You are not logged in.
Pages: 1
I'm trying to install archlinux using plain dm-crypt encryption (I'm using the wiki guides)
After screwing up numerous times (first time I'm installing arch on a UEFI system) I finally got the system to boot.
I now get the following error once the system boots and I input the password:
Name "/dev/mapper/enc" invalid. It contains "/".
Is it something I can fix or do I have to format and start from the beginning? (this would be the 6th time )
Offline
You don't need to format. It sounds like a misconfiguration of the mkinitcpio 'crypt' hook. I'm guessing you wrote something like
cryptdevice=/dev/sda:/dev/mapper/enc root=/dev/mapper/enc
when it should be
cryptdevice=/dev/sda:enc root=/dev/mapper/enc
The second parameter of 'cryptdevice' is the mapped name of the volume, not the full device path. Try editing your /etc/default/grub (or otherwise modify your kernel parameters). If that doesn't work, please describe what you see prior to that error so we can figure out where it happens within the boot process.
Offline
Indeed I had
cryptdevice=/dev/sda:/dev/mapper/enc
instead of
cryptdevice=/dev/sda:enc
I changed that by editing the grub startup script to the line you indicated.
Depending on whether I also add or not
root=/dev/mapper/enc
two things happen.
1. If not I get:
ERROR: device 'UUID=210f6601 etc etc' not found. Skipping fsck.
ERROR: device 'UUID=210f6601 etc etc' not found. You are being dropped to a recovery shell
2. If I add it I get:
:: performing fsck on '/dev/mapper/enc'
fsck: error 2 (no such file or directory)
ERROR: fsck failed on '/dev/mapper/enc'
:: mounting 'dev/mapper/enc' on real root
mount: you must specify the filesystem type
You are now being dropped into an emergency shell
Offline
Can you post your HOOKS line from /etc/mkinitcpio.conf? Also try to unlock the volume from the recovery shell using cryptsetup, and make sure /dev/mapper/enc appears, then try to mount it. If you can manually mount it from the recovery shell, then probably there is a misconfiguration in your bootloader or mkinitcpio.conf. Don't forget the crypto= parameter when using plain dm-crypt, and cryptkey= if you're using a keyfile. For example:
cryptdevice=/dev/sdX:enc cryptkey=/dev/sdZ:0:512 crypto=sha512:twofish-xts-plain64:512:0:
Offline
I tried unlocking the volume from the recovery shell. After I input the passphrase it says:
Command failed with code 17: Device enc already exists.
Also
cryptsetup status enc
says
/dev/mapper/enc is active
I also noticed the crypto line in the grub script looks like this
crypto=::::
Weren't there supposed to be some options there?
Offline
crypto=::::
means use the default option for every field. These should match the options you used when you created the volume. If you created it with the defaults, then this is fine. You may want to write the options explicitly in case they change in the future, however.
I don't know if cryptsetup does any checking when it unlocks a plain volume (e.g. magic string), but if it doesn't, then it could be unlocking the volume with the wrong options, causing the filesystem to appear corrupt. This would prevent fsck and mount from recognizing the fs type. The "fsck: error 2 (no such file or directory)" error leads me to believe that /dev/mapper/enc doesn't exist at all when fsck is run, however.
Try unlocking the volume from the recovery shell (if its not already opened), then try mounting the filesystem. E.g.
#unlock read-only, you don't want to write to a volume with the wrong crypto options!
cryptsetup -r --plain --open /dev/sda1 enc #see cryptsetup(8) for usage and plain options
mount -r -t ext4 /dev/mapper/enc /mnt #substitute ext4 for your fs type
If you can't mount the fs manually, then it is probably being unlocked with the wrong options, or is really corrupt. If you can, then there is probably a misconfiguration still in the initcpio/kernel parameters.
Another possibility is that your hooks are out of order. encrypt must come before filesystems and fsck, but after block.
See where this gets you, and we'll go from there.
Offline
To clarify you used the plain mode not the luks extension? If that's the case you need to specify the same options (if you changed the cipher or hashing algorithm for example) each time you want to decrypt the disk manually (or you specify them in grub if your whole system is encrypted)
Example manual:
#with default options
cryptsetup create mappingName /dev/sdX
#OR with custom options
cryptsetup -v --cipher=aes-xts-plain64 --key-size=512 --hash=sha512 -i 12345 create mappingName /dev/sdX
#If there already a filesystem on /dev/mapper/mappingName
mount /dev/mapper/mappingName /mnt
umount /mnt
cryptsetup close mappingName
Each time you want to decrypt the disk you specify the 'create' command (confusing: you are not re-creating the encryption) with correct options. If an option is different it wll still ask your passphrase but it will be decrypted incorrectly and you won't be able to mount the disk.
Example in grub with custom options:
linux /vmlinuz-linux root=/dev/mapper/root cryptdevice=/dev/sdX:mappingName crypto=sha512:aes-xts-plain64:512:0:0 ro quiet
The definition of the crypto option (taken from the crypt hook)
crypto=<hash>:<cipher>:<keysize>:<offset>:<skip>
Offline
Well I probably will have to redo the whole system from the start (makes for good practice, no?), so here's the command I used:
cryptsetup --hash=ripemd160 --cipher=aes-xts-essiv:sha256 --verify-passphrase --verbose open --type=plain /dev/sda enc
I think my problem is I can't seem to figure out what my crypto line in the grub script should look like.
Offline
I've given you the formula for the grub line. If you can't open it manually then it was probably corrupted somehow and yes you have to reinstall.
Either way it's easier to setup the LUKS standard because cryptsetup will know from the header of your disk what parameters you used. So the crypto option is not necessary anymore.
Offline
Pages: 1