You are not logged in.
Greetings,
I've been trying to look into ways to speed up my boot time as I think it's somewhat long (~15s for kernel). In looking around, I ran into this post which stated that the systemd hook could be used instead of base and udev to split out the times of systemd-analyze into kernel, initrd, and userspace:
I assume that I need to change /etc/mkinitcpio.conf, from:
HOOKS="base udev autodetect modconf block lvm2 filesystems keyboard fsck"
to: HOOKS="systemd autodetect modconf block lvm2 filesystems keyboard fsck"
and than running `# mkinitcpio -p linux`. is this correct?
That is exactly what you need to do.
I've done this, but fail to get a root device at boot. It just hangs at "waiting for /dev/mapper/root". I'm running an encrypted system (plain dm-crypt/cryptsetup).
My partition was created like so:
# cryptsetup -v -c aes-xts-plain64 -s 512 -h sha512 -i 5000 --use-random -y luksFormat /dev/sda2
# cryptsetup open /dev/sda2 ssd
# mkfs.ext4 /dev/mapper/ssd
Relevant configs (using base/udev hooks)
### /etc/mkinitcpio.conf
MODULES="sd_mod ext4"
BINARIES="fsck fsck.ext4"
HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck"
### /boot/syslinux/syslinux.cfg
LABEL arch
MENU LABEL arch-ssd-uuid
LINUX ../vmlinuz-linux
APPEND root=/dev/mapper/root cryptdevice=UUID=7101e83b-31c0-4cdf-bc07-678e00e19c32:root:allow-discards crypto=sha512:aes-xts-plain64:512:: systemd.unit=multi-user.target rw
INITRD ../intel-ucode.img,../initramfs-linux.img
Initially I just replaced base/udev with systemd, as that's what the quotes above sounded like. Further reading indicated I also needed sd-encrypt instead of encrypt, and based on finding this post, I understand that using the systemd hook requires different kernel options. After a lot of trial and error, I've succeeded in booting with this configuration:
### /etc/mkinitcpio.conf
MODULES="dm_crypt aes_x86_64 dm_mod sd_mod ext4 i915"
BINARIES="fsck fsck.ext4"
HOOKS="systemd autodetect modconf block sd-encrypt filesystems keyboard fsck"
### /boot/syslinux/syslinux.cfg
LABEL arch
MENU LABEL arch-ssd-uuid
LINUX ../vmlinuz-linux
APPEND rd.luks.uuid=7101e83b-31c0-4cdf-bc07-678e00e19c32 root=UUID=eb20c219-0df8-4051-bad2-39d57aed7b59 crypto=sha512:aes-xts-plain64:512:: rd.luks.allow-discards rw
INITRD ../intel-ucode.img,../initramfs-linux.img
Here's the crypt section from journalctl:
Mar 14 11:38:20 localhost systemd-cryptsetup[200]: Set cipher aes, mode xts-plain64, key size 512 bits for device /dev/disk/by-uuid/7101e83b-31c0-4cdf-bc07-678e00e19c32.
Mar 14 11:38:26 localhost systemd[1]: Found device /dev/mapper/luks-7101e83b-31c0-4cdf-bc07-678e00e19c32.
Mar 14 11:38:26 localhost systemd[1]: Found device /dev/disk/by-uuid/eb20c219-0df8-4051-bad2-39d57aed7b59.
Mar 14 11:38:26 localhost systemd[1]: Started Cryptography Setup for luks-7101e83b-31c0-4cdf-bc07-678e00e19c32.
Mar 14 11:38:26 localhost systemd[1]: Reached target Encrypted Volumes.
Mar 14 11:38:26 localhost systemd[1]: Reached target System Initialization.
Mar 14 11:38:26 localhost systemd[1]: Reached target Basic System.
Mar 14 11:38:26 localhost systemd[1]: Starting File System Check on /dev/disk/by-uuid/eb20c219-0df8-4051-bad2-39d57aed7b59...
Mar 14 11:38:26 localhost systemd-fsck[302]: /dev/mapper/luks-7101e83b-31c0-4cdf-bc07-678e00e19c32: clean, 201589/7290880 files, 2086964/29157752 blocks
Mar 14 11:38:26 localhost systemd[1]: Started File System Check on /dev/disk/by-uuid/eb20c219-0df8-4051-bad2-39d57aed7b59.
Mar 14 11:38:26 localhost systemd[1]: Mounting /sysroot...
Mar 14 11:38:26 localhost kernel: EXT4-fs (dm-0): mounted filesystem with ordered data mode. Opts: (null)
Mar 14 11:38:26 localhost systemd[1]: Mounted /sysroot.
Does that look reasonable? I'm on my first boot so my recollection isn't perfect, but I swear there was a line about waiting 10sec for some device. I'm also wondering about rd.luks.option vs. luks.option... the docs differentiate each (prefixed by rd. or not) like so: "rd.luks.uuid= is honored only by initial RAM disk (initrd) while luks.uuid= is honored by both the main system and the initrd." So, my questions:
- are my mkinitcpio.conf and syslinux.cfg looking correct?
- I'm not clear on whether I need these "honored by the initrd" or both the initrd and "the main system." What's the difference?
- I enabled this hook purely to diagnose my boot time (thinking it would be simple!); what general advantage is there of systemd vs. base/udev?
- do I need to do anything to /etc/fstab based on the above? I had:
/dev/mapper/root / ext4 rw,noatime,data=ordered 0 0
That worked, though I'm now realizing systemd must be mounting things automatically vs. me specifying the name of the cryptdevice and then having fstab pick it up from /dev/mapper? Would I just delete that entry in fstab?
I think the documentation is lacking in this area and plan to add something to the wiki at least to point users in the right direction about the modified options. I get no hits for "luks.uuid" or "rd.luks" on the Arch wiki, for example.
Last edited by jwhendy (2016-03-14 21:13:44)
Offline
/dev/mapper/root / ext4 rw,noatime,data=ordered0 0
Just one point, but shouldn't there be a space between "data=ordered" and "0 0"?
Offline
@Thorsten: Whoops! There is in the actual file... looks like it was a copy/paste error. Thanks for the catch.
Offline
So I think I'm mostly satisfied with my setup at this point. My curiosity now is related to the time after entering the cryptsetup password. It hangs for a bit with the message "a start job is running for luks-7101e83b-31c0-4cdf-bc07-678e00e19c32.device"
Here's my boot process, which looks like a long time to decrypt/mount root:
$ systemd-analyze
Startup finished in 4.360s (kernel) + 11.526s (initrd) + 1.129s (userspace) = 17.016s
$ systemd-analyze blame
10.059s systemd-cryptsetup@luks\x2d7101e83b\x2d31c0\x2d4cdf\x2dbc07\x2d678e00e19c32.service
1.781s man-db.service
166ms wicd.service
112ms systemd-journald.service
52ms systemd-rfkill.service
41ms systemd-journal-flush.service
31ms systemd-vconsole-setup.service
30ms kmod-static-nodes.service
29ms alsa-restore.service
29ms systemd-udevd.service
29ms polkit.service
27ms dev-hugepages.mount
24ms systemd-udev-trigger.service
22ms systemd-logind.service
22ms sys-kernel-debug.mount
20ms dev-mqueue.mount
19ms user@1000.service
17ms systemd-sysctl.service
17ms systemd-fsck-root.service
13ms systemd-fsck@dev-sda1.service
12ms systemd-tmpfiles-setup-dev.service
9ms tmp.mount
9ms systemd-tmpfiles-clean.service
8ms shadow.service
8ms systemd-remount-fs.service
8ms systemd-user-sessions.service
7ms logrotate.service
7ms sys-kernel-config.mount
5ms ntpd.service
5ms systemd-tmpfiles-setup.service
4ms systemd-update-utmp.service
3ms systemd-random-seed.service
3ms systemd-backlight@backlight:intel_backlight.service
2ms rtkit-daemon.service
1ms sys-fs-fuse-connections.mount
And just to clear up any confusion with the versions posted above, here's the setup I'm currently on with these results:
$ cat /etc/fstab
/dev/mapper/luks-7101e83b-31c0-4cdf-bc07-678e00e19c32 / ext4 rw,noatime,data=ordered 0 0
# UUID=37441f68-9d76-45bc-b98c-996e68a3555c
/dev/sda1 /boot ext2 rw,relatime 0 2
$ grep HOOKS /etc/mkinitcpio.conf
HOOKS="systemd autodetect modconf block sd-encrypt filesystems keyboard fsck"
$ cat /boot/syslinux/syslinux.cfg
LABEL arch-ssd
MENU LABEL arch-ssd-uuid
LINUX ../vmlinuz-linux
APPEND luks.uuid=7101e83b-31c0-4cdf-bc07-678e00e19c32 root=UUID=eb20c219-0df8-4051-bad2-39d57aed7b59 luks.allow-discards rw
INITRD ../intel-ucode.img,../initramfs-linux.img
I removed the crypto options from my syslinux.cfg as I understand from the wiki that LUKS detects the crypto options automatically. I also dropped the rd. prefix from my device specifiers in case the "used only for initrd" vs. "used for initrd and system" made any difference.
My questions at this point:
- am I right to think the boot time is long given the high time for systemd-cryptsetup?
- do I have to add my root partition to /etc/crypttab for any reason? I've seen this mentioned, but am not sure if it's mandatory (I can boot, so thinking not!)
- should I have no root entry in /etc/fstab?
- anything look out of the ordinary?
Any input is apprecaited!
Offline