[SOLVED] Initramfs fails to properly mount luks partition

/dev/zero · 2011-10-21 22:06:19

Hello All,

As I foreshadowed in my intro, I'm having trouble getting encrypted Archlinux to work on my Acer Aspire 5750. I've previously had encrypted Debian Netinst and encrypted Aptosid working on this device. The arch iso I'm using is 2011.08.19-core-i686.

https://bbs.archlinux.org/viewtopic.php?id=124415 appears similar and Tallahassee offers a workaround, but it doesn't work for me (unless I'm doing something wrong?)

I suspect there is a bug in the init scripts used by the initramfs. I would like to first of all determine whether I really should file a bug report (and if so where), and secondly whether we can find a workaround to get things up and running in the meantime.

Now for the meaty bits.

Old grub doesn't appear to support lvm or luks, so I first of all prepare for grub 2 by installing the gptfdisk package into the iso environment. I use gdisk to set up a 1 or 2 mb bios boot partition at the start of /dev/sda, followed by a 256mb partition (/dev/sda2) for /boot, with the rest of the drive given to the partition intended for the encrypted root partition (/dev/sda3).
I use cfdisk to toggle the partition type for /dev/sda3 to 8e (Linux LVM).

Run the following commands, with credits to Aptosid: Installing to a Cryptroot:

pvcreate /dev/sda3
vgcreate vg /dev/sda3
lvcreate -n crypt --extents 100%FREE vg
cryptsetup --verify-passphrase -c aes-xts-plain:sha512 luksFormat /dev/mapper/vg-crypt
cryptsetup luksOpen /dev/mapper/vg-crypt cryptroot
pvcreate /dev/mapper/cryptroot
vgcreate cryptvg /dev/mapper/cryptroot
lvcreate -n swap --size 2g cryptvg
lvcreate -n root --extents 25%FREE  cryptvg
lvcreate -n home --extents 100%FREE cryptvg
/arch/setup

Go through the arch setup as normal. At the bit where you configure hard-drives, you'll find all your encrypted partitions ready waiting to be labelled and formatted. Stop after installing packages.
After installing packages, press CTL-ALT-F2 and log in. Edit /mnt/etc/rc.conf and /mnt/etc/mkinitcpio.conf. CTL-ALT-F1 and reinstall packages. Proceed with the configure step.
Don't install a boot loader; just quit after configuring everything.
Follow the steps here: Grub 2 During Archlinux Installation.
The automatically generated grub.cfg doesn't include things necessary to lvm and luks. Before running grub_bios-install, I edit the grub.cfg to insmod lvm and flag the kernel with cryptdevice=/dev/mapper/vg-crypt:cryptvg-root and rootfstype=ext4 (because that is the encrypted root's filesystem).

At this point, I would expect the system to be bootable, so reboot.

Grub2 loads up. I can verify the changes I made to grub.cfg by pressing `e'. So boot and see the messages,

Loading Linux linux ...
Loading initial ramdisk ...

A password is required to access the cryptvg-root volume:
Enter passphrase for /dev/mapper/vg-crypt:

So far so good. I enter my passphrase. The following messages ensue:

vgscan: unrecognized option '--sysinit'
Error during parsing of command line.
device-mapper: create ioctl failed: Device or resource busy
mount: mounting /dev/mapper/cryptvg-root on /new_root failed: Device or resource busy
ERROR: Failed to mount he real root device.
Bailing out, you are on your own. Good luck.

So I get dumped into the ramfs. That ain't much fun.

Does anyone have some ideas on things to try next? Should I file a bug report?

Last edited by /dev/zero (2011-10-22 00:28:52)

/dev/zero · 2011-10-21 22:18:36

Forgot to mention. In case it was a bug with the init script in the ramfs, I tried making my own initrd by following some ideas intended for Gentoo:

However, I gave up on this route due to "invalid magic number" errors when trying to boot. So if anyone knows wtf a magic number is and how to make a valid one, we can probably mark the problem solved, the workaround found.

falconindy · 2011-10-21 22:51:26

/dev/zero wrote:

So if anyone knows wtf a magic number is and how to make a valid one, we can probably mark the problem solved, the workaround found.

I fail to see a workaround like this can be deemed a solution. At the minimum please file a bug against lvm2 to have the --sysinit parameter removed from the runtime hook's vgscan call. I don't believe this is an issue with anything else that we've done, but you haven't provided a whole lot of info nor have you shown much evidence of digging around on the mkinitcpio side from ramfs land.

What's in /etc/mkinitcpio.conf?
What's your kernel command line?

Last edited by falconindy (2011-10-21 22:53:36)

/dev/zero · 2011-10-21 23:11:37

Thanks falconindy. It's hard to know in advance what kind of info you need. I did muck around in the ramfs for a bit. Is there anything specific you have in mind?

From grub.cfg:

menuentry 'Arch Linux, with Linux linux' --class archlinux --class gnu-linux --class gnu --class os {
	load_video
	set gfxpayload=keep
	insmod gzio
	insmod part_gpt
	insmod ext2
	insmod lvm
	set root='(hd0,gpt2)'
	search --no-floppy --fs-uuid --set=root 18346c62-d4c1-409e-8318-ad814c2536a9
	echo	'Loading Linux linux ...'
	linux	/vmlinuz-linux root=/dev/mapper/cryptvg-root cryptdevice=/dev/mapper/vg-crypt:cryptvg-root rootfstype=ext4 ro  quiet
	echo	'Loading initial ramdisk ...'
	initrd	/initramfs-linux.img
}

mkinitcpio.conf

/dev/zero · 2011-10-21 23:21:54

falconindy wrote:

At the minimum please file a bug against lvm2 to have the --sysinit parameter removed from the runtime hook's vgscan call.

Could you please confirm that what you mean by this is the following:

I should go to Archlinux Bugs
I should RTFM
I should create an account and open a new bug. The bug should say something about my "vgscan: unrecognized option '--sysinit'" error. What Severity would you suggest for that particular problem?

falconindy · 2011-10-21 23:33:57

I'll have to setup a VM with crypt/lvm. I'm not familiar with your setup and it seems somewhat gratuitous (although xzibit approved) to have lvm inside a luks inside an lvm.

/dev/zero · 2011-10-21 23:43:51

Hi falconindy,

Thank you for investigating that for me. My limited experience with virtual machines has led me to believe they are difficult and buggy to work with. That is why I did not try to use a VM to replicate the install on my Desktop machine.

Which VM will you be using? I could try to follow along.

falconindy · 2011-10-22 00:16:12

Not sure what you mean by difficult and buggy to work with... at this low level, if a VM is having issues replicating this sort if thing, it's not a very useful VM. Find one that doesn't suck. I tend to use KVM because it's terminal friendly via emulation of a serial console.

Anyways, I can reproduce your issue and fix it. There's 2 things you'll need to change:

1) You're naming your unlocked cryptdevice the same thing as your root. That's creating a clash with the name you've given your root logical volume. Since the name isn't really important, just change your cryptdevice declare to "cryptdevice=/dev/mapper/vg-crypt:root"
2) Since you're doing the xzibit thing and nesting lvm inside of the crypt device (i still think its really bizzare to do this, but it looks like mkinitcpio supports it anyways), you'll need to add the lvm2 hook a second time to HOOKS in /etc/mkinitcpio.conf after the encrypt hook.

Last edited by falconindy (2011-10-22 00:19:10)

/dev/zero · 2011-10-22 00:20:51

Yay! You fixed it! :-)

Thanks heaps for your time. I've been banging my head against the wall over this for weeks and weeks!

Arch Linux

#1 2011-10-21 22:06:19

[SOLVED] Initramfs fails to properly mount luks partition

#2 2011-10-21 22:18:36

Re: [SOLVED] Initramfs fails to properly mount luks partition

#3 2011-10-21 22:51:26

Re: [SOLVED] Initramfs fails to properly mount luks partition

#4 2011-10-21 23:11:37

Re: [SOLVED] Initramfs fails to properly mount luks partition

#5 2011-10-21 23:21:54

Re: [SOLVED] Initramfs fails to properly mount luks partition

#6 2011-10-21 23:33:57

Re: [SOLVED] Initramfs fails to properly mount luks partition

#7 2011-10-21 23:43:51

Re: [SOLVED] Initramfs fails to properly mount luks partition

#8 2011-10-22 00:16:12

Re: [SOLVED] Initramfs fails to properly mount luks partition

#9 2011-10-22 00:20:51

Re: [SOLVED] Initramfs fails to properly mount luks partition

Board footer