You are not logged in.
Pages: 1
Hi, i am using debian some years with a luks encrypted disk, some days ago i decide to move to arch and create a more secure installation, so i followed the Installation guide, LVM on LUKS,Encrypted system using a remote LUKS header.
In addtion, the /boot partition is in the same flash memory as the LUKS header, all hdd is a LUKS container, inside is a LVM volume called store, inside it there is the swap and the root filesystem.
When i boot from the flash memory the grub loads, i select the arch entry and it gets about 2 min whit a message that says "(1 of 3) a start job is running for:
dev-mapper-store\x2root.device
dev-mapper-luks\x2d-dev-sdb:store.device
dev-disk-by\x2duuid\x5cx2fdev\x5cx2fsdb:sotre.device
then some error messages and i enter in an emergency shell.
I add some files that i think could be usefull to solve the problem.
Probably there are some mistakes in these files cause i try some things that i read from the wiki, but all of they end with the same result that i described above, will appreciate any help
I readed in other threads that post the uuid is a bad idea so i remove it, if i am wrong please tell me.
/etc/fstab
#
# /etc/fstab: static file system information
#
# <file system> <dir> <type> <options> <dump> <pass>
# /dev/mapper/store-root
UUID=first UUID / ext4 rw,realtime,data=ordered 0 1# /dev/sdb1
UUID= second UUID /boot ext2 rw,realtime,block_validity,barrier,user_xattr,acl 0 2# /dev/mapper/store-swap
UUID= third UUID none swap defaults 0 0
/etc/crypttab.initramfs
store-root UUID=first UUID none header=/boot/header.img,luks
/etc/mkinitcpio.conf
# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run. Advanced users may wish to specify all system modules
# in this array. For instance:
# MODULES="piix ide_disk reiserfs"
MODULES=""# BINARIES
# This setting includes any additional binaries a given user may
# wish into the CPIO image. This is run last, so it may be used to
# override the actual binaries included by a given hook
# BINARIES are dependency parsed, so you may safely ignore libraries
BINARIES=""# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in any way. This is useful for config files.
FILES="/boot/header.img"# HOOKS
# This is the most important setting in this file. The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
## This setup specifies all modules in the MODULES setting above.
## No raid, lvm2, or encrypted root is needed.
# HOOKS="base"
#
## This setup will autodetect all modules for your system and should
## work as a sane default
# HOOKS="base udev autodetect block filesystems"
#
## This setup will generate a 'full' image which supports most systems.
## No autodetection is done.
# HOOKS="base udev block filesystems"
#
## This setup assembles a pata mdadm array with an encrypted root FS.
## Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
# HOOKS="base udev block mdadm encrypt filesystems"
#
## This setup loads an lvm2 volume group on a usb device.
# HOOKS="base udev block lvm2 filesystems"
#
## NOTE: If you have /usr on a separate partition, you MUST include the
# usr, fsck and shutdown hooks.
HOOKS="base udev modconf systemd block sd-vconsole sd-encrypt sd-lvm2 filesystems fsck sd-shutdown"# COMPRESSION
# Use this to compress the initramfs image. By default, gzip compression
# is used. Use 'cat' to create an uncompressed image.
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
#COMPRESSION="xz"
#COMPRESSION="lzop"
#COMPRESSION="lz4"# COMPRESSION_OPTIONS
# Additional options for the compressor
#COMPRESSION_OPTIONS=""
/etc/default/grub
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Arch"
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
GRUB_CMDLINE_LINUX="luks.uuid=/dev/sdb:store root=/dev/mapper/store-root"# Preload both GPT and MBR modules so that they are not missed
GRUB_PRELOAD_MODULES="part_gpt part_msdos lvm"# Uncomment to enable Hidden Menu, and optionally hide the timeout count
#GRUB_HIDDEN_TIMEOUT=5
#GRUB_HIDDEN_TIMEOUT_QUIET=true# Uncomment to use basic console
GRUB_TERMINAL_INPUT=console# Uncomment to disable graphical terminal
#GRUB_TERMINAL_OUTPUT=console# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
GRUB_GFXMODE=auto# Uncomment to allow the kernel use the same resolution used by grub
GRUB_GFXPAYLOAD_LINUX=keep# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
#GRUB_DISABLE_LINUX_UUID=true# Uncomment to disable generation of recovery mode menu entries
GRUB_DISABLE_RECOVERY=true# Uncomment and set to the desired menu colors. Used by normal and wallpaper
# modes only. Entries specified as foreground/background.
#GRUB_COLOR_NORMAL="light-blue/black"
#GRUB_COLOR_HIGHLIGHT="light-cyan/blue"# Uncomment one of them for the gfx desired, a image background or a gfxtheme
#GRUB_BACKGROUND="/path/to/wallpaper"
#GRUB_THEME="/path/to/gfxtheme"# Uncomment to get a beep at GRUB start
#GRUB_INIT_TUNE="480 440 1"#GRUB_SAVEDEFAULT="true"
GRUB_DISABLE_SUBMENU="true"
Offline
Well i still trying to solve it, i do some changes, first i comment the entry in /etc/crypttab.initramfs, then i do a cryptsetup luksuuid to get the LUKS UUID i was using the /dev/mapper/store-root uuid, then edit the /etc/default/grub and add this to the GRUB_CMD_LINE to pass it as kernel arguments
Luks.uuid=UUID of the encrypted container luks.options=header=/boot/header.img root=/dev/mapper/store-root
i run grub-mkconfig -o /boot/grub/grub.cfg and restart
this time only one disk is missing instead of 3.
the device is dev-mapper-store\x2droot.device (the root filesystem)
in addition the system never answer me to the passphrase, maybe could be any error reading the header? maybe in the mkinitcipio.conf?
Offline
Pages: 1