[SOLVED] Systemd based initramfs with luks

diologix · 2023-10-27 08:56:45

Hello good people,

im running arch for quite a long time, and one was always annoying me. I am using systemd-boot and when entering my luks password, i wont get any asterisks to show that i am typing a password. Usually thats not a problem, but when using my dock at work, sometimes my dock is not recognized immediately. Thus not seeing if my keyboard is acutally typing anything i sometimes have to type in the password twice.
I looked that up and found that with udev based initramfs there seems to be no options for it. For systemd based initramfs there is.
As i tried to boot into systemd-initramfs i was not prompted for a password for luks.

This is my setup:
The first 4 Partitions are Windows based. nvme0n1p5 is my EFI mounted to /boot, nvme0n1p6 is LUKS with btrfs on subvol=@

lsblk -f
NAME        FSTYPE      FSVER LABEL UUID                                 FSAVAIL FSUSE% MOUNTPOINTS
nvme0n1
├─nvme0n1p1 vfat        FAT32       28AD-04B9
├─nvme0n1p2
├─nvme0n1p3 ntfs                    8E58AF5158AF36BD
├─nvme0n1p4 ntfs                    8E3A61CD3A61B33F
├─nvme0n1p5 vfat        FAT32 EFI   5868-8346                             712,8M    30% /boot
└─nvme0n1p6 crypto_LUKS 2           1eecdf92-e093-42d0-ac02-eb7ceea050be
  └─luks    btrfs             ROOT  59a149e7-9eed-40b9-a397-8d22df2df922  473,5G    19% /var/cache/pacman/pkg
                                                                                        /home
                                                                                        /btrfs
                                                                                        /.snapshots
                                                                                        /

I created a seperate mkinitcpio.conf and set the hooks to:

HOOKS=(systemd autodetect modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck)

Then i created a new preset to create a second initramfs with following:

ALL_kver="/boot/vmlinuz-linux"
ALL_microcode=(/boot/*-ucode.img)

PRESETS=('default' 'fallback')

default_image="/boot/initramfs-linux-systemd.img"
fallback_image="/boot/initramfs-linux-fallback.img"
fallback_options="-S autodetect"

I added a new entry to systemd boot in order to boot to udev again if its not working. So my systemd-initramfs boot entry is

title Arch Linux Systemd
linux /vmlinuz-linux
initrd /amd-ucode.img
initrd /initramfs-linux.img
options rd.luks.uuid=1eecdf92-e093-42d0-ac02-eb7ceea050be rd.luks.options=discard root=59a149e7-9eed-40b9-a397-8d22df2df922 rootflags=subvol=@ rd.luks.options=discard rw resume=/dev/mapper/luks resume_offset=269568

After building my initramfs with systemd and updating systemd-boot i got following prompt:

[ 0.5629401 ACPI BIOS Error (bug): AE_AML_PACKAGE_LIMIT, Index (0x000000005)
is beyond end of object (length 0x5) (20230331/exoparg2-393) [ 0.5629591 ACPI Error: Aborting method_TZ.GTTP due to previous error (AE_A ML_PACKAGE_LIMIT) (20230331/psparse-529)
[ 0.5629691 ACPI Error: Aborting method _TZ.CHGZ. IMP due to previous error (AE_AML_PACKAGE_LIMIT) (20230331/psparse-529) [ 0.5634931 ACPI BIOS Error (bug): AE_AML_PACKAGE_LIMIT, Index (0x000000005)
is beyond end of object (length 0x5) (20230331/exoparg2-393)
[ 0.563504] ACPI Error: Aborting method _TZ.GTTP due to previous error (AE_A ML_PACKAGE_LIMIT) (20230331/psparse-529)
[ 0.5635651 ACPI Error: Aborting method _TZ.CHGZ._TMP due to previous error (AE_AML_PACKAGE_LIMIT) (20230331/psparse-529)
:: running early hook [udev]
Starting systemd-udevd version 254.5-1-arch
:: running hook [udev]
:: Triggering uevents...
:: running hook [btrfs]
Scanning for Btrfs filesystems
running hook [encrypt]
ERROR: device '59a149e7-9eed-40b9-a397-8d22df2df922' not found. Skipping fsck.
:: mounting '59a149e7-9eed-40b9-a397-8d22df2df922' on real root
mount: /new_root: no valid filesystem type specified.
ERROR: Failed to mount '59a149e7-9eed-40b9-a397-8d22df2df922' on real root
You are now being dropped into an emergency shell.
sh: can't access tty: job control turned off
[rootfs #]

Why is is saying :: running early hook [udev] while this is not included in the hooks? Also its clear that it wont find the root uuid, if its not decrypted before. I was not asked for a password. So luks is not tried to be decrypted.

Would be glad if someone can point me to the right direction. Thanks

Last edited by diologix (2023-10-27 13:50:29)

frostschutz · 2023-10-27 09:08:00

Are you sure you are trying to boot systemd-based initramfs? It looks like a non-systemd one. Maybe forgot to generate it or bootloader has the path to some old file? Check lsinitcpio what is actually in there.

diologix · 2023-10-27 10:10:59

Thanks! You are right, i could swear i put initrd /initramfs-linux-systemd.img into the boot entry, but even in the original post here i posted to wrong config. So somehow i managed to not see that.
Now i was prompted for a password, but apparently its now haning on

[  OK  ] Finished Cryptography Setup for luks-1eecdf92-e093-42d0-ac02-eb7ceea050be.
[  OK  ] Reached target Local Encrypted Volumes.
[  ***  ] A start job is running for /dev/mapper/luks (3min 45 / no limit)

I couldn´t find anything on how to set the subvol of a btrfs partition if initramfs is systemd based (In Systemd boot entry). Maybe its not different. But im not sure. Any Idea?

frostschutz · 2023-10-27 10:57:54

You have a resume=/dev/mapper/luks but it's not using that name, so it doesn't exist, no matter how long you wait. You can use rd.luks.name= or provide a crypttab to specify a name or try resume=UUID= or resume=/dev/mapper/luks-1eecdf92-… or something like that.

If you are not using suspend to disk, get rid of resume altogether.

Last edited by frostschutz (2023-10-27 10:58:34)

diologix · 2023-10-27 13:48:49

Thank you very much. That was the solution. In case someone else is running into a similar problem. You have to configure the following:

sudo lsblk -o name,type,fstype,size,uuid
NAME                                          TYPE  FSTYPE        SIZE UUID
nvme0n1                                       disk              931,5G
├─nvme0n1p1                                   part  vfat          100M 28AD-04B9
├─nvme0n1p2                                   part                 16M
├─nvme0n1p3                                   part  ntfs          341G 8E58AF5158AF36BD
├─nvme0n1p4                                   part  ntfs          730M 8E3A61CD3A61B33F
├─nvme0n1p5                                   part  vfat            1G 5868-8346
└─nvme0n1p6                                   part  crypto_LUKS 588,7G 1eecdf92-e093-42d0-ac02-eb7ceea050be
  └─luks-1eecdf92-e093-42d0-ac02-eb7ceea050be crypt btrfs       588,7G 59a149e7-9eed-40b9-a397-8d22df2df922

In this case 1eecdf92-e093-42d0-ac02-eb7ceea050be is the luks partition. 59a149e7-9eed-40b9-a397-8d22df2df922 is the root partition.
I have configured the boot entry like this:

title Arch Linux Systemd
linux /vmlinuz-linux
initrd /amd-ucode.img
initrd /initramfs-linux.img
options rd.luks.uuid=1eecdf92-e093-42d0-ac02-eb7ceea050be rd.luks.options=discard root=UUID=59a149e7-9eed-40b9-a397-8d22df2df922 rootflags=subvol=@ rw

Now its working fine and i also get my password prompt with asterisks showing. That was very helpful.
Thank you @frostschutz

Arch Linux

#1 2023-10-27 08:56:45

[SOLVED] Systemd based initramfs with luks

#2 2023-10-27 09:08:00

Re: [SOLVED] Systemd based initramfs with luks

#3 2023-10-27 10:10:59

Re: [SOLVED] Systemd based initramfs with luks

#4 2023-10-27 10:57:54

Re: [SOLVED] Systemd based initramfs with luks

#5 2023-10-27 13:48:49

Re: [SOLVED] Systemd based initramfs with luks

Board footer