You are not logged in.

#1 2016-05-26 17:13:42

Spooky4672
Member
Registered: 2016-03-12
Posts: 14

Installing Arch with full disk encryption

Hi,

I'm trying to install Arch with FDE with encryted /boot as well. I have followed those instructions here. I just changed some names :

sda
├─sda1(X)                  /boot/efi
├─sda2(Y)
│ └─cryptboot            /boot
└─sda3(Z)
  └─cryptroot
    └─vg-root               /

/etc/default/grub :
GRUB_CMDLINE_LINUX="... UUID=<device-UUID>:cryptroot root=/dev/mapper/vg-root ..."
Should I put 'cryptroot' or 'lvm' as on the wiki page ? Also it says that <device-UUID> is refers to /dev/sdaX, shouldn't it be /dev/sdaZ ? Because cryptroot is not on sdaX.

The problem occur after Grub launch linux. I get an error :
starting version 229 (it stops here a few seconds)
device /dev/mapper/vg-root not found

Any ideas ?
Thanks in advance.

Last edited by Spooky4672 (2016-05-26 17:14:08)

Offline

#2 2016-05-26 17:24:30

TheSaint
Member
From: my computer
Registered: 2007-08-19
Posts: 1,523

Re: Installing Arch with full disk encryption

It's my opinion that ESP should be in clear, otherwise the BIOS can't help to start anything. Therefore if you mount the ESP on /boot there should be some problems.


do it good first, it will be faster than do it twice the saint wink

Offline

#3 2016-05-26 17:30:21

Spooky4672
Member
Registered: 2016-03-12
Posts: 14

Re: Installing Arch with full disk encryption

The ESP is in /boot/efi, which isn't encrypted.
/boot is encrypted but this is not the problem since Grub starts, asks me for a password to unlock /boot, launch linux and then fails.

Last edited by Spooky4672 (2016-05-26 17:30:44)

Offline

#4 2016-05-26 20:46:06

TheSaint
Member
From: my computer
Registered: 2007-08-19
Posts: 1,523

Re: Installing Arch with full disk encryption

Then see the wiki got to say about.


do it good first, it will be faster than do it twice the saint wink

Offline

#5 2016-05-30 10:31:54

Spooky4672
Member
Registered: 2016-03-12
Posts: 14

Re: Installing Arch with full disk encryption

It works now, I didn't use UUIDs. I thinks there is an error in the wiki here, shouldn't it be cryptdevice=UUID=<uuid> ? and it's not refering to /dev/sdaX but /dev/sdaZ.
That's what I put and it works.

Now I have two other problems :

* The first unlocking before grub (for /boot) is super slow, like 10-15s, I don't think it's normal since it takes 2-3s when I unlock the same partition with the live-usb.

* I did that part but it's not working, it ask me the password of the /boot partition twice.

Last edited by Spooky4672 (2016-05-30 10:32:32)

Offline

Board footer

Powered by FluxBB