=<luks-UUID>
are those all the same UUID? Or is there a difference between the plain UUID and the luks-UUID? And how do I get either of those pieces of information?
also, I am trying to speed things up a little by using this install script from the web:
https://github.com/altercation/archston … chstone.sh
however, a bunch of stuff there seems like it's out of date (lots of referenes to rc.conf, for instance!).
I'm wondering if there are other inconsistenies as well I should be careful of.
Thanks,
Matt
Offline
#2 2013-12-21 16:00:35
- WonderWoofy
- Member
- From: Los Gatos, CA
- Registered: 2012-05-19
- Posts: 8,414
Re: gummiboot and encrypted / partition
Random scripts from the web are not supported here. A lot of what makes Arch Linux what it is, is the philosophy and learning experience you get with the usage. So when you try to take a shortcut to bypass the very first step of the learning process, you're really just trying to cheat yourself.
Go through the beginners guide and see how things work in terms of installation. Then go read the Luks page and try to understand how that all works. Then you just have to determine at what point in the beginners guide you need to wedge the Luks stuff into those instructions.
Good luck, and welcome to the Arch forums.
Offline
#3 2013-12-21 16:22:59
- titaniumbones
- Member
- Registered: 2013-12-20
- Posts: 52
Re: gummiboot and encrypted / partition
yes, this random script was a bad idea and I've stopped using it. That said, I really don't understand the UUID stuff in my initial question, despite having gone through the beginner's guide & stuff. In fact, the whole gummiboot stanza is odd to me:
An example entry for encrypted root (dm-crypt with LUKS)
$esp/loader/entries/arch-encrypted.conf
title Arch Linux (Encrypted)
linux \\path\\to\\vmlinuz-linux
options initrd=\\path\\to\\initramfs-linux.img cryptdevice=UUID=<UUID>:luks-<UUID> root=UUID=<luks-UUID> rw
what is with the escaped windows-looking backslashes -- shouldn't this read more like:
title Arch Linux (Encrypted)
linux /vmlinuz-linux
options initrd=/initramfs-linux.img cryptdevice=UUID=<UUID>:luks-<UUID> root=UUID=<luks-UUID> rw
... and is there a way to find the relevant UUID's somewhere? Thanks,
Matt
Offline
#4 2013-12-21 16:31:15
- WonderWoofy
- Member
- From: Los Gatos, CA
- Registered: 2012-05-19
- Posts: 8,414
Re: gummiboot and encrypted / partition
The UEFI spec uses backslashes for its paths (like windows) since the ESP is on a FAT filesystem. So since the backslashes have a special meaning in Linux, they have to be escaped... Gummiboot is able to use regular *nix forward slashes in its configs though. Also in the options line, you should be using forward slashes there as well since that is not intended to be passed to the firmware, but rather the kernel itself.
You should check out the gummiboot page on freedesktop.org. It has some nice short and to the point docs on how to configure gummiboot.
As far as UUIDs... blkid? As long as the filesystems are decrypted and mounted, I imagine that info would show up there. Otherwise, lsblk with the right options...
Offline
#5 2016-09-07 18:35:15
- titaniumbones
- Member
- Registered: 2013-12-20
- Posts: 52
Re: gummiboot and encrypted / partition
long-belated thank you for the pointer to blkid, which has been very helpful in the past 3 years.
Offline
#6 2016-09-07 19:02:07
- jasonwryan
- Anarchist
- From: .nz
- Registered: 2009-05-09
- Posts: 30,424
- Website
Re: gummiboot and encrypted / partition
Don't necrobump, especially with an empty post: https://wiki.archlinux.org/index.php/Co … bumping.22
Closing
Offline
#7 2016-09-07 19:13:17
- Trilby
- Inspector Parrot
- Registered: 2011-11-29
- Posts: 29,522
- Website
Re: gummiboot and encrypted / partition
I'm abusing mod abilities just to note that this one is my fault. I advised titanium bones to not abandon old threads, but the result was not quite what I intended. Indeed it is wrong to bump old threads, but this came from a best-intentioned effort from t.b. to abide by our guidelines.
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
Pages: 1
Topic closed