You are not logged in.
- Topics: Active | Unanswered
#1 2015-06-17 13:58:23
- bananabrain
- Member
- From: England
- Registered: 2010-05-07
- Posts: 78
[SOLVED] Booting a luks encrypted system directly from UEFI firmware
I've been struggling somewhat with my first UEFI machine (a Toshiba laptop).
The wiki got me to a basic four-partition install okay, and then after a small amount of pain I managed to get a build booted okay from gummiboot and with with root, swap and home luks-encrypted.
What I'm trying to do now is boot directly from the UEFI using an appropriate firmware entry, ie with something like what's described in the EFISTUB Wiki page:
# efibootmgr -d /dev/sdX -p Y -c -L "Arch Linux" -l /vmlinuz-linux -u "root=/dev/sda2 rw initrd=/initramfs-linux.img"
...but I've been unable to achieve this with luks-encrypted partitions. Has anyone here had any success? Is there a "-u" parameter in the above command that will achieve this? I've certainly not found anything online explaining how this can be done, so maybe I'm being unrealistic and expecting too much.
Last edited by bananabrain (2015-06-18 14:45:56)
Offline
#2 2015-06-17 20:01:22
- Head_on_a_Stick
- Member
- From: London
- Registered: 2014-02-20
- Posts: 7,732
- Website
Re: [SOLVED] Booting a luks encrypted system directly from UEFI firmware
Try this (untested -- I don't use encryption):
# efibootmgr -d /dev/sdX -p Y -c -L "Arch Linux" -l /vmlinuz-linux -u "cryptdevice=UUID=<UUID>:<mapped-name> root=UUID=<luks-UUID> rw initrd=/initramfs-linux.img"Offline
#3 2015-06-17 22:38:34
- bananabrain
- Member
- From: England
- Registered: 2010-05-07
- Posts: 78
Re: [SOLVED] Booting a luks encrypted system directly from UEFI firmware
Try this (untested -- I don't use encryption):
# efibootmgr -d /dev/sdX -p Y -c -L "Arch Linux" -l /vmlinuz-linux -u "cryptdevice=UUID=<UUID>:<mapped-name> root=UUID=<luks-UUID> rw initrd=/initramfs-linux.img"
You're a star - that works perfectly.
I wondered about lifting that syntax from "$esp/loader/entries/arch-encrypted.conf" in my last instalation but stupidly thought it was gummiboot-specific.
I'm as surprised that I couldn't find your solution on the web as I am that so few people seem interested in using UEFI firmware in this way. It seems like PC hardware has at last "grown up", with a versatile firmware that must have been a long time in collaborative development - something akin to Sun's OpenBoot - but the community's response has been to create another raft of boot loaders to sit on top of it. Maybe I'm missing something.
Thanks very much for your help.
Offline
#4 2015-06-18 06:34:40
- Head_on_a_Stick
- Member
- From: London
- Registered: 2014-02-20
- Posts: 7,732
- Website
Re: [SOLVED] Booting a luks encrypted system directly from UEFI firmware
You're welcome 
Please add "[SOLVED]" to the thread title for the benefit of others.
Offline