You are not logged in.
Hey people,
After using Ubuntu and Debian for over a year, and already having installed Arch once before, I want to make my main PC an Arch Pc. I have been researching different encryption options, and settled on plain dm. I am aware of the security issues of the different options, but the encryption is for have some extra control over my own data, not to protect myself for governments who want to search for their missing nuclear secrets. And thus I have been busy with trying to get Arch working. I have solved many small problems, yet I am stuck now and I don't know how to solve it. therefore, I hope any of you guys can help me. After installing Arch (pacstrap), I can not boot from the encrypted root. So I believe i made some error in my Grub config. It says 'A start job is running for dev-mapper-root.device.'
I use the following command for creating an encrypted root:
cryptsetup --hash=sha512 --cipher=aes-xts-plain64 --offset=0 --key-size-512 --iter-time=10000 --verify-passphrase --verbose open --type=plain /dev/sda1 root
My Grub cmd line reads: "cryptdevice=UUID=xxxx:root crypto=sha512:aes-xts-plain64:512:0: root=/dev/mapper/root"
I updated my grub afterwards.
I added the sd-encrypt hook to my mkinitcpio
I am not sure about having the hash value, since it seems that dm plain does not hash. So I also tried the cmd line without the hash value.
I tried searching the forum, but I couldn't find any post with this question. I searched with 'cryptdevice crypto dm-pain.' I am sorry if it was there.
Thnx in advance!
Offline
It's been a long time since I set mine up.
I did a LUKS setup.
Mine is a zfs setup.
so here is my grub.cfg menuentry:
menuentry 'Arch Linux -cryptroot zfs'{
set root=(hd0,gpt4)
linux /vmlinuz-linux root=/dev/mapper/cryptroot cryptdevice=/dev/disk/by-uuid/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx:cryptroot zfs=rpool/ROOT/rootfs zswap.enabled=1 boot=zfs root=ZFS=rpool/ROOT/rootfs rw acpi_osi="Linux" verbose
initrd /initramfs-linux.img
}and the hooks in
/etc/mkinitcpio.conf
HOOKS="base udev autodetect modconf block keyboard encrypt zfs filesystems fsck shutdown"so the zfs and zswap you probably don't need that
I don't know if
cryptdevice=UUID=xxxx:root crypto=sha512:aes-xts-plain64:512:0: root=/dev/mapper/rootshould work somehow.
For the hooks as far as I know the block was for the unencrypted kernel in /boot, the keyboard is needed for input of the password, and encrypt for encryption.
Did you read https://wiki.archlinux.org/index.php/Pe … ice_naming?
there:
In the above example, /dev/sda1 is the root partition. In the GRUB grub.cfg file, the linux line looks like this:
linux /boot/vmlinuz-linux root=/dev/sda1 rw quiet
Depending on which naming scheme you would prefer, change it to one of the following:
linux /boot/vmlinuz-linux root=/dev/disk/by-label/root_myhost rw quiet
or:
linux /boot/vmlinuz-linux root=UUID=2d781b26-0285-421a-b9d0-d4a0d3b55680 rw quietright so you want to use the second name scheme.
it looks like you still need
linux /boot/vmlinuz-linux cryptdevice=UUID=xxxx:root root=/dev/mapper/root ....as I said, I did not do it this way. It's only my guess.
Or does grub understand dm-crypt? and decrypts the root?
Is it the right UUID?
/dev/disk/by-uuid
/dev/disk/by-partuuid
Offline
Thnx for the reply.
I finally got it to work, but only by changing the hooks in mkinitcpio. I took systemd and sd-encrypt out and supplanted them with the old form hooks. Apparently the newer types hooks don't work yet....
Offline