You are not logged in.

#1 2015-06-17 13:58:23

bananabrain
Member
From: England
Registered: 2010-05-07
Posts: 67

[SOLVED] Booting a luks encrypted system directly from UEFI firmware

I've been struggling somewhat with my first UEFI machine (a Toshiba laptop).

The wiki got me to a basic four-partition install okay, and then after a small amount of pain I managed to get a build booted okay from gummiboot and with with root, swap and home luks-encrypted.

What I'm trying to do now is boot directly from the UEFI using an appropriate firmware entry, ie with something like what's described in the EFISTUB Wiki page:

# efibootmgr -d /dev/sdX -p Y -c -L "Arch Linux" -l /vmlinuz-linux -u "root=/dev/sda2 rw initrd=/initramfs-linux.img"

...but I've been unable to achieve this with luks-encrypted partitions. Has anyone here had any success? Is there a "-u" parameter in the above command that will achieve this? I've certainly not found anything online explaining how this can be done, so maybe I'm being unrealistic and expecting too much.

Last edited by bananabrain (2015-06-18 14:45:56)

Offline

#2 2015-06-17 20:01:22

Head_on_a_Stick
Member
From: London
Registered: 2014-02-20
Posts: 5,624
Website

Re: [SOLVED] Booting a luks encrypted system directly from UEFI firmware

Try this (untested -- I don't use encryption):

# efibootmgr -d /dev/sdX -p Y -c -L "Arch Linux" -l /vmlinuz-linux -u "cryptdevice=UUID=<UUID>:<mapped-name> root=UUID=<luks-UUID> rw initrd=/initramfs-linux.img"

Offline

#3 2015-06-17 22:38:34

bananabrain
Member
From: England
Registered: 2010-05-07
Posts: 67

Re: [SOLVED] Booting a luks encrypted system directly from UEFI firmware

Head_on_a_Stick wrote:

Try this (untested -- I don't use encryption):

# efibootmgr -d /dev/sdX -p Y -c -L "Arch Linux" -l /vmlinuz-linux -u "cryptdevice=UUID=<UUID>:<mapped-name> root=UUID=<luks-UUID> rw initrd=/initramfs-linux.img"

You're a star - that works perfectly.
I wondered about lifting that syntax from "$esp/loader/entries/arch-encrypted.conf" in my last instalation but stupidly thought it was gummiboot-specific.


I'm as surprised that I couldn't find your solution on the web as I am that so few people seem interested in using UEFI firmware in this way. It seems like PC hardware has at last "grown up", with a versatile firmware that must have been a long time in collaborative development - something akin to Sun's OpenBoot - but the community's response has been to create another raft of boot loaders to sit on top of it. Maybe I'm missing something.

Thanks very much for your help.

Offline

#4 2015-06-18 06:34:40

Head_on_a_Stick
Member
From: London
Registered: 2014-02-20
Posts: 5,624
Website

Re: [SOLVED] Booting a luks encrypted system directly from UEFI firmware

You're welcome smile

Please add "[SOLVED]" to the thread title for the benefit of others.

Offline

Board footer

Powered by FluxBB