[SOLVED] rEFInd: decryption is not attempted

Termy · 2021-10-21 12:26:22

Hi there,
i'm currently trying to write a script to automatically install Arch using btrfs, cryptsetup and refind.
Everything seems to work fine when trying it out in a virtualbox vm, with the slight issue that no boot is possible.
I just get an error after a timeout that /dev/mapper/cryptroot can't be found - so it looks to me that the issue is that no decryption is attempted.

I've tried every combination of UUID, PARTUUID, Label (and made sure it's the UUID of the crypto_LUKS partition of course) i could think of, nothing got me to a decryption-attempt, so i'm kind of at a loss

refind.conf stanza:

menuentry "Arch Linux" {
    icon     icon /EFI/refind/themes/refind-dreary/icons/os_arch.png
    volume   "Arch Linux"
    loader   /vmlinuz-linux
    initrd   /initramfs-linux.img
    options  "rd.luks.name=2392e3e2-c137-4e6a-8a02-9a4eb12eafa4=cryptroot rd.luks.options=allow-discards,no-read-workqueue,no-write-workqueue root=/dev/mapper/cryptroot rootflags=subvol=@ rw quiet zswap.enabled=1 zswap.compressor=zstd zswap.max_pool_percent=20 zswap.zpool=z3fold amdgpu.ppfeaturemask=0xffffffff nmi_watchdog=0 initrd=/amd-ucode.img"
    submenuentry "Boot using fallback initramfs" {
        initrd /boot/initramfs-linux-fallback.img
    }
}

mkinitcpio.conf hooks:

HOOKS=(base systemd sd-vconsole autodetect modconf block keyboard sd-encrypt filesystems )

I haven't added any modules - i read about adding btrfs there but as far as i understand that shouldn't be necessary with only one btrfs partition - and that can't be the cause of the issue i would think as btrfs would only be relevant after decryption.

i've also added the rd.luks.name to the refind-linux.conf options, to no avail.
When i check the kernel-parameters in rEFInd using F2, the correct rd.luks.name=UUID.... options are used

I never used rEFInd, so i might as well miss something too obvious, but i'm out of ideas - hopefully someone here can shed some light - thanks in advance!

If there is something that can be missed during install, here are the scripts:
Installation: https://pastebin.com/wDWNfqsX
Chroot: https://pastebin.com/eF4ZWZvQ
After that i modify the refind.conf file to add the correct kernel options.

Last edited by Termy (2021-10-21 15:35:22)

Termy · 2021-10-21 15:34:52

Duh, that one is a real facepalm - the mkinitcpio.conf hooks weren't modified in chroot so it didn't include the sd-encrypt hook. Now on to find out why that happened ^^

Arch Linux

#1 2021-10-21 12:26:22

[SOLVED] rEFInd: decryption is not attempted

#2 2021-10-21 15:34:52

Re: [SOLVED] rEFInd: decryption is not attempted

Board footer