You are not logged in.

#1 2016-02-28 21:24:37

arcctgx
Member
Registered: 2016-02-28
Posts: 6

[SOLVED] Can't boot from encrypted partition with LVM on LUKS + rEFInd

Hi,

I'm a long time Linux user (so far used mainly Slackware and Gentoo). I decided to give Arch a try on my new computer. I was following the Installation Guide from the wiki, and managed to get through most of the installation steps. But currently I'm stuck and I guess could use some help from more experienced users.

I have two disks: /dev/sda for Windows, /dev/sdb for Linux. /dev/sda2 is the EFI System Partition (it was created by Windows). /dev/sdb1 is a small (256 MiB) partition for /boot, and /dev/sdb2 contains the encrypted LUKS container. Inside it there's LVM with three partitions, swap, root and home. ESP is mounted in /boot/efi. ext4 file system is used on boot, root and home. Fast Boot is disabled in Windows, Secure Boot is disabled in UEFI.

My /etc/fstab is the following:

# /dev/mapper/archcrypt-root
UUID=df343455-7fcf-4226-b082-36f3fbadd1f2	/         	ext4      	rw,relatime,data=ordered	0 1

# /dev/mapper/archcrypt-home
UUID=3b3a8b47-7bc1-41c4-b293-76f2b10e9789	/home     	ext4      	rw,relatime,data=ordered	0 2

# /dev/sdb1
UUID=4cf39cb7-1b16-4a5e-8ee5-7831a86a414e	/boot     	ext4      	rw,relatime,stripe=4,data=ordered	0 2

# /dev/sda2
UUID=FE64-D624      	/boot/efi 	vfat      	rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro	0 2

# /dev/mapper/archcrypt-swap
UUID=b369acb0-a5d2-4b27-bffa-9c861879aa7d	none      	swap      	defaults  	0 0

My /etc/mkinitcpio.conf (somewhat abbreviated) looks like this:

# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run.  Advanced users may wish to specify all system modules
# in this array.  For instance:
#     MODULES="piix ide_disk reiserfs"
MODULES=""

# BINARIES
# This setting includes any additional binaries a given user may
# wish into the CPIO image.  This is run last, so it may be used to
# override the actual binaries included by a given hook
# BINARIES are dependency parsed, so you may safely ignore libraries
BINARIES=""

# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in any way.  This is useful for config files.
FILES=""

# HOOKS
# This is the most important setting in this file.  The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added.  Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
(...)
HOOKS="base udev autodetect modconf block encrypt lvm2 filesystems keyboard fsck shutdown"

# COMPRESSION
# Use this to compress the initramfs image. By default, gzip compression
# is used. Use 'cat' to create an uncompressed image.
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
#COMPRESSION="xz"
#COMPRESSION="lzop"
#COMPRESSION="lz4"

# COMPRESSION_OPTIONS
# Additional options for the compressor
#COMPRESSION_OPTIONS=""

Relevant parts from lsblk and blkid:

NAME                 MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                    8:0    0 223.6G  0 disk  
|-sda1                 8:1    0   450M  0 part  
|-sda2                 8:2    0    99M  0 part  /boot/efi
|-sda3                 8:3    0    16M  0 part  
`-sda4                 8:4    0   223G  0 part  
sdb                    8:16   0   1.8T  0 disk  
|-sdb1                 8:17   0   256M  0 part  /boot
`-sdb2                 8:18   0   1.8T  0 part  
  `-lvm              254:0    0   1.8T  0 crypt 
    |-archcrypt-swap 254:1    0     8G  0 lvm   [SWAP]
    |-archcrypt-root 254:2    0    15G  0 lvm   /
    `-archcrypt-home 254:3    0   1.8T  0 lvm   /home

/dev/sda2: UUID="FE64-D624" TYPE="vfat" PARTLABEL="EFI system partition" PARTUUID="88f1238f-28e6-47af-84f0-029fe12dd320"
/dev/sdb1: UUID="4cf39cb7-1b16-4a5e-8ee5-7831a86a414e" TYPE="ext4" PARTLABEL="boot" PARTUUID="75655320-0327-4b13-b67a-6c67e90a0d37"
/dev/sdb2: UUID="28af872e-78a0-4c3d-bee0-acae8b093ff3" TYPE="crypto_LUKS" PARTLABEL="lvm" PARTUUID="6bc1044e-4513-4a56-bbb6-d1082d562c45"

/dev/mapper/lvm: UUID="7YoEh0-iPun-aaB2-FioE-6a5o-On8Q-IduSW2" TYPE="LVM2_member"
/dev/mapper/archcrypt-swap: UUID="b369acb0-a5d2-4b27-bffa-9c861879aa7d" TYPE="swap"
/dev/mapper/archcrypt-root: UUID="df343455-7fcf-4226-b082-36f3fbadd1f2" TYPE="ext4"
/dev/mapper/archcrypt-home: UUID="3b3a8b47-7bc1-41c4-b293-76f2b10e9789" TYPE="ext4"

At this point I am able to boot from the installation medium, open the encrypted container and mount my partitions. I followed the Installation Guide up to running mkinitcpio, which created initramfs files in /boot:

ls -l /boot
drwxr-xr-x 3 root root     1024 Jan  1  1970 efi
-rw-r--r-- 1 root root 28588884 Feb 28 19:38 initramfs-linux-fallback.img
-rw-r--r-- 1 root root 13790961 Feb 28 19:38 initramfs-linux.img
drwx------ 2 root root    12288 Feb 27 19:05 lost+found
-rw-r--r-- 1 root root  4369056 Feb  3 14:14 vmlinuz-linux

And now I must say I'm lost. I understand I'll need to:
- install a boot manager (rEFInd seems OK, so I'd like to try that),
- somehow pass arguments such as cryptdevice, initrd and resume to the kernel

I installed refind-efi package (version 0.9.2-1), and ran refind-install (I didn't specify any arguments). This created some more files in /boot and /boot/efi/EFI/. rEFInd boot manager has been correctly registered and is visible by my motherboard's firmware. After reboot I see that rEFInd has menu options (autodetected?) for Linux and Windows, but when I try to boot Linux I'm getting the following message:

:: running early hook [udev]
starting version 229
:: running early hook [lvm2]
:: running hook [udev]
:: Triggering uevents...
:: running hook [encrypt]
Waiting 10 seconds for device /dev/mapper/archcrypt-root ...
Waiting 10 seconds for device /dev/mapper/archcrypt-root ...

After that I'm dropped into recovery shell and I have no clue what to do next. I suppose this problem is because of the missing kernel parameters, but I don't know where these should be defined.

Any help would be appreciated. I've been struggling with this for a few hours, and I feel tired and completely confused. At this point I feel like giving up and trying another Linux distribution, but I guess I've gotten quite far already, and I'm close to making it work.

Last edited by arcctgx (2016-02-29 23:18:08)

Offline

#2 2016-02-29 14:19:19

CarlD
Member
From: London
Registered: 2013-11-23
Posts: 128

Re: [SOLVED] Can't boot from encrypted partition with LVM on LUKS + rEFInd

Others may disagree, but life might be easier if you use Grub or systemd-boot instead. I personally found refind a PITA to configure. And the problem is that you need to manually configure your bootloader to tell it that there is an encrypted partition: https://wiki.archlinux.org/index.php/Dm … oot_loader

Yours would look something like:

cryptdevice=/dev/sdb2:lvm root=/dev/mapper/archcrypt-root

Last edited by CarlD (2016-03-01 09:52:39)

Offline

#3 2016-02-29 23:12:46

arcctgx
Member
Registered: 2016-02-28
Posts: 6

Re: [SOLVED] Can't boot from encrypted partition with LVM on LUKS + rEFInd

Thanks CarlD!

I followed your advice, removed rEFInd and installed GRUB according to the instructions from the link you posted. Arch is now booting correctly.

(For any future readers: the cryptdevice should actually be /dev/sdb2, not sda2. Other than that, the advice worked for me).

Offline

#4 2016-03-01 09:53:24

CarlD
Member
From: London
Registered: 2013-11-23
Posts: 128

Re: [SOLVED] Can't boot from encrypted partition with LVM on LUKS + rEFInd

arcctgx wrote:

Thanks CarlD!

I followed your advice, removed rEFInd and installed GRUB according to the instructions from the link you posted. Arch is now booting correctly.

(For any future readers: the cryptdevice should actually be /dev/sdb2, not sda2. Other than that, the advice worked for me).

Whoops - you can tell I usually only work with in HD. Edited the post. Glad you got it sorted!

Offline

Board footer

Powered by FluxBB