[SOLVED] GRUB 2 with encrypted boot on LUKS/LVM - no boot menu

clayman · 2015-12-19 10:40:44

Hi guys,

I have received a new notebook at work and, as always, I have rsync'ed my Arch installation to it from the previous computer (having booted from a USB flash drive, not rsync'ing a live system, mind you ). Up until now, I used to have /boot on a separate, unencrypted partition but this time I decided to include it in the the LUKS partition that hosts the rest of the system. I believe I have closely followed the how-to's on the net (namely this and also Arch's own Wiki page on this topic). Unfortunately, I have yet to see GRUB's boot menu on the new machine when I try to boot it and I confess that I have pretty much run out of ideas as to what could be wrong.

The notebook is a Dell Latitude E7450 set to Legacy boot (no UEFI/Secure Boot). I have set up GPT-based partitioning scheme on the SSD inside it with the following layout:

GPT fdisk (gdisk) version 1.0.0

Partition table scan:
  MBR: protective
  BSD: not present
  APM: not present
  GPT: present

Found valid GPT with protective MBR; using GPT.
Disk /dev/sda: 500118192 sectors, 238.5 GiB
Logical sector size: 512 bytes
Disk identifier (GUID): 41F4E84C-9067-4D58-BDCB-C7E56254F0B4
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 500118158
Partitions will be aligned on 2-sector boundaries
Total free space is 0 sectors (0 bytes)

Number  Start (sector)    End (sector)  Size       Code  Name
   1              34            2047   1007.0 KiB  EF02  grub
   2            2048       500118158   238.5 GiB   8300  system

Output of lsblk -f

NAME             FSTYPE      LABEL        UUID                                   MOUNTPOINT
sda
├─sda1
└─sda2           crypto_LUKS              94a5c5b1-de07-438b-9cef-3314508eab5f
  └─linux        LVM2_member              AQCTeZ-teTw-lkJo-yyDF-gMmb-k8Br-ScSMiT
    ├─linux-root ext4                     34518b8d-9a64-4bd6-a1ec-94c3fe69ea37   /
    └─linux-home ext4                     f6526074-ba29-451f-9cf2-913e7886de91   /home

Output of vgdisplay

  --- Volume group ---
  VG Name               linux
  System ID
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  3
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                2
  Open LV               2
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               238.47 GiB
  PE Size               4.00 MiB
  Total PE              61048
  Alloc PE / Size       61048 / 238.47 GiB
  Free  PE / Size       0 / 0
  VG UUID               e3Wjqc-Ty1Q-yXUQ-ueDy-Sqnh-MNlZ-yPMXh7

and of lvdisplay

  --- Logical volume ---
  LV Path                /dev/linux/root
  LV Name                root
  VG Name                linux
  LV UUID                DNuXoA-dWv5-Jsy9-KJ7w-GJbD-B8b9-KCUnuQ
  LV Write Access        read/write
  LV Creation host, time sysresccd, 2015-12-17 11:47:40 +0100
  LV Status              available
  # open                 1
  LV Size                30.00 GiB
  Current LE             7680
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:1

  --- Logical volume ---
  LV Path                /dev/linux/home
  LV Name                home
  VG Name                linux
  LV UUID                cHI5H2-hoCv-gHIQ-3sFN-l0nV-0zsa-0rzM8Q
  LV Write Access        read/write
  LV Creation host, time sysresccd, 2015-12-17 11:47:55 +0100
  LV Status              available
  # open                 1
  LV Size                208.47 GiB
  Current LE             53368
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:2

My grub.cfg

### BEGIN /etc/grub.d/00_header ###
insmod part_gpt
insmod part_msdos
if [ -s $prefix/grubenv ]; then
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
    saved_entry="${chosen}"
    save_env saved_entry
  fi
}

function load_video {
  if [ x$feature_all_video_module = xy ]; then
    insmod all_video
  else
    insmod efi_gop
    insmod efi_uga
    insmod ieee1275_fb
    insmod vbe
    insmod vga
    insmod video_bochs
    insmod video_cirrus
  fi
}

set menu_color_normal=light-blue/black
set menu_color_highlight=light-cyan/blue

if [ x$feature_default_font_path = xy ] ; then
   font=unicode
else
insmod part_gpt 
insmod cryptodisk luks gcry_rijndael gcry_rijndael gcry_sha1 lvm 
insmod ext2
cryptomount -u 94a5c5b1de07438b9cef3314508eab5f 
set root='lvmid/e3Wjqc-Ty1Q-yXUQ-ueDy-Sqnh-MNlZ-yPMXh7/DNuXoA-dWv5-Jsy9-KJ7w-GJbD-B8b9-KCUnuQ'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint='lvmid/e3Wjqc-Ty1Q-yXUQ-ueDy-Sqnh-MNlZ-yPMXh7/DNuXoA-dWv5-Jsy9-KJ7w-GJbD-B8b9-KCUnuQ'  34518b8d-9a64-4bd6-a1ec-94c3fe69ea37
else
  search --no-floppy --fs-uuid --set=root 34518b8d-9a64-4bd6-a1ec-94c3fe69ea37
fi
    font="/usr/share/grub/unicode.pf2"
fi

if loadfont $font ; then
  set gfxmode=1440x900x32
  load_video
  insmod gfxterm
  set locale_dir=$prefix/locale
  set lang=en_US
  insmod gettext
fi
terminal_input console
terminal_output gfxterm
if [ x$feature_timeout_style = xy ] ; then
  set timeout_style=menu
  set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
  set timeout=5
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/10_linux ###
menuentry 'Arch Linux Linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-34518b8d-9a64-4bd6-a1ec-94c3fe69ea37' {
	load_video
	set gfxpayload=keep
	insmod gzio
	insmod part_gpt 
	insmod cryptodisk luks gcry_rijndael gcry_rijndael gcry_sha1 lvm 
	insmod ext2
	cryptomount -u 94a5c5b1de07438b9cef3314508eab5f 
	set root='lvmid/e3Wjqc-Ty1Q-yXUQ-ueDy-Sqnh-MNlZ-yPMXh7/DNuXoA-dWv5-Jsy9-KJ7w-GJbD-B8b9-KCUnuQ'
	if [ x$feature_platform_search_hint = xy ]; then
	  search --no-floppy --fs-uuid --set=root --hint='lvmid/e3Wjqc-Ty1Q-yXUQ-ueDy-Sqnh-MNlZ-yPMXh7/DNuXoA-dWv5-Jsy9-KJ7w-GJbD-B8b9-KCUnuQ'  34518b8d-9a64-4bd6-a1ec-94c3fe69ea37
	else
	  search --no-floppy --fs-uuid --set=root 34518b8d-9a64-4bd6-a1ec-94c3fe69ea37
	fi
	echo	'Loading Linux linux ...'
	linux	/boot/vmlinuz-linux root=UUID=34518b8d-9a64-4bd6-a1ec-94c3fe69ea37 rw quiet rw add_efi_memmap init=/usr/lib/systemd/systemd cryptdevice=UUID=94a5c5b1-de07-438b-9cef-3314508eab5f:linux cryptkey=rootfs:/boot/crypto_keyfile.bin quiet
	echo	'Loading initial ramdisk ...'
	initrd	/boot/intel-ucode.img /boot/initramfs-linux.img
}
submenu 'Advanced options for Arch Linux Linux' $menuentry_id_option 'gnulinux-advanced-34518b8d-9a64-4bd6-a1ec-94c3fe69ea37' {
	menuentry 'Arch Linux Linux, with Linux linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-advanced-34518b8d-9a64-4bd6-a1ec-94c3fe69ea37' {
		load_video
		set gfxpayload=keep
		insmod gzio
		insmod part_gpt 
		insmod cryptodisk luks gcry_rijndael gcry_rijndael gcry_sha1 lvm 
		insmod ext2
		cryptomount -u 94a5c5b1de07438b9cef3314508eab5f 
		set root='lvmid/e3Wjqc-Ty1Q-yXUQ-ueDy-Sqnh-MNlZ-yPMXh7/DNuXoA-dWv5-Jsy9-KJ7w-GJbD-B8b9-KCUnuQ'
		if [ x$feature_platform_search_hint = xy ]; then
		  search --no-floppy --fs-uuid --set=root --hint='lvmid/e3Wjqc-Ty1Q-yXUQ-ueDy-Sqnh-MNlZ-yPMXh7/DNuXoA-dWv5-Jsy9-KJ7w-GJbD-B8b9-KCUnuQ'  34518b8d-9a64-4bd6-a1ec-94c3fe69ea37
		else
		  search --no-floppy --fs-uuid --set=root 34518b8d-9a64-4bd6-a1ec-94c3fe69ea37
		fi
		echo	'Loading Linux linux ...'
		linux	/boot/vmlinuz-linux root=UUID=34518b8d-9a64-4bd6-a1ec-94c3fe69ea37 rw quiet rw add_efi_memmap init=/usr/lib/systemd/systemd cryptdevice=UUID=94a5c5b1-de07-438b-9cef-3314508eab5f:linux cryptkey=rootfs:/boot/crypto_keyfile.bin quiet
		echo	'Loading initial ramdisk ...'
		initrd	/boot/intel-ucode.img /boot/initramfs-linux.img
	}
	menuentry 'Arch Linux Linux, with Linux linux (fallback initramfs)' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-fallback-34518b8d-9a64-4bd6-a1ec-94c3fe69ea37' {
		load_video
		set gfxpayload=keep
		insmod gzio
		insmod part_gpt 
		insmod cryptodisk luks gcry_rijndael gcry_rijndael gcry_sha1 lvm 
		insmod ext2
		cryptomount -u 94a5c5b1de07438b9cef3314508eab5f 
		set root='lvmid/e3Wjqc-Ty1Q-yXUQ-ueDy-Sqnh-MNlZ-yPMXh7/DNuXoA-dWv5-Jsy9-KJ7w-GJbD-B8b9-KCUnuQ'
		if [ x$feature_platform_search_hint = xy ]; then
		  search --no-floppy --fs-uuid --set=root --hint='lvmid/e3Wjqc-Ty1Q-yXUQ-ueDy-Sqnh-MNlZ-yPMXh7/DNuXoA-dWv5-Jsy9-KJ7w-GJbD-B8b9-KCUnuQ'  34518b8d-9a64-4bd6-a1ec-94c3fe69ea37
		else
		  search --no-floppy --fs-uuid --set=root 34518b8d-9a64-4bd6-a1ec-94c3fe69ea37
		fi
		echo	'Loading Linux linux ...'
		linux	/boot/vmlinuz-linux root=UUID=34518b8d-9a64-4bd6-a1ec-94c3fe69ea37 rw quiet rw add_efi_memmap init=/usr/lib/systemd/systemd cryptdevice=UUID=94a5c5b1-de07-438b-9cef-3314508eab5f:linux cryptkey=rootfs:/boot/crypto_keyfile.bin quiet
		echo	'Loading initial ramdisk ...'
		initrd	/boot/intel-ucode.img /boot/initramfs-linux-fallback.img
	}
}

### END /etc/grub.d/10_linux ###

### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###

### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###

### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###

### BEGIN /etc/grub.d/41_custom ###
if [ -f  ${config_directory}/custom.cfg ]; then
  source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f  $prefix/custom.cfg ]; then
  source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###

### BEGIN /etc/grub.d/60_memtest86+ ###
if [ "${grub_platform}" == "pc" ]; then
    menuentry "Memory Tester (memtest86+)" --class memtest86 --class gnu --class tool {
        search --fs-uuid --no-floppy --set=root --hint='lvmid/e3Wjqc-Ty1Q-yXUQ-ueDy-Sqnh-MNlZ-yPMXh7/DNuXoA-dWv5-Jsy9-KJ7w-GJbD-B8b9-KCUnuQ'  34518b8d-9a64-4bd6-a1ec-94c3fe69ea37
        linux16 /boot/memtest86+/memtest.bin 
    }
fi
### END /etc/grub.d/60_memtest86+ ###

I also thought I would post the verbose log of running grub-install but it's quite long. However, there are spots in it that seem suspicious to me, like

,,,
grub-install: info: changing current directory to /dev/mapper.
grub-install: info: /dev/mapper/linux-root is not present.
  Request to clear the list of outdated PVs linux in lvmetad gave response failed. Reason: request not implemented
grub-install: info: /dev/disk/by-id/dm-name-linux is not present.
...

This is strange because /dev/mapper/linux-root was indeed present when grub-install was run. Also, I don't know what to make of the message

Request to clear the list of outdated PVs linux in lvmetad gave response failed. Reason: request not implemented

I tried to look it up on the Internet but could not find anything useful. Since it also appears frequently during the execution of grub-mkconfig, I was able to trace it to the execution of grub-probe. I suppose it relates to me transferring an existing installation on a new computer, but as I said, I don't know if it's a critical problem.

Well, that's all I can say. Let me know if you need any other piece of information. I will be really grateful for any hint or insight.

Thanks very much to all.

EDIT: Solved by using MBR-based partitioning instead of GPT.

Last edited by clayman (2015-12-20 20:46:26)

tom.ty89 · 2015-12-20 19:38:43

What's the exact grub-install command you have run?

clayman · 2015-12-20 20:10:14

Just the usual grub-install /dev/sda.

tom.ty89 · 2015-12-20 20:41:38

Maybe you can try to do it outside arch-chroot (were you using chroot or arch-chroot btw). For example if /dev/mapper/linux-root is mounted to /mnt, run:
grub-install --boot-directory /mnt/boot /dev/sda

clayman · 2015-12-20 20:44:45

Okay, turns out the culprit is probably the quirkiness of the machine's BIOS. Today I spent some time browsing the Internet and reading about the combination of GPT and legacy BIOS booting. According to some sources there may be complications in some cases so, being desperate, I gave it a try and recreated the whole partitioning scheme based on standard MBR and, lo and behold, it works. The sequence of my steps was exactly the same, the only difference is the transition from GPT to MBR. Color me perplexed but I'm just glad things sorted out. I have never run into such a problem before.

Thanks again for chiming in, tom.ty89. I think we are done here.

Last edited by clayman (2015-12-20 20:47:21)

tom.ty89 · 2015-12-20 21:10:02

https://ptpb.pw/v3yR.png

Works fine (without any chroot) with similar configuartion in my qemu test though. But well nvm then.

clayman · 2015-12-20 21:30:42

I think the setup itself is generally fine. It must be this particular notebook's BIOS that probably expects simple MBR layout in legacy booting mode (like the article I linked mentions).

tom.ty89 · 2015-12-20 21:47:08

I don't think so. BIOS incompatibility with GPT would only cause trouble on booting. It cannot possibly interfere with grub-install finding your LV.

Sometimes grub-install just get tricky in chroot, especially with the existence of LVM/device-mapper, that's why I always do it outside with a proper --boot-directory.

Last edited by tom.ty89 (2015-12-20 21:47:45)

clayman · 2015-12-20 22:15:25

I guess that was exactly the problem here. BIOS seemed to not be able to understand the structure of the boot record. All I got was some generic error message from it and no GRUB boot menu ever appeared -- as if there was no boot record to begin with.

grub-install seems to have worked correctly all that time, though. Even after moving to MBR, the "Request to clear the list..." message was there so it obviously was not a fatal problem. Still, the computer never got as far as starting to search for the boot partition when the GPT-based partitioning scheme was in effect.

Arch Linux

#1 2015-12-19 10:40:44

[SOLVED] GRUB 2 with encrypted boot on LUKS/LVM - no boot menu

#2 2015-12-20 19:38:43

Re: [SOLVED] GRUB 2 with encrypted boot on LUKS/LVM - no boot menu

#3 2015-12-20 20:10:14

Re: [SOLVED] GRUB 2 with encrypted boot on LUKS/LVM - no boot menu

#4 2015-12-20 20:41:38

Re: [SOLVED] GRUB 2 with encrypted boot on LUKS/LVM - no boot menu

#5 2015-12-20 20:44:45

Re: [SOLVED] GRUB 2 with encrypted boot on LUKS/LVM - no boot menu

#6 2015-12-20 21:10:02

Re: [SOLVED] GRUB 2 with encrypted boot on LUKS/LVM - no boot menu

#7 2015-12-20 21:30:42

Re: [SOLVED] GRUB 2 with encrypted boot on LUKS/LVM - no boot menu

#8 2015-12-20 21:47:08

Re: [SOLVED] GRUB 2 with encrypted boot on LUKS/LVM - no boot menu

#9 2015-12-20 22:15:25

Re: [SOLVED] GRUB 2 with encrypted boot on LUKS/LVM - no boot menu

Board footer