[SOLVED] Initramfs with systemd and encryption support

gegenschall · 2014-01-15 13:54:00

Hey all,

out of pure curiosity I started experimenting with my initrd setup, trying to get it working with the systemd and sd-encrypt hook. I think I'm nearly there, but somehow missing something. The closest to a running system I can get is seeing a password prompt for my cryptsetup partition but after that nothing happens. I attached a "screenshot" [0] which might give you the idea.

Basically I added a new preset under /etc/mkinitcpio.d/ which specifies a new mkinitcpio.systemd.conf and generates /boot/initramfs-linux.systemd.img, so I don't destroy my working (legacy) setup.

/etc/mkinitcpio.systemd.conf:

MODULES="i915 hdaps"
BINARIES=""
FILES=""
HOOKS="systemd sd-encrypt keyboard autodetect modconf block sd-vconsole filesystems fsck"

I use gummiboot to boot so I added a new conf under /boot/loader/entries with the following content:
/boot/loader/entries/arch-systemd.conf

title	Arch Linux
linux	/vmlinuz-linux
initrd	/initramfs-linux.systemd.img
options rw luks.uuid=fc39d... luks.options=allow-discards

Apart from that:

max@failenovo:~/ $ lsblk -f                                                                                                                                                                                             [14:37:31]
NAME     FSTYPE      LABEL UUID                                 MOUNTPOINT
sda                                                             
└─sda1   crypto_LUKS       bbcd2...
  └─data ext4        DATA  51d65... /data
sdb                                                             
├─sdb1   vfat              1573-8C74                            /boot
├─sdb3   crypto_LUKS       fc39d... 
│ └─root ext4        ROOT  27fed... /
└─sdb4   crypto_LUKS       01f3d...
  └─home ext4        HOME  a9395... /home

What I also tried:

Use /etc/crypttab.initramfs instead of luks.* kernel options. This doesn't work at all, does not give me a password prompt. Neither with the LUKS UUID or the device UUID
Switch between LUKS UUID (27fed...) and device UUID (fc39d...). Only device UUID gives me a password prompt.
Wait for several minutes for some timeout to occur after I entered the password (see screenshot).

Any ideas on how to proceed here?

Cheers,
Max

----
[0] http://i.imgur.com/AfcE4hF.jpg

Last edited by gegenschall (2014-01-15 15:12:37)

gegenschall · 2014-01-15 15:12:23

Okay, sometimes you solve your own problems just minutes after you ask for help because you cleanly write it all down. That's embarrassing...

Solution: Use root=UUID=27fed... I assumed systemd would do more magic here. m)

The whole kernel command line now is:

rw rd.luks.uuid=fc39d... root=UUID=27fed...

Notice the rd.luks.uuid, which lets systemd forget about the kernel command line outside of the initramfs, so the normal crypttab and fstab are used.

Marking this as solved.

Last edited by gegenschall (2014-01-15 15:22:06)

Arch Linux

#1 2014-01-15 13:54:00

[SOLVED] Initramfs with systemd and encryption support

#2 2014-01-15 15:12:23

Re: [SOLVED] Initramfs with systemd and encryption support

Board footer