Arch Linux

mir91

Banned

Registered: 2013-11-17

Posts: 143

[SOLVED] Migrating into LVM on Luks

I want to move my existing Archlinux into an encrypted Luks partition (/dev/sda2), using LVM to provide the sub-partitions for Root, Home and Swap, with /boot being /dev/sda1 and therefore unencrypted, and Grub installed to the MBR.
Now after reading through the wiki and various guides the problem is that instructions are either conflicting, outdated, or just don't work (tm) - not saying they're wrong, but I probably made an oversight/mistake somewhere that just wasn't covered in their details, that's how things typically go wrong, no? Well, hence this forum post:

What I did so far was adjusting /boot/grub/grub.cfg, /etc/fstab, /etc/crypttab (is that even required? Some instructions mention it, some don't at all), /etc/mkinitcpio.conf, chrooting into the new encrypted Root partition and running

arch-chroot /mnt
mkinitcpio -p linux
grub-install /dev/sda
grub-mkconfig -o /boot/grub/grub.cfg

How far I got: Grub booted, but when I select the Arch system I get a partition-not-found error regarding the encrypted Root partition inside luks/lvm, and got dumped into a rescue shell.
Here are my config files:

# 
# /etc/fstab: static file system information
#
# <file system>	<dir>	<type>	<options>	<dump>	<pass>
/dev/mapper/cryptoluks-ROOT			/         	ext4      	rw,relatime,data=ordered,errors=remount-ro	0 1
UUID=c0e319f5-e46f-4a31-abf0-594d2a0361fa	/boot     	ext4      	defaults,relatime				0 2
/dev/mapper/cryptoluks-HOME			/home     	ext4      	rw,relatime,data=ordered			0 2
/dev/mapper/cryptoluks-SWAP			none		swap		sw						0 0

# crypttab: mappings for encrypted partitions
#
# Each mapped device will be created in /dev/mapper, so your /etc/fstab
# should use the /dev/mapper/<name> paths for encrypted devices.
#
# The Arch specific syntax has been deprecated, see crypttab(5) for the
# new supported syntax.
#
# NOTE: Do not list your root (/) partition here, it must be set up
#       beforehand by the initramfs (/etc/mkinitcpio.conf).

# <name>       <device>                                     <password>              <options>
luks		UUID=a56fc1a1-5d92-45b6-8a19-dbb5a895a1f9	none			luks
cryptswap	/dev/mapper/crypotluks-SWAP 			/dev/urandom 		swap,cipher=aes-xts-plain64:sha512

#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
insmod part_gpt
insmod part_msdos
if [ -s $prefix/grubenv ]; then
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
    saved_entry="${chosen}"
    save_env saved_entry
  fi
}

function load_video {
  if [ x$feature_all_video_module = xy ]; then
    insmod all_video
  else
    insmod efi_gop
    insmod efi_uga
    insmod ieee1275_fb
    insmod vbe
    insmod vga
    insmod video_bochs
    insmod video_cirrus
  fi
}

if loadfont unicode ; then
  set gfxmode=auto
  load_video
  insmod gfxterm
  set locale_dir=$prefix/locale
  set lang=en_US
  insmod gettext
fi
terminal_input console
terminal_output gfxterm
if [ x$feature_timeout_style = xy ] ; then
  set timeout_style=menu
  set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
  set timeout=5
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/10_linux ###
menuentry 'Arch Linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-e9cab4f2-7ad8-4bb9-954a-3938fa38a237' {
	load_video
	set gfxpayload=keep
	insmod gzio
	insmod part_msdos
	insmod ext2
	set root='hd0,msdos1'
	if [ x$feature_platform_search_hint = xy ]; then
	  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1  c0e319f5-e46f-4a31-abf0-594d2a0361fa
	else
	  search --no-floppy --fs-uuid --set=root c0e319f5-e46f-4a31-abf0-594d2a0361fa
	fi
	echo	'Loading Linux linux-grsec ...'
	linux	/vmlinuz-linux-grsec quiet ipv6.disable=1 rcutree.rcu_idle_gp_delay=1 acpi_enforce_resources=lax pci=nomsi cryptdevice=a56fc1a1-5d92-45b6-8a19-dbb5a895a1f9:cryptoluks root=/dev/mapper/cryptoluks-ROOT rw
	echo	'Loading initial ramdisk ...'
	initrd  /initramfs-linux-grsec.img
}
### BEGIN /etc/grub.d/41_custom ###
if [ -f  ${config_directory}/custom.cfg ]; then
  source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f  $prefix/custom.cfg ]; then
  source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###

MODULES="ext4"
BINARIES=""
FILES=""
HOOKS="base udev autodetect modconf block resume filesystems keyboard fsck encrypt lvm2 keymap"

(The cryptoluks-BOOT partition is just still there because I simply re-created all partitions from the old system into the luks container. It's not in use, since /dev/sda1 is the real boot partition.)

$ lsblk -f

NAME                     FSTYPE      LABEL       UUID                                   MOUNTPOINT
loop0                    squashfs                                                       /run/archiso/sfs/airootfs
sda                                                                                     
├─sda1                   ext4        BOOT        c0e319f5-e46f-4a31-abf0-594d2a0361fa   
└─sda2                   crypto_LUKS             a56fc1a1-5d92-45b6-8a19-dbb5a895a1f9   
  └─luks                 LVM2_member             wP65WC-C6C0-52b3-g76U-mlUc-8EFl-UoswTc 
    ├─cryptoluks-SWAP    swap                    d665caf6-36f1-47b9-9086-61494b45b379   
    ├─cryptoluks-EXTRA                                                                  
    ├─cryptoluks-ROOT    ext4        sys         e9cab4f2-7ad8-4bb9-954a-3938fa38a237   
    ├─cryptoluks-BOOT    ext4                    0bab933a-f276-488e-8ca7-901feeedce5e   
    └─cryptoluks-HOME    ext4                    7063f2f9-a183-4859-af06-ded68e4d1a07   
sdb                      iso9660     ARCH_201702 2017-02-01-17-08-09-00                 
├─sdb1                   iso9660     ARCH_201702 2017-02-01-17-08-09-00                 /run/archiso/bootmnt
└─sdb2                   vfat        ARCHISO_EFI 5B13-1CA8                              /mnt
sr0                                                                                     

..and on an unrelated? side note, doing luksClose on the opened /dev/sda2 never works, I always get this error spam, even though I haven't mounted any of its contents (lsof also shows no files open from it).
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
device-mapper: remove ioctl on luks failed: Device or resource busy
Device luks is still in use.

Last edited by mir91 (2017-02-12 21:55:58)

Slithery

Administrator

From: Norfolk, UK

Registered: 2013-12-01

Posts: 5,776

Re: [SOLVED] Migrating into LVM on Luks

The order of your HOOKS is wrong, encrypt and lvm2 need to be before filesystems.

---

No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

mir91

Banned

Registered: 2013-11-17

Posts: 143

Re: [SOLVED] Migrating into LVM on Luks

Wow nice, I didn't even know the order was important. Thanks!
I can't test it right away since it'll involve opening the PC and stuff, but I'll try asap.

Last edited by mir91 (2017-02-11 12:47:28)

mir91

Banned

Registered: 2013-11-17

Posts: 143

Re: [SOLVED] Migrating into LVM on Luks

I changed the hooks order. And I added size=512 in crypttab for swap, which was missing (not sure if required or not).
Additionally I noticed that I used mkinitcpio on target 'linux' but then tried to boot linux-grsec kernel. Fixed that by building both targets and adding lines in grub.cfg accordingly.

Unfortunately it didn't help.
I still get:

ERROR: device '/dev/mapper/cryptoluks-ROOT' not found. Skipping fsck.
ERROR: Unable to find root device '/dev/mapper/cryptoluks-ROOT'.
You are being dropped to a recovery shell

Could the problem be somehow between crypttab and fstab interaction? Because in crypttab I define "luks" as a device name but in fstab I only have cryptoluks-XXX partition names, so there is no connection? Especially: I don't even get prompted to enter the luks password on boot.
I read up some more in the Arch wiki and it says the name in crypttab must be used in fstab.
So since my logical volume group inside luks is called "cryptoluks" I changed crypttab to say "cryptoluks" but it still cannot find "/dev/mapper/cryptoluks-ROOT" on boot, no change there in the error message and I still don't get prompted for password or anything. I did run 'mkinitcpio -p linux' and 'mkinitcpio -p linux-grsec' after changing crypttab, as I understand that is required.
(And is it even correct that swap in crypttab is called "cryptswap", as that name doesn't occur anywhere else in fstab for example..?)
Does lvm2 hook need to come before encrypt hook maybe? Or doesn't matter?

Another thing that confuses me is that when I manually call

cryptsetup luksOpen /dev/sda2 whatevername

then 'whatevername' seems to totally not matter at all. I can pick whatever I like, the result will be that /dev/mapper/whatevername exists, but is not used for anything. All the important vg partitions will appear as /dev/mapper/cryptoluks-ROOT and /dev/mapper/cryptoluks-HOME anyway, while /dev/mapper/whatever name seems to serve no purpose, so what's even the point of having to specify "whatevername", what does it designate/mean??
Originally when I started this migration "project" I always typed in "luks" as <whatevername> because the doc I was reading did that, and that's why I also put "luks" as device name in crypttab at first (now changed to "cryptoluks", the vg name).

# crypttab: mappings for encrypted partitions
#
# Each mapped device will be created in /dev/mapper, so your /etc/fstab
# should use the /dev/mapper/<name> paths for encrypted devices.
#
# The Arch specific syntax has been deprecated, see crypttab(5) for the
# new supported syntax.
#
# NOTE: Do not list your root (/) partition here, it must be set up
#       beforehand by the initramfs (/etc/mkinitcpio.conf).

# <name>       <device>                                     <password>              <options>
# home         UUID=b8ad5c18-f445-495d-9095-c9ec4f9d2f37    /etc/mypassword1
# data1        /dev/sda3                                    /etc/mypassword2
# data2        /dev/sda5                                    /etc/cryptfs.key
# swap         /dev/sdx4                                    /dev/urandom            swap,cipher=aes-cbc-essiv:sha256,size=256
# vol          /dev/sdb7                                    none

cryptoluks		UUID=a56fc1a1-5d92-45b6-8a19-dbb5a895a1f9	none			luks
cryptswap	/dev/mapper/cryptoluks-SWAP 			/dev/urandom 		swap,cipher=aes-xts-plain64:sha512,size=512

#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
insmod part_gpt
insmod part_msdos
if [ -s $prefix/grubenv ]; then
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
    saved_entry="${chosen}"
    save_env saved_entry
  fi
}

function load_video {
  if [ x$feature_all_video_module = xy ]; then
    insmod all_video
  else
    insmod efi_gop
    insmod efi_uga
    insmod ieee1275_fb
    insmod vbe
    insmod vga
    insmod video_bochs
    insmod video_cirrus
  fi
}

if loadfont unicode ; then
  set gfxmode=auto
  load_video
  insmod gfxterm
  set locale_dir=$prefix/locale
  set lang=en_US
  insmod gettext
fi
terminal_input console
terminal_output gfxterm
if [ x$feature_timeout_style = xy ] ; then
  set timeout_style=menu
  set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
  set timeout=5
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/10_linux ###
menuentry 'Arch Linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-e9cab4f2-7ad8-4bb9-954a-3938fa38a237' {
	load_video
	set gfxpayload=keep
	insmod gzio
	insmod part_msdos
	insmod ext2
	set root='hd0,msdos1'
	if [ x$feature_platform_search_hint = xy ]; then
	  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1  c0e319f5-e46f-4a31-abf0-594d2a0361fa
	else
	  search --no-floppy --fs-uuid --set=root c0e319f5-e46f-4a31-abf0-594d2a0361fa
	fi
	echo	'Loading Linux linux-grsec ...'
	linux	/vmlinuz-linux-grsec quiet ipv6.disable=1 rcutree.rcu_idle_gp_delay=1 acpi_enforce_resources=lax pci=nomsi cryptdevice=a56fc1a1-5d92-45b6-8a19-dbb5a895a1f9:cryptoluks root=/dev/mapper/cryptoluks-ROOT rw
	echo	'Loading initial ramdisk ...'
	initrd  /initramfs-linux-grsec.img
}
#a56fc1a1-5d92-45b6-8a19-dbb5a895a1f9
submenu 'Advanced options for Arch Linux' $menuentry_id_option 'gnulinux-advanced-e9cab4f2-7ad8-4bb9-954a-3938fa38a237' {
	menuentry 'Arch Linux, with Linux linux-grsec' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-grsec-advanced-e9cab4f2-7ad8-4bb9-954a-3938fa38a237' {
		load_video
		set gfxpayload=keep
		insmod gzio
		insmod part_msdos
		insmod ext2
		set root='hd0,msdos1'
		if [ x$feature_platform_search_hint = xy ]; then
		  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1  c0e319f5-e46f-4a31-abf0-594d2a0361fa
		else
		  search --no-floppy --fs-uuid --set=root c0e319f5-e46f-4a31-abf0-594d2a0361fa
		fi
		echo	'Loading Linux linux-grsec ...'
		linux	/vmlinuz-linux-grsec quiet ipv6.disable=1 rcutree.rcu_idle_gp_delay=1 acpi_enforce_resources=lax pci=nomsi cryptdevice=a56fc1a1-5d92-45b6-8a19-dbb5a895a1f9:cryptoluks root=/dev/mapper/cryptoluks-ROOT rw
		echo	'Loading initial ramdisk ...'
		initrd  /initramfs-linux-grsec.img
	}
	menuentry 'Arch Linux, with Linux linux-grsec (fallback initramfs)' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-grsec-fallback-e9cab4f2-7ad8-4bb9-954a-3938fa38a237' {
		load_video
		set gfxpayload=keep
		insmod gzio
		insmod part_msdos
		insmod ext2
		set root='hd0,msdos1'
		if [ x$feature_platform_search_hint = xy ]; then
		  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1  c0e319f5-e46f-4a31-abf0-594d2a0361fa
		else
		  search --no-floppy --fs-uuid --set=root c0e319f5-e46f-4a31-abf0-594d2a0361fa
		fi
		echo	'Loading Linux linux-grsec ...'
		linux	/vmlinuz-linux-grsec quiet ipv6.disable=1 rcutree.rcu_idle_gp_delay=1 acpi_enforce_resources=lax pci=nomsi cryptdevice=a56fc1a1-5d92-45b6-8a19-dbb5a895a1f9:cryptoluks root=/dev/mapper/cryptoluks-ROOT rw
		echo	'Loading initial ramdisk ...'
		initrd  /initramfs-linux-grsec-fallback.img
	}
	menuentry 'Arch Linux, with Linux linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-advanced-e9cab4f2-7ad8-4bb9-954a-3938fa38a237' {
		load_video
		set gfxpayload=keep
		insmod gzio
		insmod part_msdos
		insmod ext2
		set root='hd0,msdos1'
		if [ x$feature_platform_search_hint = xy ]; then
		  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1  c0e319f5-e46f-4a31-abf0-594d2a0361fa
		else
		  search --no-floppy --fs-uuid --set=root c0e319f5-e46f-4a31-abf0-594d2a0361fa
		fi
		echo	'Loading Linux linux ...'
		linux	/vmlinuz-linux quiet ipv6.disable=1 rcutree.rcu_idle_gp_delay=1 acpi_enforce_resources=lax pci=nomsi cryptdevice=a56fc1a1-5d92-45b6-8a19-dbb5a895a1f9:cryptoluks root=/dev/mapper/cryptoluks-ROOT rw
		echo	'Loading initial ramdisk ...'
		initrd  /initramfs-linux.img
	}
	menuentry 'Arch Linux, with Linux linux (fallback initramfs)' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-fallback-e9cab4f2-7ad8-4bb9-954a-3938fa38a237' {
		load_video
		set gfxpayload=keep
		insmod gzio
		insmod part_msdos
		insmod ext2
		set root='hd0,msdos1'
		if [ x$feature_platform_search_hint = xy ]; then
		  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1  c0e319f5-e46f-4a31-abf0-594d2a0361fa
		else
		  search --no-floppy --fs-uuid --set=root c0e319f5-e46f-4a31-abf0-594d2a0361fa
		fi
		echo	'Loading Linux linux ...'
		linux	/vmlinuz-linux quiet ipv6.disable=1 rcutree.rcu_idle_gp_delay=1 acpi_enforce_resources=lax pci=nomsi cryptdevice=a56fc1a1-5d92-45b6-8a19-dbb5a895a1f9:cryptoluks root=/dev/mapper/cryptoluks-ROOT rw
		echo	'Loading initial ramdisk ...'
		initrd  /initramfs-linux-fallback.img
	}
}

### END /etc/grub.d/10_linux ###

### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###

### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###

### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###

### BEGIN /etc/grub.d/41_custom ###
if [ -f  ${config_directory}/custom.cfg ]; then
  source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f  $prefix/custom.cfg ]; then
  source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###

# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run.  Advanced users may wish to specify all system modules
# in this array.  For instance:
#     MODULES="piix ide_disk reiserfs"
MODULES="ext4"

# BINARIES
# This setting includes any additional binaries a given user may
# wish into the CPIO image.  This is run last, so it may be used to
# override the actual binaries included by a given hook
# BINARIES are dependency parsed, so you may safely ignore libraries
BINARIES=""

# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in any way.  This is useful for config files.
FILES=""

# HOOKS
# This is the most important setting in this file.  The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added.  Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
##   This setup specifies all modules in the MODULES setting above.
##   No raid, lvm2, or encrypted root is needed.
#    HOOKS="base"
#
##   This setup will autodetect all modules for your system and should
##   work as a sane default
#    HOOKS="base udev autodetect block filesystems"
#
##   This setup will generate a 'full' image which supports most systems.
##   No autodetection is done.
#    HOOKS="base udev block filesystems"
#
##   This setup assembles a pata mdadm array with an encrypted root FS.
##   Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
#    HOOKS="base udev block mdadm encrypt filesystems"
#
##   This setup loads an lvm2 volume group on a usb device.
#    HOOKS="base udev block lvm2 filesystems"
#
##   NOTE: If you have /usr on a separate partition, you MUST include the
#    usr, fsck and shutdown hooks.
HOOKS="base udev autodetect modconf block resume keyboard keymap encrypt lvm2 filesystems fsck"

# COMPRESSION
# Use this to compress the initramfs image. By default, gzip compression
# is used. Use 'cat' to create an uncompressed image.
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
#COMPRESSION="xz"
#COMPRESSION="lzop"

# COMPRESSION_OPTIONS
# Additional options for the compressor
#COMPRESSION_OPTIONS=""

Last edited by mir91 (2017-02-12 09:39:44)

mir91

Banned

Registered: 2013-11-17

Posts: 143

Re: [SOLVED] Migrating into LVM on Luks

Tried switching order of encrypt and lvm hooks, to no avail. Also tried sd-lvm2 instead of lvm2, didn't help.

mir91

Banned

Registered: 2013-11-17

Posts: 143

Re: [SOLVED] Migrating into LVM on Luks

If anyone could verify or falsify the contents of any files, that might already help, as I'm stumped on how to proceed from here on.
I still suspect something isn't correct between crypttab and fstab maybe?

Slithery

Administrator

From: Norfolk, UK

Registered: 2013-12-01

Posts: 5,776

Re: [SOLVED] Migrating into LVM on Luks

I've never needed or even looked at crypttab when using LVM on LUKS, it's not necessary. I'll take a closer look at your configs when I'm not on my mobile, I'm on the road for work at the moment.

---

No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

mir91

Banned

Registered: 2013-11-17

Posts: 143

Re: [SOLVED] Migrating into LVM on Luks

I've never needed or even looked at crypttab when using LVM on LUKS, it's not necessary. I'll take a closer look at your configs when I'm not on my mobile, I'm on the road for work at the moment.

Ah yes, it confused me a bit since the part in the Arch wiki about LVM on LUKS just doesn't mention crypttab, but then again it jumps around a lot by referencing other sub chapters of the wiki, including the one for bootloader setup which in turn leads to crypttab info next. oO

Good news though! I got it working!
I did three things at once:
-in grub.cfg change kernel parameter cryptdevice=<UUID> to actually say cryptdevice=UUID=<UUID>
-in grub.cfg added kernel parameter crypto=...
-in mkinitcpio.conf change hook order, so "keyboard" comes before "block"

After some more testing it seems the =UUID addition for cryptdevice is critical, or it won't work.
Not sure about the importance of the other two.

I have one more issue though, on bootup it now asks separately a bit later for a passphrase for the cryptoluks-SWAP. But I set password to /dev/urandom in crypttab, right? So I wonder why it does that. Needless to say the swap partition doesn't get mounted.
I'm pretty happy the system works so far though.

Slithery

Administrator

From: Norfolk, UK

Registered: 2013-12-01

Posts: 5,776

Re: [SOLVED] Migrating into LVM on Luks

Get rid of the swap definition in crypttab, it lives on your crypted LVM so doesn't need a separate password.

---

No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

mir91

Banned

Registered: 2013-11-17

Posts: 143

Re: [SOLVED] Migrating into LVM on Luks

Ok, I actually commented out both entries in crypttab (root partition too) and it works fine, thanks.
The only thing that's a bit weird now is that the grub boot menu where I pick the Archlinux entry to boot from is strangely lagging now. If I hit arrow-down key or enter key to enter "advanced options" there are like 2 seconds of lag. oO Used to be instant before I started this encryption stuff.

Last edited by mir91 (2017-02-12 22:06:20)