You are not logged in.
I'm trying to configure full disk encryption, on both /boot and /. I have everything setup as discussed in the installation guide, and the guide for setting up an encrypted boot partition. However, every time I boot, my system will hang at
Loading initial ramdisk ...There is no output, no disk usage, no prompt for a password. Just nothing.
Booting into GRUB is no problem. GRUB prompts for a password to decrypt /boot, and it decrypts /boot just fine. Actually booting an entry doesn't work however (the fallback image gives the same result).
I don't include quiet in my kernel parameters, and I have tried setting up the cryptdevice parameter both with UUID and device labels. Currently, it is like this in /etc/default/grub:
GRUB_CMDLINE_LINUX="cryptdevice=/dev/nvme0n1p3:lvm"Where /dev/nvme0n1p3 contains the encrypted LUKS volume.
I have also tried to include a crypto_keyfile.bin as key to my device into my initramfs. However, this doesn't give any result either.
Here I've read that plymouth might cause this. However, I'm not using plymouth at all (currently, the system only has the packages from base and base-devel installed).
I'm kinda lost here. There is no indication of what is going wrong in any way. No error messages. Googling doesn't give any useful results at all.
During this process I have rebuilt my initramfs images several times, with slightly different configurations. Currently, I'm using the following HOOKS:
HOOKS="base udev autodetect modconf block encrypt lvm2 filesystems fsck keyboard"Does anyone have any idea in which direction to look for what is wrong here? Or even to get some error output? Just something?
Last edited by kokx (2016-12-07 09:57:32)
Offline
I've uncovered some more information. If I add a line to echo something after the initrd line in GRUB, that line gets printed just fine. So I suspect that the initrd loads into memory without problems.
I have also observed that after that, the screen turns of shortly (for like a second), and then turns on again. Without any additional output or any other apparent changes.
Offline
For some reason, it worked to change my initrd setup to systemd (instead of being based on busybox). Using the systemd variants in the HOOKS array gets me a lot further in the boot process:
HOOKS="base systemd autodetect modconf block sd-encrypt sd-lvm2 filesystems fsck keyboard"This meant that I also had to specify the UUID's of my boot devices with luks.uuid= kernel parameters. As discussed in https://www.freedesktop.org/software/sy … rator.html
Note that I needed to specify luks.uuid= parameters for both /boot and /
Offline