You are not logged in.
Hi guys,
i have 4 SSDs and i want to try a rather complex setup using lvm-raid with whole disk encryption using luks. My EFI and /boot partition reside on a USB-stick, the SSDs have been set up with detached headers which allows plausible deniability. My /boot is also encrypted with the luks headers for the SSDs inside it.
This is my disk layout:
sdc 8:32 0 465.8G 0 disk
`-luksc 254:2 0 465.7G 0 crypt
|-SSDVolGroup-documents_rmeta_0 254:6 0 4M 0 lvm
| `-SSDVolGroup-documents 254:14 0 15G 0 lvm /home/moritz/Documents
|-SSDVolGroup-documents_rimage_0 254:7 0 15G 0 lvm
| `-SSDVolGroup-documents 254:14 0 15G 0 lvm /home/moritz/Documents
|-SSDVolGroup-swap_rimage_0 254:15 0 8G 0 lvm
| `-SSDVolGroup-swap 254:19 0 32G 0 lvm
|-SSDVolGroup-root_rmeta_0 254:20 0 4M 0 lvm
| `-SSDVolGroup-root 254:28 0 300G 0 lvm /
|-SSDVolGroup-root_rimage_0 254:21 0 100G 0 lvm
| `-SSDVolGroup-root 254:28 0 300G 0 lvm /
`-SSDVolGroup-raid0_rimage_0 254:29 0 100G 0 lvm
`-SSDVolGroup-raid0 254:33 0 400G 0 lvm /home/moritz/Raid0
sdd 8:48 0 465.8G 0 disk
`-luksd 254:3 0 465.7G 0 crypt
|-SSDVolGroup-documents_rmeta_1 254:8 0 4M 0 lvm
| `-SSDVolGroup-documents 254:14 0 15G 0 lvm /home/moritz/Documents
|-SSDVolGroup-documents_rimage_1 254:9 0 15G 0 lvm
| `-SSDVolGroup-documents 254:14 0 15G 0 lvm /home/moritz/Documents
|-SSDVolGroup-swap_rimage_1 254:16 0 8G 0 lvm
| `-SSDVolGroup-swap 254:19 0 32G 0 lvm
|-SSDVolGroup-root_rmeta_1 254:22 0 4M 0 lvm
| `-SSDVolGroup-root 254:28 0 300G 0 lvm /
|-SSDVolGroup-root_rimage_1 254:23 0 100G 0 lvm
| `-SSDVolGroup-root 254:28 0 300G 0 lvm /
`-SSDVolGroup-raid0_rimage_1 254:30 0 100G 0 lvm
`-SSDVolGroup-raid0 254:33 0 400G 0 lvm /home/moritz/Raid0
sde 8:64 0 465.8G 0 disk
`-lukse 254:4 0 465.7G 0 crypt
|-SSDVolGroup-documents_rmeta_2 254:10 0 4M 0 lvm
| `-SSDVolGroup-documents 254:14 0 15G 0 lvm /home/moritz/Documents
|-SSDVolGroup-documents_rimage_2 254:11 0 15G 0 lvm
| `-SSDVolGroup-documents 254:14 0 15G 0 lvm /home/moritz/Documents
|-SSDVolGroup-swap_rimage_2 254:17 0 8G 0 lvm
| `-SSDVolGroup-swap 254:19 0 32G 0 lvm
|-SSDVolGroup-root_rmeta_2 254:24 0 4M 0 lvm
| `-SSDVolGroup-root 254:28 0 300G 0 lvm /
|-SSDVolGroup-root_rimage_2 254:25 0 100G 0 lvm
| `-SSDVolGroup-root 254:28 0 300G 0 lvm /
`-SSDVolGroup-raid0_rimage_2 254:31 0 100G 0 lvm
`-SSDVolGroup-raid0 254:33 0 400G 0 lvm /home/moritz/Raid0
sdf 8:80 0 465.8G 0 disk
`-luksf 254:5 0 465.7G 0 crypt
|-SSDVolGroup-documents_rmeta_3 254:12 0 4M 0 lvm
| `-SSDVolGroup-documents 254:14 0 15G 0 lvm /home/moritz/Documents
|-SSDVolGroup-documents_rimage_3 254:13 0 15G 0 lvm
| `-SSDVolGroup-documents 254:14 0 15G 0 lvm /home/moritz/Documents
|-SSDVolGroup-swap_rimage_3 254:18 0 8G 0 lvm
| `-SSDVolGroup-swap 254:19 0 32G 0 lvm
|-SSDVolGroup-root_rmeta_3 254:26 0 4M 0 lvm
| `-SSDVolGroup-root 254:28 0 300G 0 lvm /
|-SSDVolGroup-root_rimage_3 254:27 0 100G 0 lvm
| `-SSDVolGroup-root 254:28 0 300G 0 lvm /
`-SSDVolGroup-raid0_rimage_3 254:32 0 100G 0 lvm
`-SSDVolGroup-raid0 254:33 0 400G 0 lvm /home/moritz/Raid0
sdg 8:96 1 57.3G 0 disk
|-sdg1 8:97 1 512M 0 part /boot/efi
|-sdg2 8:98 1 2G 0 part
| `-enc_boot 254:1 0 2G 0 crypt /boot
`-sdg3 8:99 1 54.8G 0 part I am using GRUB as my bootloader. These are the relevant lines of my /etc/default/grub and /etc/mkinitcpio.conf:
GRUB_CMDLINE_LINUX="debug ignore_loglevel rescue root=/dev/SSDVolGroup/root"
GRUB_PRELOAD_MODULES="part_gpt part_msdos lvm dm_raid raid0 raid1 raid456"
GRUB_ENABLE_CRYPTODISK=yFILES=(/boot/key.file /boot/2048E4D3CC8E.img /boot/21032C5F2644.img /boot/21032C6EF5F4.img /boot/21062CCE2624.img)
HOOKS=(base systemd autodetect keyboard sd-vconsole modconf block sd-encrypt lvm2 filesystems fsck)As you can see i use the sd-encrypt hook to decrypt all 4 SSDs using a keyfile which also resides on the boot partition. This is my /etc/crypttab.initramfs
enc_sde /dev/disk/by-id/ata-CT500MX500SSD1_2048E4D3CC8E /boot/key.file header=/boot/2048E4D3CC8E.img
enc_sdc /dev/disk/by-id/ata-CT500MX500SSD1_21032C5F2644 /boot/key.file header=/boot/21032C5F2644.img
enc_sdf /dev/disk/by-id/ata-CT500MX500SSD1_21032C6EF5F4 /boot/key.file header=/boot/21032C6EF5F4.img
enc_sdd /dev/disk/by-id/ata-CT500MX500SSD1_21062CCE2624 /boot/key.file header=/boot/21062CCE2624.imgSo now comes my problem. I try to boot up and decryption seems to be fine, i enter the password for the boot partition, the services to decrypt the 4 SSDs report success and then the LVM initialization should start. This step always fails on the second SSD. The errormessage is shown in this pic:
https://imgur.com/a/kgQj5jB
I have researched that issue and came across this post from 2016:
https://bbs.archlinux.org/viewtopic.php?id=213111
The solution back then was to downgrade the lvm2 package, but i couldn't find the referenced version archive...So i couldn't test that solution.
Another problem is that i cannot access the rescue shell. It reports "Root account is locked out". I also researched that issue and it seems to be related to the root password not being set. I have set it like 20 times in Chroot by now, it doesn't work.
I would be very thankful for any kind of input on both issues, help is very much appreciated.
Last edited by disconnect (2021-06-13 10:29:56)
Offline
So I figured it out by myself, for anybody having the same problems:
The root fs (lvm raid) can't be loaded because I only specified the raid modules (dm_raid raid456 raid0) in the /etc/mkinitcpio.conf or /etc/default/grub, specifying the modules in both files helped.
The second problem of the rescue shell not loading was a result of the root fs being unavailable.
My system boots successfully now...whoop whoop!
Offline