You are not logged in.

#1 2017-02-16 12:17:32

Tétrapyle
Member
Registered: 2014-01-03
Posts: 30

wrong UUIDs by grub-mkconfig in dm-crypt with LUKS setup ??

Hello all,

After losing 2 GNU/Arch-Linux USB sticks, I decided to make a new encrypted one.

It works, but something is worrying me: when installing the bootloader, I had to write myself the LUKS UUID's for grub, instead of the (plain ?) UUID's.

I use GPT.
4 partitions.

First partition, fat32, GiB, just in case, so that Windows doesn't try to reformat the stick.
Second partition, 200 MiB EFI (and /boot , not encrypted).
Third partition, 1 MiB, the BIOS boot partition.
Fourth and last partition: everything else, encrypted using dm-crypt with LUKS.

I installed from existing arch-linux with pacstrap.

I'm using udev and the encrypt hook (at the mkinitcpio step).

I installed grub twice and I can successfully boot from this USB key, either in BIOS mode on my old computer, or in UEFI mode on some newer laptop.
It does work!



BUT
I had the following issue I don't understand:

At first, I wasn't asked the passphrase at boot and I was dropped in a recovery shell. It couldn't find the root partition (the encrypted one).

grub...
initramfs...
Timed out waiting for device [...] 0540b45a-f4c2-4b74-a166-c5d87eaa9412 [...]

I had used 'ls -l /dev/disk/by-partuuid/' to find the PARTUUID (since we use GPT...) of the encrypted partition.

# cat /etc/default.grub
cryptdevice=PARTUUID=680f086c-0635-4f87-8f86-dcea07b4acb2:cryptroot
root=/dev/mapper/cryptroot

(I understand it should've been:  GRUB_CMDLINE_LINUX="cryptdevice=PARTUUID=680f086c-0635-4f87-8f86-dcea07b4acb2:cryptroot" ?
And since it's GPT, we're supposed to use PARTUUID's, right ?)

# ls -l /dev/disk/by-partuuid/
[...]
lrwxrwxrwx 1 root root 10 Feb 16 10:41 680f086c-0635-4f87-8f86-dcea07b4acb2 -> ../../sdb4
[...]
# ls -l /dev/disk/by-uuid/
0540b45a-f4c2-4b74-a166-c5d87eaa9412
# cryptsetup luksUUID /dev/sdb4
d8386e81-b4fa-4059-b5fc-9f219d77e0de

After grub-mkconfig and grub-install,
the grub.cfg file use the UUID 0540b45a-f4c2-4b74-a166-c5d87eaa9412 .

What I did was disable the grub script:

# chmod ugo-x /etc/grub.d/10_linux
# cp /boot/grub/grub.cfg /etc/grub.d/11_linux_my-usb-key
# vi /etc/grub.d/11_linux_my-usb-key

And write my own 11_linux_my-usb-key by copying the contents of /boot/grub/grub.cfg, trimming most of it to keep only what was created by the 10_linux script,
and then replacing every occurrence of 0540b45a-f4c2-4b74-a166-c5d87eaa9412 (the UUDI) by d8386e81-b4fa-4059-b5fc-9f219d77e0de (the LUKS UUID).

Then the root device is found at boot and the passphrase asked.

Do you think it's an issue with grub-mkconfig or are we missing something?

Offline

#2 2019-01-05 00:19:46

f1she3
Member
Registered: 2019-01-05
Posts: 6

Re: wrong UUIDs by grub-mkconfig in dm-crypt with LUKS setup ??

I had the same problem, any idea ?

Offline

#3 2019-01-05 01:30:05

HalosGhost
Forum Moderator
From: Twin Cities, MN
Registered: 2012-06-22
Posts: 1,767
Website

Re: wrong UUIDs by grub-mkconfig in dm-crypt with LUKS setup ??

f1she3 wrote:

I had the same problem, any idea ?

This thread is nearly two years old. If you do have a similar problem, you should open a new thread and reference this one.

Please read the Code of Conduct you agreed to when you signed up for your account.

Closing.

All the best,

-HG


"All errors are ᴘᴇʙᴋᴀᴄ errors—It's just a matter of narrowing down which keyboard and chair." -Trilby
\ldots

Offline

Board footer

Powered by FluxBB