You are not logged in.

Pages: 1

#1 2017-02-16 21:19:03

tnek
Member
Registered: 2008-06-10
Posts: 41

[SOLVED] dm-crypt + luks, UEFI, systemd-boot: Stuck after reboot

I'm trying to install a system with full disk encryption us dm-crypt + luks which uses UEFI and systemd-boot to boot.

It only has two partitions /dev/sda1 and /dev/sda2. The first one will be my EFI partition and will also be mounted as /boot. The second one is the encrypted one. As I am using UEFI I went with systemd-boot, as it was recommended on the wiki.

At reboot I get my entry "Arch Linux Encrypted" and when I select it I get:

Welcome to Linux!
...
[ *** ] A start job is running for dev-mapper-slash.device (1min 21s / 1min 30s)

And after 1min 30s I get "Timed out waiting for device dev-mapper-slash.device"

This is what I've tried so far:

  • Adding ext4 to MODULES in /etc/mkinitcpio.conf

  • To use PARTUUID instead of UUID (with an id change accordingly) in /boot/loader/entries/arch.conf

  • Generating initramfs again and updating the boot loader

If anyone has any ideas on what I've done wrong, or ideas on how to troubleshoot this, I would be really grateful!

Data that could be helpful when troubleshooting

fdisk -l

Disk /dev/sda: 8 GiB, 8589934592 bytes, 16777216 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: C28B2BDE-8693-4C36-877C-81C49E2F391F

Device       Start      End  Sectors  Size Type
/dev/sda1     2048  1050623  1048576  512M EFI System
/dev/sda2  1050624 16777182 15726559  7.5G Linux filesystem

...

Disk /dev/mapper/slash: 7.5 GiB, 8049901056 bytes, 15722463 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

mount

...

/dev/mapper/slash on  type ext4 (rw,relatime,data=ordered)
/dev/sda1 on /boot type vfat (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)

ls -l /dev/mapper

...
lrwxrwxrwx 1 root root       7 Feb 15 15:28 slash -> ../dm-0

cat /etc/fstab

root@archiso ~ # cat /etc/fstab
#
# /etc/fstab: static file system information
#
# <file system> <dir>   <type>  <options>       <dump>  <pass>
# UUID=80d64475-0722-452e-93c9-e9fe8c218e92
/dev/mapper/slash       /               ext4            rw,relatime,data=ordered        0 1

# UUID=B8D8-22F9
/dev/sda1               /boot           vfat            rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro    0 2

cat /etc/mkinitcpio.conf | grep -v "#" (to get uncommented lines)

root@archiso ~ # cat /etc/mkinitcpio.conf | grep -v "#"
MODULES=""

BINARIES=""

FILES=""

HOOKS="base udev autodetect modconf block systemd keyboard sd-encrypt filesystems fsck"

cat /boot/loader/loader.conf

default arch
timeout 10
editor 0

cat /boot/loader/entries/arch.conf

title Arch Linux Encrypted
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=UUID=80d64475-0722-452e-93c9-e9fe8c218e92:slash root=/dev/mapper/slash quit rw

ls -l /dev/disk/by-uuid

root@archiso ~ # ls -l /dev/disk/by-uuid
total 0
lrwxrwxrwx 1 root root  9 Feb 16 16:09 2017-02-01-17-08-09-00 -> ../../sr0
lrwxrwxrwx 1 root root 10 Feb 15 15:07 694c61ac-1927-46e7-bf76-e52d9e30f5bd -> ../../sda2
lrwxrwxrwx 1 root root 10 Feb 15 15:28 80d64475-0722-452e-93c9-e9fe8c218e92 -> ../../dm-0
lrwxrwxrwx 1 root root 10 Feb 15 14:45 B8D8-22F9 -> ../../sda1

ls -l /dev/disk/by-partuuid

root@archiso ~ # ls -l /dev/disk/by-partuuid
total 0
lrwxrwxrwx 1 root root 10 Feb 15 14:45 25fe6852-e71e-49a0-81f8-36915f05520e -> ../../sda1
lrwxrwxrwx 1 root root 10 Feb 15 15:07 b16c96ed-8122-4e6d-978b-106a2366827a -> ../../sda2

Last edited by tnek (2017-02-18 11:01:31)

Offline

#2 2017-02-16 21:26:47

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,426
Website

Re: [SOLVED] dm-crypt + luks, UEFI, systemd-boot: Stuck after reboot

Where is your encrypt hook? https://wiki.archlinux.org/index.php/Dm … mkinitcpio

Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#3 2017-02-16 21:43:33

tnek
Member
Registered: 2008-06-10
Posts: 41

Re: [SOLVED] dm-crypt + luks, UEFI, systemd-boot: Stuck after reboot

Sorry! I accidentally showed the /etc/mkinitcpio.conf in my host (where I logged in through SSH) and not in the arch-chroot. I updated my post now! I am using the sd-encrypt as I understood it to be the "systemd version of encrypt".

Last edited by tnek (2017-02-16 21:44:02)

Offline

#4 2017-02-16 21:54:24

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,426
Website

Re: [SOLVED] dm-crypt + luks, UEFI, systemd-boot: Stuck after reboot

Your loader points to the UUID of /, but the actual string is the PARTUUID

Also, you have a typo: it is quiet, not quit.

Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#5 2017-02-16 21:58:36

rdeckard
Wiki Maintainer
Registered: 2015-01-28
Posts: 137

Re: [SOLVED] dm-crypt + luks, UEFI, systemd-boot: Stuck after reboot

Use "luks.uuid" instead of "cryptdevice" if you are using sd-encrypt. See https://wiki.archlinux.org/index.php/Dm … crypt_hook

Offline

#6 2017-02-16 22:14:57

tnek
Member
Registered: 2008-06-10
Posts: 41

Re: [SOLVED] dm-crypt + luks, UEFI, systemd-boot: Stuck after reboot

jasonwryan wrote:

Your loader points to the UUID of /, but the actual string is the PARTUUID

Also, you have a typo: it is quiet, not quit.

Ah. Yes, that seems like an error! I tried these three things now by modifying /boot/loader/entries/arch.conf:

  • Change UUID to PARTUUID

  • Keeping UUID and changing the id string to 80...92 (the one which points to dm-0)

  • Keeping UUID and changing the id string to 69...bd (the one which points to sda2)

After each try I exited the chroot, umount -R /tmp and a sync and then reboot.

I guess changing the id string to the one pointing to dm-0 should be the way to go, so I changed my OP to point to it.

However, even though I see that you pointed out a configuration error, all three if these potential fixes didn't change anything. I still get stuck at the same place after reboot.

Last edited by tnek (2017-02-16 22:16:26)

Offline

#7 2017-02-16 22:29:11

rdeckard
Wiki Maintainer
Registered: 2015-01-28
Posts: 137

Re: [SOLVED] dm-crypt + luks, UEFI, systemd-boot: Stuck after reboot

Have you changed "cryptdevice" to "luks.uuid"? luks.uuid should be set to the UUID that goes with /dev/sda2. You also have to use luks.name. It's in the wiki link I posted.

Offline

#8 2017-02-16 22:47:16

tnek
Member
Registered: 2008-06-10
Posts: 41

Re: [SOLVED] dm-crypt + luks, UEFI, systemd-boot: Stuck after reboot

rdeckard wrote:

Have you changed "cryptdevice" to "luks.uuid"? luks.uuid should be set to the UUID that goes with /dev/sda2. You also have to use luks.name. It's in the wiki link I posted.

When I read that part of the wiki I didn't get it.

I tried by changing the line to

options luks.uuid=80d64475-0722-452e-93c9-e9fe8c218e92 luks.name=slash

and got a different result.

It loops between three different messages for a while and then it fails with:

[    TIME  ] Timed out waiting for device dev-gpt\x2dauto\x2droot.device.
[DEPEND] Dependency failed for Initrd Root Device.
[DEPEND] Dependency failed for Root Partition.
[DEPEND] Dependency failed for Initrd Root File System.
[DEPEND] Dependency failed for Reload Configuration from the Real Root.
[DEPEND] Dependency failed for File System Check on /dev/gpt-auto-root.
[    TIME  ] Timed out waiting for device dev-disk-by\x2duuid-80d64475\x2d0722\x2d452e\x2d93c9\x2de9fe8c218e92.device
[DEPEND] Dependency failed for Cryptography Setup for luks-80d64475-0722-452e-93c9-e9fe8c218e92.
[DEPEND] Dependency failed for Encrypted Volumes
[DEPEND] Dependency failed for dev-mapper-luks\x2d80d64475\x2d0722\x2d452e\x2de9fe8c217e92.device
[   OK      ] ...
...

I have nothing that corresponds to the "root=/dev/mapper/slash quit rw" part of my options line in the OP, which I guess can be the issue? I couldn't find what that would be on the wiki though..

PS. All code above was carbon copied by hand, so I might have made a few spelling errors in them. I was more careful on the real host though.

Offline

#9 2017-02-16 22:48:55

tnek
Member
Registered: 2008-06-10
Posts: 41

Re: [SOLVED] dm-crypt + luks, UEFI, systemd-boot: Stuck after reboot

rdeckard wrote:

UUID that goes with /dev/sda2

I used the UUID that goes with dm-0. I will try the one for /dev/sda2, I just need to grab something to eat. smile

Last edited by tnek (2017-02-16 22:49:26)

Offline

#10 2017-02-16 23:11:07

Azured
Member
Registered: 2014-02-08
Posts: 9

Re: [SOLVED] dm-crypt + luks, UEFI, systemd-boot: Stuck after reboot

you are using the systemd hook in your mkinitcpi and sd-encrypt, so you will need your bootloader entry to use luks / rd.luks, and not encrypt hook (as stated before).

Note, it's not actually required to set a name. If you don't mind the default mapper name, just set luks.uuid=<uuid> and root=UUID=<uuid> in your bootloader options, e.g.:

title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options rd.luks.uuid=xxx root=UUID=yyy rw

where xxx is the UUID of the encrypted root partition and yyy is the UUID of the (unencrypted) mapper device.

Also, you do not need to specify the root in the fstab file (or the crypttab), as this is being specified in the bootloader options. This works for me anyhow (dm-crypt + LUKS encrypted root partition, with systemd-boot).

Offline

#11 2017-02-17 00:34:15

tnek
Member
Registered: 2008-06-10
Posts: 41

Re: [SOLVED] dm-crypt + luks, UEFI, systemd-boot: Stuck after reboot

Azured wrote:

you are using the systemd hook in your mkinitcpi and sd-encrypt, so you will need your bootloader entry to use luks / rd.luks, and not encrypt hook (as stated before).

Note, it's not actually required to set a name. If you don't mind the default mapper name, just set luks.uuid=<uuid> and root=UUID=<uuid> in your bootloader options, e.g.:

title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options rd.luks.uuid=xxx root=UUID=yyy rw

where xxx is the UUID of the encrypted root partition and yyy is the UUID of the (unencrypted) mapper device.

Also, you do not need to specify the root in the fstab file (or the crypttab), as this is being specified in the bootloader options. This works for me anyhow (dm-crypt + LUKS encrypted root partition, with systemd-boot).

Changing /boot/loader/entries/arch.conf to be

title Arch Linux Encrypted
linux /vmlinuz-linux
initrd /initramfs-linux.img
options luks.uuid=694c61ac-1927-46e7-bf76-e52d9e30f5bd luks.name=slash root=UUID=80d64475-0722-452e-93c9-e9fe8c218e92 rw

solved it for me! Many thanks to all the helpful people above!

To summarize what I got wrong, and that might be useful to be extra careful with:

  • I should have used the parameters meant for the sd-encrypt hook in /boot/loader/entries/arch.conf (I used those for encrypt, such as cryptdevice)

  • In /boot/loader/entries/arch.conf luks.uuid=<encrypted uuid, which means the id for sda2 in my case)

  • In /boot/loader/entries/arch.conf root=UUID=<unencrypted uuid, which means the id for dm-0 in my case)

  • I also mistook the wrong id string early on in the thread, but that wasn't even my main problem

Offline

Pages: 1

Board footer

Powered by FluxBB