You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2014-12-22 15:22:54
- CarlD
- Member
- From: London
- Registered: 2013-11-23
- Posts: 128
[SOLVED] Simple partition layout with LUKS
Hello,
I'm currently experimenting with dm-crypt / LUKS, starting with the Simple partition layout with LUKS (i.e. not with LVM). Got it working, but am very curious as to why this is so, particularly as the instructions (at least as far as I understand them) did not result in a bootable installation.
The setup is a simple one:
/dev/sda1: UUID="c2d218a0-ffb4-4b3e-9602-da304bbd1a4e" TYPE="ext2" PARTUUID="405cc5b8-01"
/dev/sda2: UUID="7881daf5-2b98-4714-bf4c-909330fc8149" TYPE="crypto_LUKS" PARTUUID="405cc5b8-02"
/dev/mapper/cryptroot: UUID="4f256978-2e3f-4817-a3c9-c52751639243" TYPE="ext4"Having successfully encrypted the /dev/sda2 as /dev/mapper/cryproot (etc.), I then followed the instructions provided in the above link necessary for the initial ramdisk environment (i.e. mkinitcpio) and the Grub bootloader:
1. Added encrypt hook to /etc/mkinitcpio.conf and generated the initrd:
HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck"2. Amended /etc/default/grub with:
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Arch"
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:cryptroot"The result was an unbootable installation that did not even get to the stage of asking for a password. Was just dropped into the shell. The error message displayed concerned not being able to find the device 4f256978-2e3f-4817-a3c9-c52751639243. As this was the UUID of /dev/mapper/cryptroot, I figured out that it was necessary to amend the menu entries in /boot/grub/grub.cfg with the UUID of /dev/sda2, instead. This booted, albeit with a warning message that this method to deal with an ecrypted root had been depreciated (I did not record the exact warning), and must be written in the format below:
linux /vmlinuz-linux cryptdevice=UUID=7881daf5-2b98-4714-bf4c-909330fc8149:root root=/dev/mapper/root rw quietDid so, and it works fine. What I don't understand is why this works, or why I had to (seemingly) deviate somewhat from the Archwiki instructions. Particularly as I have just started learning this, I am especially perplexed as to why the /boot/grub/grub.cfg menu entry uses /dev/mapper/root rather than /dev/mapper/cryptroot (using the latter results in a failure to boot).
Any insight would be appreciated...
Last edited by CarlD (2014-12-22 19:31:12)
Offline
#2 2014-12-22 18:59:13
- Strike0
- Member
- From: Germany
- Registered: 2011-09-05
- Posts: 1,429
Re: [SOLVED] Simple partition layout with LUKS
This reads as if you edited /etc/default/grub but did not let grub generate the configuration file for boot afterwards. Might that be?
The name you use for your cryptdevice is arbitrary, but of course the root= specified for the kernel must then point to the same dmname. You could use "cryptdevice=/dev/7881daf5-2b98-4714-bf4c-909330fc8149:LUKS root=/dev/mapper/LUKS" or whatever.
Offline
#3 2014-12-22 19:30:44
- CarlD
- Member
- From: London
- Registered: 2013-11-23
- Posts: 128
Re: [SOLVED] Simple partition layout with LUKS
This reads as if you edited /etc/default/grub but did not let grub generate the configuration file for boot afterwards. Might that be?
The name you use for your cryptdevice is arbitrary, but of course the root= specified for the kernel must then point to the same dmname. You could use "cryptdevice=/dev/7881daf5-2b98-4714-bf4c-909330fc8149:LUKS root=/dev/mapper/LUKS" or whatever.
Spot on - thank you! I've amended the "Root Encryption" subsection of the wiki Grub article accordingly...
Last edited by CarlD (2014-12-22 19:30:58)
Offline
Pages: 1