[SOLVED] GRUB - LVM - DMCRYPT cooperation problem

waldauf · 2012-07-15 17:38:12

Hello coll's,

this is my first kiss of ArchLinux and he tries to bite my tongue :]. I would like to have crypted system running on LVM. But I have problem with cooperation of Grub, LVM and dm-crypt.

1) My firtst problem (smallest but uncomfortable): I cannot see Grub menu. After starting laptot I jump directly to Grub command line. I don't know why.
2) My second problem (bigger): I cannot boot system from Grub command line:

grub> root (hd0,2)
grub> kernel /vmlinuz-linux
grub> initrd /initramfs-linux.img
grub> boot

Probing EDD (edd=off to disable)... ok

Decompressing Linux... Parsing ELF... done.
Booting the kernel.
:: running early hook [udev]
:: running hook [udev]
:: Truggering uevents...
:: running  hook [encrypt[
:: running  hook [lvm2]
Activating logical volumes...
   3 logical volume(s) in volume group "vg3" now active
ERROR: device ' ' not found. Skipping fsck.
ERROR: Unable to find root device ' '.
You are being dropped to a recovery shell
  Type to try and coninue booting
sh: can't access tty; job control turned off
[shellrd] #

List of partitions:

# fdisk -l /dev/sda
Device Boot      Start         End      Blocks   Id  System
/dev/sda1            2048      206847      102400    7  HPFS/NTFS/exFAT
/dev/sda2          206848   102402047    51097600    7  HPFS/NTFS/exFAT
|----> Win 7

/dev/sda3   *   102402048   102594827       96390   83  Linux
|----> /boot

/dev/sda4       102594828  1465149167   681277170    5  Extended
Partition 4 does not start on physical sector boundary. 
|----> I hope this message doesn't mean problem with partitions... ?

/dev/sda5       102594891   161183882    29294496    7  HPFS/NTFS/exFAT
Partition 5 does not start on physical sector boundary.
/dev/sda6       161183946   747122627   292969341    7  HPFS/NTFS/exFAT
Partition 6 does not start on physical sector boundary.
|----> data

/dev/sda7       747122691  1465149167   359013238+  8e  Linux LVM
Partition 7 does not start on physical sector boundary.
|----> system

Listing of LV:

  ACTIVE            '/dev/vg3/root' [35.00 GiB] inherit
  ACTIVE            '/dev/vg3/swap' [2.00 GiB] inherit
  ACTIVE            '/dev/vg3/waldauf' [20.00 GiB] inherit

Grub menu.lst:

title Arch Linux [/boot/vmlinuz-linux]
root (hd0,2)
kernel /vmlinuz-linux cryptdevice=/dev/vg3/root:root root=/dev/mapper/root
initrd /initramfs-linux.img

This is short list of configuration files:
* fstab

/dev/mapper/dmroot      /               reiserfs        defaults        0 1
/dev/sda3               /boot           ext3            defaults        0 2
/dev/mapper/dmswap      swap            swap            sw              0 0
/dev/mapper/dmwaldauf   /home/waldauf   reiserfs        defaults        0 0
tmpfs                   /tmp            tmpfs           nodev,nosuid    0 0

* mkinitcpio.conf

HOOKS="base udev autodetect pata scsi sata encrypt lvm2 filesystems usbinput fsck"

* crypttab

#dmswap         /dev/vg0/swap           SWAP                    -c aes-xts-plain -h whirpool -s 512
#dmwaldauf      /dev/vg3/waldauf

After every change I create new initrd:

# cd /boot
# mkinitcpio -p linux
==> Building image from preset: 'default'
  -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux.img
==> Starting build: 3.4.4-3-ARCH
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [autodetect]
  -> Running build hook: [pata]
  -> Running build hook: [scsi]
  -> Running build hook: [sata]
  -> Running build hook: [encrypt]
  -> Running build hook: [lvm2]
  -> Running build hook: [filesystems]
  -> Running build hook: [usbinput]
  -> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip initcpio image: /boot/initramfs-linux.img
bcdcpio: Failed to set default locale
==> Image generation successful
==> Building image from preset: 'fallback'
  -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-fallback.img -S autodetect
==> Starting build: 3.4.4-3-ARCH
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [pata]
  -> Running build hook: [scsi]
  -> Running build hook: [sata]
  -> Running build hook: [encrypt]
  -> Running build hook: [lvm2]
  -> Running build hook: [filesystems]
  -> Running build hook: [usbinput]
  -> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip initcpio image: /boot/initramfs-linux-fallback.img
bcdcpio: Failed to set default locale
==> Image generation successful

On the internet are many's HOWTO I know it. But I'm little lost in all documentations which I read. Can somebody "kick" me? :]

Thanks for all,

waldauf

Last edited by waldauf (2012-07-23 22:04:56)

Strike0 · 2012-07-15 18:59:04

For 2) Your root device on the grub kernel line looks strange. Try "... root=/dev/mapper/root-root"

waldauf · 2012-07-15 19:08:35

Strike0 wrote:

For 2) Your root device on the grub kernel line looks strange. Try "... root=/dev/mapper/root-root"

Didn't help . I used this syntax according Arch Linux: dm-crypt with LUKS

kernel /vmlinuz-linux cryptdevice=/dev/sda2:rootDevice root=/dev/mapper/rootDevice

waldauf · 2012-07-15 19:12:35

I'm still thinking about this configuration and the problem could be in Grub. In Grub command line I cannot define these variables: ''cryptdevice=/dev/vg3/root:root'' and ''root=/dev/mapper/root''. But I didn't find out yet why I cannot see grub boot menu.

w

Strike0 · 2012-07-15 19:40:59

The wiki line you are quoting does not use lvm, it is plain dm-crypt. Until your grub works you have to append the parameters manually to your grub " kernel /vmlinuz-linux ...".

edit: and if you don't append them correctly:

waldauf wrote:

ERROR: device ' ' not found. Skipping fsck.
ERROR: Unable to find root device ' '

Last edited by Strike0 (2012-07-15 19:47:19)

waldauf · 2012-07-15 20:22:59

Strike0 wrote:

The wiki line you are quoting does not use lvm, it is plain dm-crypt. Until your grub works you have to append the parameters manually to your grub " kernel /vmlinuz-linux ...".

Yes, you're right. But I compared it with this HOWTO article - Arch Linux: dm-crypt with LUKS (Encrypting a LVM setup) and the setting is the same:

cryptdevice=/dev/lvm/root:root root=/dev/mapper/root

Strike0 wrote:

edit: and if you don't append them correctly:
waldauf wrote:
ERROR: device ' ' not found. Skipping fsck.
ERROR: Unable to find root device ' '

I agree I have bad configured Grub. But I don't know how fix it. I think that initrd cannot use ''cryptsetup'' after loading LVM disk structure. I'm trying to find out how to say to initrd that it has to use ''cryptsetup'' to encrypt root partition and mount it.

Strike0 · 2012-07-15 21:09:22

Scroll down a bit in your wiki quote: https://wiki.archlinux.org/index.php/Dm … VM_on_LUKS
for the version I was getting at. One can setup LVM on LUKS, or LUKS on LVM, or ...

For your missing grub-menu I don't know right off, sorry. Yet since you get to grub, the normal thing to do would be to boot manually once (see above) and then look at /boot/grub/grub.cfg.
Alternatively look at the wiki for "chroot" and do that from the CD you were using and look at it.

waldauf · 2012-07-16 16:59:19

At first thx Strike0 for clue.

So and now some good news in this almoust beatiful day :].

1) - SOLVED - My firtst problem (smallest but uncomfortable): I cannot see Grub menu. After starting laptot I jump directly to Grub command line. I don't know why.
How? If I exactly know. I did what I did all day yesterday (I think)

grub> root (hd0,2)    --- define root on /dev/sda3
grub> setup (hd0)    --- install GRUB in the MBR
grub> quit                 --- exit the GRUB shell

And now I can see Grub menu. Great.

2) My second problem (bigger): I cannot boot system from Grub command line.
I did big step for small human. I change ''root'' and ''cryptsetup'' in /boot/grub/menu.lst and now initrd is trying to load LVM drivers and encrypt root partition.

Grub menu.lst:

# (0) Arch Linux
title  Arch Linux  [/boot/vmlinuz-linux]
root   (hd0,2)
kernel /vmlinuz-linux cryptdevice=/dev/vg3/root-dmroot root=/dev/mapper/dmroot resume=/dev/mapper/dmswap ro i915.modeset=0 vga=792
initrd /initramfs-linux.img

But it always fails with this message:

:: running early hook [udev]
:: running hook [udev]
:: Triggering uevents...
Waiting 10 seconds for device /dev/vg3/root-dmroot ...
:: running hook [lvm2]
Activation logical volumes...
   3 logical volume(s) in volume group "vg3" now active
Waiting 10 seconds for device /dev/mapper/dmroot ...
ERROR: device '/dev/mapper/dmroot' not found. Skipping fsck.
ERROR: Unable to find root device '/dev/mapper/dmroot'.
You are being dropped to a recovery shell
      Type 'exit' to try and continue booting
sh: can't access tty; job control turned off
[rootfs /]#

If I type in rootfs console command for encrypt root partition and type exit I boot system:

[rootfs /]# cryptsetup luksOpen /dev/vg3/root dmroot
[rootfs /]# Password: ********
[rootfs /]# exit
~
Trying to continue (this will most likely fail) ...
:: mounting '/dev/mapper/dmroot' on real root
INI: version 2.88 booting
~
loading system...
~
~

I would like be asked by initrd for PASSWD of all my crypted LV - "/'' (root) and my home LV. I don't want use keyfile placed on laptot (this is unsin). How can I set initrd for asking?

Strike0 · 2012-07-16 19:39:29

Ok, great, you are getting there.
According to your first post's output, your root LV is named "root" not "dmroot" - see post #2
Once grub finds the root, you will be asked for the pw for root on boot.

waldauf · 2012-07-16 20:07:09

I changed everywhere ''dmroot --> root''. This is my fstab:

/dev/mapper/root      /               reiserfs        defaults        0 1

Grub - menu.lst:

# (0) Arch Linux
title  Arch Linux  [/boot/vmlinuz-linux]
root   (hd0,2)
kernel /vmlinuz-linux cryptdevice=/dev/vg3/root-root root=/dev/mapper/root resume=/dev/mapper/dmswap ro i915.modeset=0 vga=792
initrd /initramfs-linux.img

File ''/etc/crypttab'' is empty. I crated new initrd and rebooted system. But it still doesn't want to me password for root partition.

Strike0 · 2012-07-17 19:45:13

Did you actually try it the way I wrote in post #2 sometime? Just wondering ..

Did you setup different crypts for / and /home, or one and lvm on top of it?

waldauf · 2012-07-20 19:36:17

Strike0 wrote:

Did you actually try it the way I wrote in post #2 sometime? Just wondering ..

Yes. In the post #10 I have menu.lst where you see my Grub boot config.

Strike0 wrote:

Did you setup different crypts for / and /home, or one and lvm on top of it?

I have one LVM and there created different mount point for / and /home. So I have to type 2 passwds during booting of system. But in this time I have disabled mounting of /home LV.

ACTIVE            '/dev/vg3/root' [35.00 GiB] inherit ---> /
ACTIVE            '/dev/vg3/swap' [2.00 GiB] inherit ---> swap, but not active in this time
ACTIVE            '/dev/vg3/waldauf' [20.00 GiB] inherit ---> /home, but not active in this time

Last edited by waldauf (2012-07-20 19:37:48)

waldauf · 2012-07-20 19:46:25

Strike0, can you write me how do you have configured /boot/grub/menu.lst, /etc/{fstab,crypttab}, /etc/rc.conf and /etc/mkinitcpio.conf?

Strike0 · 2012-07-20 23:08:36

waldauf wrote:

Strike0 wrote:
Did you actually try it the way I wrote in post #2 sometime? Just wondering ..
Yes. In the post #10 I have menu.lst where you see my Grub boot config.

Then you misread the post #2 Check that again.

kernel line

 linux   /vmlinuz-linux root=/dev/mapper/sonic ro cryptdevice=/dev/sda2:sonic ro resume=/dev/mapper/sonic ro quiet

fstab:

/dev/mapper/sonic / ext4 defaults 0 1
/swapfile none swap defaults 0 0 
... others non-crypt

rc.conf

MODULES="dm-crypt ext4"
HOOKS="base udev pata scsi sata keymap encrypt resume filesystems usbinput fsck"

I don't have lvm on this machine. Crypttab is empty.

waldauf · 2012-07-23 22:04:29

I had to look at this video and then I found out what I did bad :]. In ''/etc/mkinitcpio.conf'' I had bad order of lvm2 and encrypt. Because on partition sda7 I have created LVM and on LVM is crypted LV so at first has to be loaded lvm2 modul and then encrypt

HOOKS="... lvm2 encrypt filesystems ...."

Now I have also right configured ''/etc/crypttab''. System always ask me for passwd for mounting my ''/home''.

Thx for your help Strike0! ;]

Strike0 · 2012-07-24 17:37:37

Ah yeah!
Great video tutorial (featuring now extinct aif). I like it also because it confirms the kernel parameter in post #2 that I keep referring to ;-)

In fact at the point when you posted your mkinitcpio in your first post I still thought you use lvm on dm-crypt (then your hook order would have been correct - the order depends on which way around you do it).

Great you solved it!

Arch Linux

#1 2012-07-15 17:38:12

[SOLVED] GRUB - LVM - DMCRYPT cooperation problem

#2 2012-07-15 18:59:04

Re: [SOLVED] GRUB - LVM - DMCRYPT cooperation problem

#3 2012-07-15 19:08:35

Re: [SOLVED] GRUB - LVM - DMCRYPT cooperation problem

#4 2012-07-15 19:12:35

Re: [SOLVED] GRUB - LVM - DMCRYPT cooperation problem

#5 2012-07-15 19:40:59

Re: [SOLVED] GRUB - LVM - DMCRYPT cooperation problem

#6 2012-07-15 20:22:59

Re: [SOLVED] GRUB - LVM - DMCRYPT cooperation problem

#7 2012-07-15 21:09:22

Re: [SOLVED] GRUB - LVM - DMCRYPT cooperation problem

#8 2012-07-16 16:59:19

Re: [SOLVED] GRUB - LVM - DMCRYPT cooperation problem

#9 2012-07-16 19:39:29

Re: [SOLVED] GRUB - LVM - DMCRYPT cooperation problem

#10 2012-07-16 20:07:09

Re: [SOLVED] GRUB - LVM - DMCRYPT cooperation problem

#11 2012-07-17 19:45:13

Re: [SOLVED] GRUB - LVM - DMCRYPT cooperation problem

#12 2012-07-20 19:36:17

Re: [SOLVED] GRUB - LVM - DMCRYPT cooperation problem

#13 2012-07-20 19:46:25

Re: [SOLVED] GRUB - LVM - DMCRYPT cooperation problem

#14 2012-07-20 23:08:36

Re: [SOLVED] GRUB - LVM - DMCRYPT cooperation problem

#15 2012-07-23 22:04:29

Re: [SOLVED] GRUB - LVM - DMCRYPT cooperation problem

#16 2012-07-24 17:37:37

Re: [SOLVED] GRUB - LVM - DMCRYPT cooperation problem

Board footer