You are not logged in.

Pages: 1

#1 2021-09-25 14:42:27

MickeyMouse
Member
Registered: 2014-10-24
Posts: 13

[SOLVED] Can't to install with Encryption LVM LUKS: no password prompt

Hello

I'm trying to setup Arch Linux with encryption using the option LVM on LUKS (https://wiki.archlinux.org/title/Dm-cry … VM_on_LUKS). My laptop is an XPS 13 9310.

I followed the whole installation wiki but when I boot with grub instead of having a prompt asking me the password I have a failure message : 

:: running hook [udev]
:: Triggering uevents...
:: running hook [keymap]
:: Loading keymap...done.
:: running hook [encrypt]
Waiting 10 seconds for device /dev/disk/by-uuid/dac3784a-1860-4c0d-b8dd-0af9fe5d172f ...
Waiting 10 seconds for device /dev/mapper/MainVolGroup-root ...
ERROR device /dev/mapper/MainVolGroup-root not found; Skipping fsck.
:: mounting '/dev/mapper/MainVolGroup-root' on real root
mount /new_root: no filesystem type specified
You are being dropped into an emergency shell.

I have setup the proper module on initramfs configuration file, regenerated the grub configuration file.
The UUID which is on grub conf file and pass to the kernel match with the UUID of the third partition of the disk containing the whole ciphered fs.
I'm out of idea to debug my installation.

Thank you for your help

Here my installations commands :

loadkeys fr
timedatectl set-ntp true

Create partitions :
* /dev/nvme0n1p1: UEFI
* /dev/nvme0n1p2: /boot/
* /dev/nvme0n1p3: for the encryption

dd if=/dev/urandom of=/dev/nvme0n1 count=1000

parted -s /dev/nvme0n1 mklabel gpt
parted -s /dev/nvme0n1 mkpart efi fat32 1MiB 128MiB
parted -s /dev/nvme0n1 mkpart boot ext4 129MiB 1024MiB
parted -s /dev/nvme0n1 mkpart system ext4 1025MiB 100%

mkfs.fat -F32 /dev/nvme0n1p1
mkfs.ext4 /dev/nvme0n1p2

Setup the encryption:

cryptsetup luksFormat /dev/nvme0n1p3
cryptsetup open /dev/nvme0n1p3 cryptlvm

Create lvm partitions :

pvcreate /dev/mapper/cryptlvm

vgcreate MainVolGroup /dev/mapper/cryptlvm

lvcreate -L 8G MainVolGroup -n swap
lvcreate -L 64G MainVolGroup -n root
lvcreate -l 100%FREE MainVolGroup -n home

mkfs.ext4 /dev/MainVolGroup/root
mkfs.ext4 /dev/MainVolGroup/home
mkswap /dev/MainVolGroup/swap

Mount the partitions

mount /dev/MainVolGroup/root /mnt
mkdir /mnt/home
mount /dev/MainVolGroup/home /mnt/home
swapon /dev/MainVolGroup/swap
mkdir /mnt/boot
mount /dev/nvme0n1p2 /mnt/boot
mkdir /mnt/efi
mount /dev/nvme0n1p1 /mnt/efi

Setup the chroot

pacstrap /mnt base linux linux-firmware vim iwd man-db man-pages texinfo lvm2

genfstab -U /mnt >> /mnt/etc/fstab
arch-chroot /mnt

Update the /etc/mkinitcpio.conf file with proper Hooks

HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems fsck)

Regenerate the initramfs :

mkinitcpio -P

Install grub :

pacman -S grub
pacman -S efibootmgr

Update grub file /etc/default/grub : 

GRUB_ENABLE_CRYPTODISK=y

echo "cryptdevice=UUID=$(blkid -s UUID -o value /dev/nvme0n1p3):cryptlvm >> /etc/default/grub

Install grub

grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB

Generate configuration :

grub-mkconfig -o /boot/grub/grub.cfg

Additional information :

The list of devices ids:

/dev/nvme0n1p1: UUID="1B9B-C0C4" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="efi" PARTUUID="93d0cccd-a2e4-4a24-8221-30fa77266114"
/dev/nvme0n1p2: UUID="4e75f13c-731c-46c6-bc71-a6c8a78ad591" BLOCK_SIZE="4096" TYPE="ext4" PARTLABEL="boot" PARTUUID="cb04c614-bef6-4791-ac14-644c03428372"
/dev/nvme0n1p3: UUID="dac3784a-1860-4c0d-b8dd-0af9fe5d172f" TYPE="crypto_LUKS" PARTLABEL="system" PARTUUID="ec371895-e9c3-405d-9343-51fec91ae6b2"
/dev/mapper/MainVolGroup-swap: UUID="9910ae4d-935a-40b5-bfd8-fe2e23a99fd6" TYPE="swap"
/dev/mapper/MainVolGroup-root: UUID="81d79a63-d21d-4ed7-8762-bc16ba11d59d" BLOCK_SIZE="4096" TYPE="ext4"
/dev/mapper/cryptlvm: UUID="jq7BYL-Cm8Q-mE0J-FQMp-Wul5-1JLo-TeliLj" TYPE="LVM2_member"
/dev/mapper/MainVolGroup-home: UUID="df75f3b1-4118-4b95-97d6-1044a4eb7939" BLOCK_SIZE="4096" TYPE="ext4"

The generated grub configuration file

#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
insmod part_gpt
insmod part_msdos
if [ -s $prefix/grubenv ]; then
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
    saved_entry="${chosen}"
    save_env saved_entry
  fi
}

function load_video {
  if [ x$feature_all_video_module = xy ]; then
    insmod all_video
  else
    insmod efi_gop
    insmod efi_uga
    insmod ieee1275_fb
    insmod vbe
    insmod vga
    insmod video_bochs
    insmod video_cirrus
  fi
}

if [ x$feature_default_font_path = xy ] ; then
   font=unicode
else
insmod lvm
insmod ext2
set root='lvmid/hBfgFa-N3dE-hQ9C-yxDc-cJI1-zX69-8Mq2Ag/2vPIiA-kWcL-tu5D-IrCn-caxj-7bEm-VoI9Js'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint='lvmid/hBfgFa-N3dE-hQ9C-yxDc-cJI1-zX69-8Mq2Ag/2vPIiA-kWcL-tu5D-IrCn-caxj-7bEm-VoI9Js'  81d79a63-d21d-4ed7-8762-bc16ba11d59d
else
  search --no-floppy --fs-uuid --set=root 81d79a63-d21d-4ed7-8762-bc16ba11d59d
fi
    font="/usr/share/grub/unicode.pf2"
fi

if loadfont $font ; then
  set gfxmode=auto
  load_video
  insmod gfxterm
  set locale_dir=$prefix/locale
  set lang=en_US
  insmod gettext
fi
terminal_input console
terminal_output gfxterm
if [ x$feature_timeout_style = xy ] ; then
  set timeout_style=menu
  set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
  set timeout=5
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/10_linux ###
menuentry 'Arch Linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-81d79a63-d21d-4ed7-8762-bc16ba11d59d' {
	load_video
	set gfxpayload=keep
	insmod gzio
	insmod part_gpt
	insmod ext2
	search --no-floppy --fs-uuid --set=root 4e75f13c-731c-46c6-bc71-a6c8a78ad591
	echo	'Loading Linux linux ...'
	linux	/vmlinuz-linux root=/dev/mapper/MainVolGroup-root rw cryptdevice=UUID=dac3784a-1860-4c0d-b8dd-0af9fe5d172f:cryptlvm loglevel=3
	echo	'Loading initial ramdisk ...'
	initrd	/initramfs-linux.img
}
submenu 'Advanced options for Arch Linux' $menuentry_id_option 'gnulinux-advanced-81d79a63-d21d-4ed7-8762-bc16ba11d59d' {
	menuentry 'Arch Linux, with Linux linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-advanced-81d79a63-d21d-4ed7-8762-bc16ba11d59d' {
		load_video
		set gfxpayload=keep
		insmod gzio
		insmod part_gpt
		insmod ext2
		search --no-floppy --fs-uuid --set=root 4e75f13c-731c-46c6-bc71-a6c8a78ad591
		echo	'Loading Linux linux ...'
		linux	/vmlinuz-linux root=/dev/mapper/MainVolGroup-root rw cryptdevice=UUID=dac3784a-1860-4c0d-b8dd-0af9fe5d172f:cryptlvm loglevel=3
		echo	'Loading initial ramdisk ...'
		initrd	/initramfs-linux.img
	}
	menuentry 'Arch Linux, with Linux linux (fallback initramfs)' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-fallback-81d79a63-d21d-4ed7-8762-bc16ba11d59d' {
		load_video
		set gfxpayload=keep
		insmod gzio
		insmod part_gpt
		insmod ext2
		search --no-floppy --fs-uuid --set=root 4e75f13c-731c-46c6-bc71-a6c8a78ad591
		echo	'Loading Linux linux ...'
		linux	/vmlinuz-linux root=/dev/mapper/MainVolGroup-root rw cryptdevice=UUID=dac3784a-1860-4c0d-b8dd-0af9fe5d172f:cryptlvm loglevel=3
		echo	'Loading initial ramdisk ...'
		initrd	/initramfs-linux-fallback.img
	}
}

### END /etc/grub.d/10_linux ###

### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###

### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###

### BEGIN /etc/grub.d/30_uefi-firmware ###
menuentry 'UEFI Firmware Settings' $menuentry_id_option 'uefi-firmware' {
	fwsetup
}
### END /etc/grub.d/30_uefi-firmware ###

### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###

### BEGIN /etc/grub.d/41_custom ###
if [ -f  ${config_directory}/custom.cfg ]; then
  source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f  $prefix/custom.cfg ]; then
  source $prefix/custom.cfg
fi
### END /etc/grub.d/41_custom ###

Last edited by MickeyMouse (2021-09-27 08:00:32)

Offline

#2 2021-09-26 20:45:59

loqs
Member
Registered: 2014-03-06
Posts: 18,340

Re: [SOLVED] Can't to install with Encryption LVM LUKS: no password prompt

When dropped to the emergency shell does /dev/nvme0 exist?

Offline

#3 2021-09-26 21:15:11

frankieboy
Member
Registered: 2009-04-12
Posts: 65

Re: [SOLVED] Can't to install with Encryption LVM LUKS: no password prompt

Hi,

The default cryptsetup without parameters create a luks2 encrypted volume, which is not fully supported by grub, you have to use either systemd-boot as bootloader or create a luks1 encrypted volume with cryptsetup.

Offline

#4 2021-09-26 21:34:31

Ammako
Member
Registered: 2021-07-16
Posts: 267

Re: [SOLVED] Can't to install with Encryption LVM LUKS: no password prompt

frankieboy wrote:

Hi,

The default cryptsetup without parameters create a luks2 encrypted volume, which is not fully supported by grub, you have to use either systemd-boot as bootloader or create a luks1 encrypted volume with cryptsetup.

This only applies to boot partition, initramfs hooks can unlock a luks2 volume just fine

Last edited by Ammako (2021-09-26 21:34:55)

Offline

#5 2021-09-27 07:59:06

MickeyMouse
Member
Registered: 2014-10-24
Posts: 13

Re: [SOLVED] Can't to install with Encryption LVM LUKS: no password prompt

loqs wrote:

When dropped to the emergency shell does /dev/nvme0 exist?

Nope.

I tried to make an installation without ciphering the disk and it failed too. I was focus on the ciphering but it is not the real issue.

I found that the SSD was configured in the UEFI BIOS to "Raid ON-mode". I switched it to AHCI mode and it works. \o/

Thank you for your help smile

Offline

Pages: 1

Board footer

Powered by FluxBB