You are not logged in.
I'm trying to setup a simple partition with LUKS. A few details
$ lsblk -f
-sda7
| `-cryptroot (dm-2) /mnt # my root file system
...
`-sda14 /mnt/boot # my /boot directory
$ cat /mnt/etc/fstab
# I'm not sure how to mount /dev/sda7, but neither of the following work
# /dev/sda7 / ext4 rw,relatime,data=ordered,discard 0 1
/dev/mapper/cryptroot / ext4 rw,relatime,data=ordered,discard 0 1
/dev/sda14 /boot ext4 rw,relatime,data=ordered,discard 0 2
$ cat /mnt/etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="quiet tpm_tis.interrupts=0 modprobe.blacklist=ehci_pci cryptdevice=/dev/sda7:cryptroot"
GRUB_CMDLINE_LINUX=""
$ cat /mnt/etc/mkinitcpio.conf
MODULES="ext4"
...
HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck"
I chrooted in and updated mkinitcpio and grub, but it still refuses to boot. It stops at grub and reports unknown file system.
Any idea what I'm doing wrong? Thanks!!
[Edit] A bit more information. I edited the fstab to use the UUID corresponding to that of cryptroot, updated grub, but it still refuses to boot, reporting unknown file system.
$ ls -l /dev/disk/by-uuid
3d2a864e-cf97-4f07-a64d-e45a893fa7d1 -> ../../dm-2
ac074567-34aa-44dd-ab6c-a9f51e334190 -> ../../sda7
eda5bff9-44a2-4293-a977-d11be6bfcae3 -> ../../sda14
$ cat /mnt/etc/fstab
# <file system> <dir> <type> <options> <dump> <pass>
UUID=3d2a864e-cf97-4f07-a64d-e45a893fa7d1 / ext4 rw,relatime,data=ordered,discard 0 1
UUID=eda5bff9-44a2-4293-a977-d11be6bfcae3 /boot ext4 rw.relatime,data=ordered,discard 0 2
Last edited by Watney (2015-05-24 18:15:10)
Offline
Have you defined the cryptlabel in /etc/crypttab?
Similar to:
$ sudo cat /etc/crypttab
luks-1234-1234-1234-1234 UUID=1234-1234-1234-1234 none
Then in fstab:
/dev/mapper/luks-1234-1234-1234-1234 / ext4 defaults 0 0
Hope this helps
Offline
Have you defined the cryptlabel in /etc/crypttab?
No, I didn't create a crypttab file. I understand the Wiki to say that you only need a crypttab file if you are opening multiple LUKS partitions. Since I'm only opening / (sans /boot) I understand that mkinitcpio will prompt a password to open the one partition.
Maybe I'm confused!
Offline
For the good of the community, I solved this by reinstalling grub. Merely, rebuilding grub was insufficient. Also, if you are only encrypting one partition, / in my case, it's not necessary to configure crypttab. The / partition is opened by the hook in mkinitcpio.conf.
Offline