You are not logged in.

Pages: 1

Topic closed

#1 2019-07-07 06:01:07

shaaraddalvi
Member
Registered: 2013-01-02
Posts: 10

[LVM on LUKS] GRUB error - no such cryptodisk found

Hi all, I have a setup of LVM on LUKS + encrypted boot partition since around a year. I setup this by following the Arch wiki (I would have followed mostly a revision like this one on the wiki, I see there are some recent changes around cryptsetup and LUKS1 and LUKS2).

So here is the general workflow before the issue started happening. Power on laptop -> GRUB asks for passphrase of (hd0,gpt3) -> After entering, it shows 'Slot 0 opened' -> Proceeds to OS selection menu.
But since a week, the first passphrase entry *never* succeeds. It always shows me 'Access denied. No such cryptodisk found'. I am thrown in GRUB rescue. Upon some help in archlinux IRC channel, I can get around by using cryptomount (hd0,gpt3) -> when asked for passphrase, I type it again. It always succeeds on second go and I see 'Slot 0 opened'. -> run insmod normal -> run normal -> procced to boot further.

I am not sure why GRUB is unable to take my passphrase on first go. I have dismissed it to be a human error since I have reproduced this issue ~20 times since then. The second attempt always succeeds.

EDIT: Adding grub.cfg (from /boot/grub/) and also posting screenshot of the problem -

https://i.imgur.com/aORwMze.jpg

Grub.cfg:

#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
insmod part_gpt
insmod part_msdos
if [ -s $prefix/grubenv ]; then
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
    saved_entry="${chosen}"
    save_env saved_entry
  fi
}

function load_video {
  if [ x$feature_all_video_module = xy ]; then
    insmod all_video
  else
    insmod efi_gop
    insmod efi_uga
    insmod ieee1275_fb
    insmod vbe
    insmod vga
    insmod video_bochs
    insmod video_cirrus
  fi
}

if [ x$feature_default_font_path = xy ] ; then
   font=unicode
else
insmod lvm
insmod ext2
set root='lvmid/W4dz67-5bRQ-72Kw-JG7E-ltKN-OYRC-JrbPEk/9Kko9A-ayB2-46EZ-KbKE-2NJS-tkiT-SS1pgG'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint='lvmid/W4dz67-5bRQ-72Kw-JG7E-ltKN-OYRC-JrbPEk/9Kko9A-ayB2-46EZ-KbKE-2NJS-tkiT-SS1pgG'  1842eb98-29aa-4c05-a814-e0f3d43208ce
else
  search --no-floppy --fs-uuid --set=root 1842eb98-29aa-4c05-a814-e0f3d43208ce
fi
    font="/usr/share/grub/unicode.pf2"
fi

if loadfont $font ; then
  set gfxmode=auto
  load_video
  insmod gfxterm
  set locale_dir=$prefix/locale
  set lang=en_US
  insmod gettext
fi
terminal_input console
terminal_output gfxterm
if [ x$feature_timeout_style = xy ] ; then
  set timeout_style=menu
  set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
  set timeout=5
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/10_linux ###
menuentry 'Arch Linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-1842eb98-29aa-4c05-a814-e0f3d43208ce' {
	load_video
	set gfxpayload=keep
	insmod gzio
	insmod part_gpt
	insmod cryptodisk
	insmod luks
	insmod gcry_rijndael
	insmod gcry_rijndael
	insmod gcry_sha256
	insmod ext2
	cryptomount -u 0feaaeac01ab40aab092b9063f06aa58
	set root='cryptouuid/0feaaeac01ab40aab092b9063f06aa58'
	if [ x$feature_platform_search_hint = xy ]; then
	  search --no-floppy --fs-uuid --set=root --hint='cryptouuid/0feaaeac01ab40aab092b9063f06aa58'  f934be3b-29fa-4137-b510-ec005bd65d48
	else
	  search --no-floppy --fs-uuid --set=root f934be3b-29fa-4137-b510-ec005bd65d48
	fi
	echo	'Loading Linux linux ...'
	linux	/vmlinuz-linux root=/dev/mapper/myvg-root rw rd.luks.name=c7f5bf7b-a695-45b8-a24d-41e6195cd658=cryptlvm quiet
	echo	'Loading initial ramdisk ...'
	initrd	/initramfs-linux.img
}
submenu 'Advanced options for Arch Linux' $menuentry_id_option 'gnulinux-advanced-1842eb98-29aa-4c05-a814-e0f3d43208ce' {
	menuentry 'Arch Linux, with Linux linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-advanced-1842eb98-29aa-4c05-a814-e0f3d43208ce' {
		load_video
		set gfxpayload=keep
		insmod gzio
		insmod part_gpt
		insmod cryptodisk
		insmod luks
		insmod gcry_rijndael
		insmod gcry_rijndael
		insmod gcry_sha256
		insmod ext2
		cryptomount -u 0feaaeac01ab40aab092b9063f06aa58
		set root='cryptouuid/0feaaeac01ab40aab092b9063f06aa58'
		if [ x$feature_platform_search_hint = xy ]; then
		  search --no-floppy --fs-uuid --set=root --hint='cryptouuid/0feaaeac01ab40aab092b9063f06aa58'  f934be3b-29fa-4137-b510-ec005bd65d48
		else
		  search --no-floppy --fs-uuid --set=root f934be3b-29fa-4137-b510-ec005bd65d48
		fi
		echo	'Loading Linux linux ...'
		linux	/vmlinuz-linux root=/dev/mapper/myvg-root rw rd.luks.name=c7f5bf7b-a695-45b8-a24d-41e6195cd658=cryptlvm quiet
		echo	'Loading initial ramdisk ...'
		initrd	/initramfs-linux.img
	}
	menuentry 'Arch Linux, with Linux linux (fallback initramfs)' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-fallback-1842eb98-29aa-4c05-a814-e0f3d43208ce' {
		load_video
		set gfxpayload=keep
		insmod gzio
		insmod part_gpt
		insmod cryptodisk
		insmod luks
		insmod gcry_rijndael
		insmod gcry_rijndael
		insmod gcry_sha256
		insmod ext2
		cryptomount -u 0feaaeac01ab40aab092b9063f06aa58
		set root='cryptouuid/0feaaeac01ab40aab092b9063f06aa58'
		if [ x$feature_platform_search_hint = xy ]; then
		  search --no-floppy --fs-uuid --set=root --hint='cryptouuid/0feaaeac01ab40aab092b9063f06aa58'  f934be3b-29fa-4137-b510-ec005bd65d48
		else
		  search --no-floppy --fs-uuid --set=root f934be3b-29fa-4137-b510-ec005bd65d48
		fi
		echo	'Loading Linux linux ...'
		linux	/vmlinuz-linux root=/dev/mapper/myvg-root rw rd.luks.name=c7f5bf7b-a695-45b8-a24d-41e6195cd658=cryptlvm quiet
		echo	'Loading initial ramdisk ...'
		initrd	/initramfs-linux-fallback.img
	}
}

### END /etc/grub.d/10_linux ###

### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###

### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###

### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###

### BEGIN /etc/grub.d/41_custom ###
if [ -f  ${config_directory}/custom.cfg ]; then
  source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f  $prefix/custom.cfg ]; then
  source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###

Thanks!



moderator edit -- replaced oversized image with link.
Pasting pictures and code

Last edited by 2ManyDogs (2019-07-07 13:31:21)

Offline

#2 2019-07-07 08:24:52

mxfm
Member
Registered: 2015-10-23
Posts: 163

Re: [LVM on LUKS] GRUB error - no such cryptodisk found

Did you change partition layout or filesystem recently? If yes, did you regenerate GRUB loader? Because the message 'Access denied. No such cryptodisk found' looks like the link to encrypted disk was broken.

Offline

#3 2019-07-07 09:34:53

shaaraddalvi
Member
Registered: 2013-01-02
Posts: 10

Re: [LVM on LUKS] GRUB error - no such cryptodisk found

No, there were no changes in terms of partitions, filesystems and so on. Only regular pacman - Syu executions.

Offline

#4 2019-07-07 11:13:51

mxfm
Member
Registered: 2015-10-23
Posts: 163

Re: [LVM on LUKS] GRUB error - no such cryptodisk found

I don't know exactly how this is implemented in LUKS (I use plain dm-crypt with grub, not LUKS), but the logic of encrypted boot partition with grub is likely follows.

Part of the grub bootlader which resides on EFI partition (unencrypted) can handle decrypting the boot partion with 'the rest of the GRUB'. In order to do so, it must have 'a link' pointing to relevant partition (there can be several LUKS partition on different devices) in the form of uuid. This can be some uuid embedded in LUKS header (likely this) or partition PARTUUID. With that 'link' grub knows which partition should be decrypt during boot.

Judging by the fact that you can decrypt manually, the grub loader is ok, data is ok (both lvm and filesystem), but the link is probably wrong. You can try to regenerate grub, even if you didn't do it during last week when error occured.

Note, that actual error message looks like should contain uuid, it should be like 'error: disk ‘cryptouuid/...uuid...’ not found.' This is a hint to check wthether this uuid is correct.

Please, provide grub config.

Offline

#5 2019-07-07 13:27:53

shaaraddalvi
Member
Registered: 2013-01-02
Posts: 10

Re: [LVM on LUKS] GRUB error - no such cryptodisk found

Thanks mxfm for your help, I checked grub.cfg and it seems to have the correct UUID for the boot partition. I have updated my post with screenshot of the problem and my grub.cfg. I checked my /efi partition and that has a binary file (/efi/EFI/GRUB/grubx64.efi) which must be doing the initial load. Since it's a binary file, I can't easily check it to see what it has.

Although from the screenshot though, the UUID seems to be correct.

Offline

#6 2019-07-07 14:53:30

mxfm
Member
Registered: 2015-10-23
Posts: 163

Re: [LVM on LUKS] GRUB error - no such cryptodisk found

shaaraddalvi wrote:

Thanks mxfm for your help, I checked grub.cfg and it seems to have the correct UUID for the boot partition. I have updated my post with screenshot of the problem and my grub.cfg. I checked my /efi partition and that has a binary file (/efi/EFI/GRUB/grubx64.efi) which must be doing the initial load. Since it's a binary file, I can't easily check it to see what it has.

Although from the screenshot though, the UUID seems to be correct.

UUIDs seems to be correct, you don't need to check the binary file in efi partition, it is initial stage of grub loader.

1. As I said, you can try to recreate grub boot loader to see whether it can fix the problem.

2. This error seems to be related to non US keyboard characters. Do you use any unusual characters?

3. Have you made anything during 'a week ago' which affects LUKS header? How many keyslots do you use?

Last edited by mxfm (2019-07-07 14:55:02)

Offline

#7 2020-10-18 10:03:56

postcd
Member
Registered: 2020-10-18
Posts: 3

Re: [LVM on LUKS] GRUB error - no such cryptodisk found

I have seen this error in Manajaro when i have not created first separate /boot patition. I created btrfs encrypted single partition marked as boot and root, but seen that error. Though it worked after i have followed suggestion to first create /boot partition with boot flag and ext2 filesystem. Tick encryption, then create second partition (in my case btrfs filesystem) with mountpoint "/" and encryption also ticked. Hope it help someone.
PS: developers should make the GUI installer more friendly so one knows how to make full encrypted disk with custom filesystem.

Last edited by postcd (2020-10-18 10:05:11)

Offline

#8 2020-10-18 12:14:29

2ManyDogs
Forum Fellow
Registered: 2012-01-15
Posts: 4,645

Re: [LVM on LUKS] GRUB error - no such cryptodisk found

This thread is more than a year old, the OP has not been back, and Arch does not use a GUI installer. Manjaro is not supported here.

Closing this old thread.

Offline

Pages: 1

Topic closed

Board footer

Powered by FluxBB