You are not logged in.
Hi guys!
I've installed Arch several times now and I want my main computer to be fully encrypted!
So I followed this guide LVM on LUKS with encrypted Boot Partition in combination with the usual installation guide (Arch Installation).
This is what I came up with:
fdisk -l
dd if=/dev/urandom of=/dev/sdX bs=4M status=progress
fdisk /dev/sdX
g
Partition Size Type
/dev/sdX1 512M EFI System
/dev/sdX2 256M Linux filesystem
/dev/sdX3 left space Linux LVM
p
w
cryptsetup luksFormat --type luks2 /dev/sdX3
cryptsetup open /dev/sdX3 cryptlvm
pvcreate /dev/mapper/cryptlvm
vgcreate volgroup /dev/mapper/cryptlvm
lvcreate -L 8G volgroup -n swap
lvcreate -L 32G volgroup -n root
lvcreate -l 100%FREE volgroup -n home
mkfs.ext4 /dev/volgroup/root
mkfs.ext4 /dev/volgroup/home
mkswap /dev/volgroup/swap
mount /dev/volgroup/root /mnt
mkdir /mnt/home
mount /dev/volgroup/home /mnt/home
swapon /dev/volgroup/swap
cryptsetup luksFormat /dev/sdX2
cryptsetup open /dev/sdX2 cryptboot
mkfs.ext4 /dev/mapper/cryptboot
mkdir /mnt/boot
mount /dev/mapper/cryptboot /mnt/boot
mkfs.fat -F32 /dev/sdX1
mkdir /mnt/efi
mount /dev/sdX1 /mnt/efi
lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sdX 8:0 0 200G 0 disk
├─sdX1 8:2 0 512M 0 part /efi
├─sdX2 8:3 0 256M 0 part
│ └─cryptboot 254:0 0 254M 0 crypt /boot
└─sdX3 8:4 0 128G 0 part
└─cryptlvm 254:1 0 128G 0 crypt
├─volgroup-swap 254:2 0 8G 0 lvm [SWAP]
├─volgroup-root 254:3 0 32G 0 lvm /
└─volgroup-home 254:4 0 98G 0 lvm /home
pacstrap /mnt base
genfstab -U /mnt >> /mnt/etc/fstab
arch-chroot /mnt
passwd
ln -sf /usr/share/zoneinfo/MYREGION/MYCITY /etc/localtime
hwclock --systohc
# uncomment locale in '/etc/locale.gen'
locale-gen
echo 'LANG=en_US.UTF-8' > /etc/locale.conf
pacman -S grub efibootmgr dosfstools gptfdisk
nano /etc/mkinitcpio.conf
HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems fsck)
mkinitcpio -p linux
# uncomment 'GRUB_ENABLE_CRYPTODISK=y' in '/etc/default/grub'
grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=grub --recheck --debug
nano /etc/default/grub
GRUB_CMDLINE_LINUX="... cryptdevice=/dev/sdX3:cryptlvm ..."
nano /etc/crypttab
cryptboot /dev/sdX2 none luks
grub-mkconfig -o /boot/grub/grub.cfg
And then nothing happens for 30 minutes and I quit the process. I've gone through the installation about 4 times now. In a VM and on physical hardware and I've followed the exact steps in this video in a VM with UEFI enabled too Installing Arch Linux (with EFI, encryption, LVM) after following the wiki, but the same thing happens... It freezes after running grub-mkconfig -o /boot/grub/grub.cfg!
Am I missing something, or is it a bug?
Last edited by handella (2018-12-28 20:12:47)
Offline
Try this workaround
Offline
Please use [ code ] tags when posting commands and output.
https://wiki.archlinux.org/index.php/Co … s_and_code
https://bbs.archlinux.org/help.php#bbcode
How to post. A sincere effort to use modest and proper language and grammar is a sign of respect toward the community.
Offline
Try this workaround
Thank you! It works now!
Offline
Thanks for this thread! Got stuck at this problem for 2 days now.
Maybe this should be added somewhere in the wiki.
Offline
I've been struggling for weeks to get my laptop booting with arch doing lvm on luks, sounds like roughly the same issue, but none of the posted workarounds work... Using grub-mkconfig, os-prober never finishes without lvmetad, but I can't get anything work with lvmetad even when running. Unlocking and starting the lvm volumes is never an issue manually, just the kernel being built doesn't seem to find the volumes in any way (uuid, partition) even when I do get grub to boot off a grub.cfg normally.
I finally had to make my own grub.cfg manually from a working ubuntu install on the same drive, and still the arch initramfs kernel will not boot. It doesn't seem to be grub, but rather it seems the kernel still isn't trying to decrypt the luks volume, it just errors out in grub and gives up. Oddly when setting the base root to be even the fat efi partition or a standard ext2 /boot, it doesn't see the uuid or direct partition defined any way. I have the proper mkinitcpio.conf defined, as this setup works on my primary desktop, and use my hooks exactly from it that boots fine. It just seems... broken.
The install procedure at this point is just broken for anyone duplicating a lvm on luks setup, anyone figure any other workarounds for this? Happy to post my configs, but everything for my system is rather typical of examples, other than the disk is an nvme, but again so is my other system.
Booting the same grub to ubuntu or windoze works fine, though ubuntu's grub found the vmlinuz images built by arch and tried it, but that kernel wouldn't bootstrap to find ubuntu's volumes either, so definitely seems something is not building properly with arch's kernel here. I updated to latest systemd for reported booting bugs there, still same issue however. Seems bigger upstream issues afoot...
Offline