You are not logged in.

#1 2016-09-21 16:50:15

Daklon
Member
Registered: 2014-02-02
Posts: 6

can´t boot LVM on LUKS with remote header

Hi, i am using debian some years with a luks encrypted disk, some days ago i decide to move to arch and create a more secure installation, so i followed the Installation guide, LVM on LUKS,Encrypted system using a remote LUKS header.


In addtion, the /boot partition is in the same flash memory as the LUKS header, all hdd is a LUKS container, inside is a LVM volume called store, inside it there is the swap and the root filesystem.

When i boot from the flash memory the grub loads, i select the arch entry and it gets about 2 min whit a message that says "(1 of 3) a start job is running for:
dev-mapper-store\x2root.device
dev-mapper-luks\x2d-dev-sdb:store.device
dev-disk-by\x2duuid\x5cx2fdev\x5cx2fsdb:sotre.device

then some error messages and i enter in an emergency shell.

I add some files that i think could be usefull to solve the problem.

Probably there are some mistakes in these files cause i try some things that i read from the wiki, but all of they end with the same result that i described above, will appreciate any help

I readed in other threads that post the uuid is a bad idea so i remove it, if i am wrong please tell me.

/etc/fstab
#
# /etc/fstab: static file system information
#
# <file system> <dir>   <type>  <options>                <dump>   <pass>
# /dev/mapper/store-root
UUID=first UUID                                                     /               ext4                        rw,realtime,data=ordered         0  1

# /dev/sdb1
UUID= second UUID                                               /boot         ext2                        rw,realtime,block_validity,barrier,user_xattr,acl            0  2

# /dev/mapper/store-swap
UUID= third UUID                                                    none        swap                       defaults           0  0

/etc/crypttab.initramfs
store-root UUID=first UUID none header=/boot/header.img,luks

/etc/mkinitcpio.conf
# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run.  Advanced users may wish to specify all system modules
# in this array.  For instance:
#     MODULES="piix ide_disk reiserfs"
MODULES=""

# BINARIES
# This setting includes any additional binaries a given user may
# wish into the CPIO image.  This is run last, so it may be used to
# override the actual binaries included by a given hook
# BINARIES are dependency parsed, so you may safely ignore libraries
BINARIES=""

# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in any way.  This is useful for config files.
FILES="/boot/header.img"

# HOOKS
# This is the most important setting in this file.  The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added.  Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
##   This setup specifies all modules in the MODULES setting above.
##   No raid, lvm2, or encrypted root is needed.
#    HOOKS="base"
#
##   This setup will autodetect all modules for your system and should
##   work as a sane default
#    HOOKS="base udev autodetect block filesystems"
#
##   This setup will generate a 'full' image which supports most systems.
##   No autodetection is done.
#    HOOKS="base udev block filesystems"
#
##   This setup assembles a pata mdadm array with an encrypted root FS.
##   Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
#    HOOKS="base udev block mdadm encrypt filesystems"
#
##   This setup loads an lvm2 volume group on a usb device.
#    HOOKS="base udev block lvm2 filesystems"
#
##   NOTE: If you have /usr on a separate partition, you MUST include the
#    usr, fsck and shutdown hooks.
HOOKS="base udev modconf systemd block sd-vconsole sd-encrypt sd-lvm2 filesystems fsck sd-shutdown"

# COMPRESSION
# Use this to compress the initramfs image. By default, gzip compression
# is used. Use 'cat' to create an uncompressed image.
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
#COMPRESSION="xz"
#COMPRESSION="lzop"
#COMPRESSION="lz4"

# COMPRESSION_OPTIONS
# Additional options for the compressor
#COMPRESSION_OPTIONS=""

/etc/default/grub
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Arch"
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
GRUB_CMDLINE_LINUX="luks.uuid=/dev/sdb:store root=/dev/mapper/store-root"

# Preload both GPT and MBR modules so that they are not missed
GRUB_PRELOAD_MODULES="part_gpt part_msdos lvm"

# Uncomment to enable Hidden Menu, and optionally hide the timeout count
#GRUB_HIDDEN_TIMEOUT=5
#GRUB_HIDDEN_TIMEOUT_QUIET=true

# Uncomment to use basic console
GRUB_TERMINAL_INPUT=console

# Uncomment to disable graphical terminal
#GRUB_TERMINAL_OUTPUT=console

# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
GRUB_GFXMODE=auto

# Uncomment to allow the kernel use the same resolution used by grub
GRUB_GFXPAYLOAD_LINUX=keep

# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
#GRUB_DISABLE_LINUX_UUID=true

# Uncomment to disable generation of recovery mode menu entries
GRUB_DISABLE_RECOVERY=true

# Uncomment and set to the desired menu colors.  Used by normal and wallpaper
# modes only.  Entries specified as foreground/background.
#GRUB_COLOR_NORMAL="light-blue/black"
#GRUB_COLOR_HIGHLIGHT="light-cyan/blue"

# Uncomment one of them for the gfx desired, a image background or a gfxtheme
#GRUB_BACKGROUND="/path/to/wallpaper"
#GRUB_THEME="/path/to/gfxtheme"

# Uncomment to get a beep at GRUB start
#GRUB_INIT_TUNE="480 440 1"

#GRUB_SAVEDEFAULT="true"
GRUB_DISABLE_SUBMENU="true"

Offline

#2 2016-09-21 20:38:19

Daklon
Member
Registered: 2014-02-02
Posts: 6

Re: can´t boot LVM on LUKS with remote header

Well i still trying to solve it, i do some changes, first i comment the entry in /etc/crypttab.initramfs, then i do a cryptsetup luksuuid to get the LUKS UUID i was using the /dev/mapper/store-root uuid, then edit the /etc/default/grub and add this to the GRUB_CMD_LINE to pass it as kernel arguments

Luks.uuid=UUID of the encrypted container luks.options=header=/boot/header.img root=/dev/mapper/store-root

i run grub-mkconfig -o /boot/grub/grub.cfg and restart

this time only one disk is missing instead of 3.

the device is dev-mapper-store\x2droot.device (the root filesystem)

in addition the system never answer me to the passphrase, maybe could be any error reading the header? maybe in the mkinitcipio.conf?

Offline

Board footer

Powered by FluxBB