You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2017-05-29 09:59:35
- Vulcanior
- Member
- Registered: 2017-05-29
- Posts: 1
Arch install on encrypted disk
Hello,
I'm trying to install Arch on a LVM partition, encrypted with luks. I want to make on an EFI boot, with windows on /dev/sda1.
Actually, i have 2 partitions on the disk /dev/sdb :
/dev/sdb1 /boot/efi
/dev/sdb2 / (encrypted)
/dev/mapper/vg0-root /
/dev/mapper/vg0-home /home
/dev/mapper/vg0-swapFor mkinitcpio.conf, i have :
# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run. Advanced users may wish to specify all system modules
# in this array. For instance:
# MODULES="piix ide_disk reiserfs"
MODULES=""
# BINARIES
# This setting includes any additional binaries a given user may
# wish into the CPIO image. This is run last, so it may be used to
# override the actual binaries included by a given hook
# BINARIES are dependency parsed, so you may safely ignore libraries
BINARIES=""
# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in any way. This is useful for config files.
FILES=""
# HOOKS
# This is the most important setting in this file. The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
## This setup specifies all modules in the MODULES setting above.
## No raid, lvm2, or encrypted root is needed.
# HOOKS="base"
#
## This setup will autodetect all modules for your system and should
## work as a sane default
# HOOKS="base udev autodetect block filesystems"
#
## This setup will generate a 'full' image which supports most systems.
## No autodetection is done.
# HOOKS="base udev block filesystems"
#
## This setup assembles a pata mdadm array with an encrypted root FS.
## Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
# HOOKS="base udev block mdadm encrypt filesystems"
#
## This setup loads an lvm2 volume group on a usb device.
# HOOKS="base udev block lvm2 filesystems"
#
## NOTE: If you have /usr on a separate partition, you MUST include the
# usr, fsck and shutdown hooks.
HOOKS="base systemd autodetect modconf sd-encrypt sd-lvm2 block filesystems keyboard sd-vconsole fsck"
# COMPRESSION
# Use this to compress the initramfs image. By default, gzip compression
# is used. Use 'cat' to create an uncompressed image.
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
#COMPRESSION="xz"
#COMPRESSION="lzop"
#COMPRESSION="lz4"
# COMPRESSION_OPTIONS
# Additional options for the compressor
#COMPRESSION_OPTIONS=""And for the generated grub.cfg :
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#
### BEGIN /etc/grub.d/00_header ###
insmod part_gpt
insmod part_msdos
if [ -s $prefix/grubenv ]; then
load_env
fi
if [ "${next_entry}" ] ; then
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
else
set default="0"
fi
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
else
menuentry_id_option=""
fi
export menuentry_id_option
if [ "${prev_saved_entry}" ]; then
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
fi
}
function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}
if [ x$feature_default_font_path = xy ] ; then
font=unicode
else
insmod part_gpt
insmod cryptodisk
insmod luks
insmod gcry_rijndael
insmod gcry_rijndael
insmod gcry_sha256
insmod lvm
insmod ext2
cryptomount -u d2e01439baa3418c993df091226537dd
set root='lvmid/U6d1qx-dVAf-nWNw-kFdr-O1o3-Xwdb-Hxyg5k/OKhRPG-Djhv-M8hK-D0pw-wM3m-A9Jp-K1Gfax'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint='lvmid/U6d1qx-dVAf-nWNw-kFdr-O1o3-Xwdb-Hxyg5k/OKhRPG-Djhv-M8hK-D0pw-wM3m-A9Jp-K1Gfax' 1ded2b7b-0c90-4687-8742-81a2b9699b07
else
search --no-floppy --fs-uuid --set=root 1ded2b7b-0c90-4687-8742-81a2b9699b07
fi
font="/usr/share/grub/unicode.pf2"
fi
if loadfont $font ; then
set gfxmode=auto
load_video
insmod gfxterm
set locale_dir=$prefix/locale
set lang=en_US
insmod gettext
fi
terminal_input console
terminal_output gfxterm
if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
set timeout=5
fi
### END /etc/grub.d/00_header ###
### BEGIN /etc/grub.d/10_linux ###
menuentry 'Arch Linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-1ded2b7b-0c90-4687-8742-81a2b9699b07' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_gpt
insmod cryptodisk
insmod luks
insmod gcry_rijndael
insmod gcry_rijndael
insmod gcry_sha256
insmod lvm
insmod ext2
cryptomount -u d2e01439baa3418c993df091226537dd
set root='lvmid/U6d1qx-dVAf-nWNw-kFdr-O1o3-Xwdb-Hxyg5k/OKhRPG-Djhv-M8hK-D0pw-wM3m-A9Jp-K1Gfax'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint='lvmid/U6d1qx-dVAf-nWNw-kFdr-O1o3-Xwdb-Hxyg5k/OKhRPG-Djhv-M8hK-D0pw-wM3m-A9Jp-K1Gfax' 1ded2b7b-0c90-4687-8742-81a2b9699b07
else
search --no-floppy --fs-uuid --set=root 1ded2b7b-0c90-4687-8742-81a2b9699b07
fi
echo 'Loading Linux linux ...'
linux /boot/vmlinuz-linux cryptdevice=UUDI=d2e01439-baa3-418c-993d-f091226537dd:crymptolvm root=/dev/mapper/vg0-root rw
echo 'Loading initial ramdisk ...'
initrd /boot/initramfs-linux.img
}
submenu 'Advanced options for Arch Linux' $menuentry_id_option 'gnulinux-advanced-1ded2b7b-0c90-4687-8742-81a2b9699b07' {
menuentry 'Arch Linux, with Linux linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-advanced-1ded2b7b-0c90-4687-8742-81a2b9699b07' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_gpt
insmod cryptodisk
insmod luks
insmod gcry_rijndael
insmod gcry_rijndael
insmod gcry_sha256
insmod lvm
insmod ext2
cryptomount -u d2e01439baa3418c993df091226537dd
set root='lvmid/U6d1qx-dVAf-nWNw-kFdr-O1o3-Xwdb-Hxyg5k/OKhRPG-Djhv-M8hK-D0pw-wM3m-A9Jp-K1Gfax'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint='lvmid/U6d1qx-dVAf-nWNw-kFdr-O1o3-Xwdb-Hxyg5k/OKhRPG-Djhv-M8hK-D0pw-wM3m-A9Jp-K1Gfax' 1ded2b7b-0c90-4687-8742-81a2b9699b07
else
search --no-floppy --fs-uuid --set=root 1ded2b7b-0c90-4687-8742-81a2b9699b07
fi
echo 'Loading Linux linux ...'
linux /boot/vmlinuz-linux root=/dev/mapper/vg0-root rw quiet
echo 'Loading initial ramdisk ...'
initrd /boot/initramfs-linux.img
}
menuentry 'Arch Linux, with Linux linux (fallback initramfs)' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-fallback-1ded2b7b-0c90-4687-8742-81a2b9699b07' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_gpt
insmod cryptodisk
insmod luks
insmod gcry_rijndael
insmod gcry_rijndael
insmod gcry_sha256
insmod lvm
insmod ext2
cryptomount -u d2e01439baa3418c993df091226537dd
set root='lvmid/U6d1qx-dVAf-nWNw-kFdr-O1o3-Xwdb-Hxyg5k/OKhRPG-Djhv-M8hK-D0pw-wM3m-A9Jp-K1Gfax'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint='lvmid/U6d1qx-dVAf-nWNw-kFdr-O1o3-Xwdb-Hxyg5k/OKhRPG-Djhv-M8hK-D0pw-wM3m-A9Jp-K1Gfax' 1ded2b7b-0c90-4687-8742-81a2b9699b07
else
search --no-floppy --fs-uuid --set=root 1ded2b7b-0c90-4687-8742-81a2b9699b07
fi
echo 'Loading Linux linux ...'
linux /boot/vmlinuz-linux root=/dev/mapper/vg0-root cryptdevice=UUID=d2e01439-baa3-418c-993d-f091226537dd:cryptolvm rw quiet
echo 'Loading initial ramdisk ...'
initrd /boot/initramfs-linux-fallback.img
}
}
### END /etc/grub.d/10_linux ###
### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###
### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###
### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###
### BEGIN /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; then
source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###If I understood correctly, I have nothing to put in /etc/crypttab, because it's the root which is encrypted ?
Currently, grub asking the passphrase (and not in my keyboard layout...), and after that, it say :
Loading Linux linux
Loading initial ramdisk ...
And it stuck on the ramdisk.
What did I miss on the installation ? And I would like to know if it is possible to get grub asking me the passphrase only if I want to boot on Arch, not windows ?
Thanks
Offline
#2 2017-06-03 19:49:14
- okubax
- Member
- From: Kent, UK.
- Registered: 2010-04-24
- Posts: 210
- Website
Re: Arch install on encrypted disk
Post output of
/etc/default/grub
Offline
Pages: 1