You are not logged in.
I reinstalled Arch with full disk encryption following this guide (fairly) closely. The main difference being that I am using btrfs subvolumes. I've used luks on root in the past, but this is my first attempt with an encrypted /boot
https://unixsheikh.com/tutorials/real-f … -uefi.html
Grub unlocks the initramfs, and an embedded keyfile then unlocks the root partition.
The unlocked luks partition is mapped to /dev/mapper/cryptssd.
After booting the kernel, there is a timeout looking for /dev/mapper/cryptssd, and I am dropped into a rescue shell after the encrypt hook attempts to run. For now, I am using dev names in grub since I only have one disk. I used luks1 as the header type when encrypting.
/etc/default/grub
# GRUB boot loader configuration
GRUB_DEFAULT=saved
GRUB_TIMEOUT=7
GRUB_DISTRIBUTOR="Arch"
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3"
GRUB_CMDLINE_LINUX="cryptodevice=/dev/sda3:cryptssd:allow-discards root=/dev/mapper/cryptssd rootflags=subvol=@rootfs resume=/dev/sda2"
# Preload both GPT and MBR modules so that they are not missed
GRUB_PRELOAD_MODULES="part_gpt part_msdos"
# Uncomment to enable booting from LUKS encrypted devices
GRUB_ENABLE_CRYPTODISK=y
# Set to 'countdown' or 'hidden' to change timeout behavior,
# press ESC key to display menu.
GRUB_TIMEOUT_STYLE=menu
# Uncomment to use basic console
GRUB_TERMINAL_INPUT=console
# Uncomment to disable graphical terminal
#GRUB_TERMINAL_OUTPUT=console
# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `videoinfo'
GRUB_GFXMODE=auto
# Uncomment to allow the kernel use the same resolution used by grub
GRUB_GFXPAYLOAD_LINUX=keep
# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
#GRUB_DISABLE_LINUX_UUID=true
# Uncomment to disable generation of recovery mode menu entries
#GRUB_DISABLE_RECOVERY=true
# Uncomment and set to the desired menu colors. Used by normal and wallpaper
# modes only. Entries specified as foreground/background.
#GRUB_COLOR_NORMAL="light-blue/black"
#GRUB_COLOR_HIGHLIGHT="light-cyan/blue"
# Uncomment one of them for the gfx desired, a image background or a gfxtheme
#GRUB_BACKGROUND="/path/to/wallpaper"
#GRUB_THEME="/path/to/gfxtheme"
# Uncomment to get a beep at GRUB start
#GRUB_INIT_TUNE="480 440 1"
# Uncomment to make GRUB remember the last selection. This requires
# setting 'GRUB_DEFAULT=saved' above.
GRUB_SAVEDEFAULT=true
# Uncomment to disable submenus in boot menu
#GRUB_DISABLE_SUBMENU=y
# Probing for other operating systems is disabled for security reasons. Read
# documentation on GRUB_DISABLE_OS_PROBER, if still want to enable this
# functionality install os-prober and uncomment to detect and include other
# operating systems.
#GRUB_DISABLE_OS_PROBER=false/etc/mkinitcpio.conf
# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run. Advanced users may wish to specify all system modules
# in this array. For instance:
# MODULES=(usbhid xhci_hcd)
MODULES=(btrfs)
# BINARIES
# This setting includes any additional binaries a given user may
# wish into the CPIO image. This is run last, so it may be used to
# override the actual binaries included by a given hook
# BINARIES are dependency parsed, so you may safely ignore libraries
BINARIES=(btrfs)
# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in any way. This is useful for config files.
FILES=(/crypto_keyfile.bin)
# HOOKS
# This is the most important setting in this file. The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
## This setup specifies all modules in the MODULES setting above.
## No RAID, lvm2, or encrypted root is needed.
# HOOKS=(base)
#
## This setup will autodetect all modules for your system and should
## work as a sane default
# HOOKS=(base udev autodetect modconf block filesystems fsck)
#
## This setup will generate a 'full' image which supports most systems.
## No autodetection is done.
# HOOKS=(base udev modconf block filesystems fsck)
#
## This setup assembles a mdadm array with an encrypted root file system.
## Note: See 'mkinitcpio -H mdadm_udev' for more information on RAID devices.
# HOOKS=(base udev modconf keyboard keymap consolefont block mdadm_udev encrypt filesystems fsck)
#
## This setup loads an lvm2 volume group.
# HOOKS=(base udev modconf block lvm2 filesystems fsck)
#
## NOTE: If you have /usr on a separate partition, you MUST include the
# usr and fsck hooks.
HOOKS=(base udev autodetect modconf block encrypt filesystems keyboard resume fsck)
# COMPRESSION
# Use this to compress the initramfs image. By default, zstd compression
# is used. Use 'cat' to create an uncompressed image.
#COMPRESSION="zstd"
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
#COMPRESSION="xz"
#COMPRESSION="lzop"
#COMPRESSION="lz4"
# COMPRESSION_OPTIONS
# Additional options for the compressor
#COMPRESSION_OPTIONS=()
# MODULES_DECOMPRESS
# Decompress kernel modules during initramfs creation.
# Enable to speedup boot process, disable to save RAM
# during early userspace. Switch (yes/no).
#MODULES_DECOMPRESS="yes"/etc/fstab
# /dev/mapper/cryptssd LABEL=ROOT
UUID=ed741897-5734-4892-a4f3-42812957c513 / btrfs rw,noatime,compress=zstd:3,ssd,space_cache=v2,subvol=/@rootfs 0 0
# /dev/sda1
UUID=B452-6441 /boot/efi vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 2
# /dev/mapper/cryptssd LABEL=ROOT
UUID=ed741897-5734-4892-a4f3-42812957c513 /home/jmgant btrfs rw,noatime,compress=zstd:3,ssd,space_cache=v2,subvol=/@jmgant 0 0
# /dev/mapper/cryptssd LABEL=ROOT
UUID=ed741897-5734-4892-a4f3-42812957c513 /var/lib/docker btrfs rw,noatime,compress=zstd:3,ssd,space_cache=v2,subvol=/@docker 0 0
# /dev/mapper/cryptssd LABEL=ROOT
UUID=ed741897-5734-4892-a4f3-42812957c513 /opt btrfs rw,noatime,compress=zstd:3,ssd,space_cache=v2,subvol=/@opt 0 0
# /dev/mapper/cryptssd LABEL=ROOT
UUID=ed741897-5734-4892-a4f3-42812957c513 /ssd btrfs rw,noatime,compress=zstd:3,ssd,space_cache=v2,subvol=/ 0 0
# /dev/sda2
UUID=303322ed-970d-4d48-9c3d-07aa2bf55de9 none swap defaults 0 0Is the issue that I am using device names in grub? I banged my head against this for a while, and I can't figure it out.
Thanks.
Edit: I said "reinstalled" when it was just a backup/restore of subvolumes, so all relevant system tools like btrfs-progs are there.
Last edited by shoelesshunter (2023-02-24 02:21:08)
Offline
typo: cryptodevice
Offline
thanks. I fixed the typo, updated grub, and it still times out looking for /dev/mapper/cryptssd.
Offline
solved: I guess I didn't update grub after my typo edit as I thought I'd done. running it again solved the issue
Offline