Full Disk Encryption, arch booting to emergency mode

userak · 2017-02-04 14:53:12

Hi ! Guys ...

This is the first time I'm using any linux, so please bear with me...
I have been reading about archlinux for a quite while, now that I have sufficient information, I am trying to setup archlinux on vmware workstation with full disk encryption (luks + dmcrypt). I have completed all the required steps but while booting, arch is dropping me to the emergency mode.

So my setup is as follows..

sda1 --> esp
sda2 --> boot (encrypted)
sda3 --> root (encrypted)
sda4 --> home (encrypted)
sda5 --> swap (encrypted)

blkid

/dev/sda1: UUID="9701-024F" TYPE="vfat" PARTLABEL="EFI System" PARTUUID="6900c8a8-138e-41a0-b643-52d6687d4a36"
/dev/sda2: UUID="b10e6560-99be-4032-8bca-985ef9001a0f" TYPE="crypto_LUKS" PARTLABEL="boot" PARTUUID="72025208-8cee-4290-af80-5d8c91907889"
/dev/sda3: UUID="a99042ca-a8f6-4f4b-98cc-74e16177c065" TYPE="crypto_LUKS" PARTLABEL="root" PARTUUID="5d26af63-851c-4d06-bfca-384362087e20"
/dev/sda4: UUID="1dbec147-6278-40d4-8653-326b9fb86893" TYPE="crypto_LUKS" PARTLABEL="Linux /home" PARTUUID="98b7f44c-5dc0-4063-8c1b-eb0914967f8c"
/dev/sda5: UUID="f7992eae-92fb-4157-b8bf-c17c11346544" TYPE="crypto_LUKS" PARTLABEL="Linux swap" PARTUUID="f70be2d2-14a8-49e6-8e85-b9f6c370fd64"
/dev/sr0: UUID="2016-12-01-16-53-09-00" LABEL="ARCH_201612" TYPE="iso9660" PTUUID="4032ce55" PTTYPE="dos"
/dev/loop0: TYPE="squashfs"
/dev/mapper/crypt_boot: UUID="b2bb9857-abf1-4ab9-a293-6552b5f8b8df" TYPE="ext4"
/dev/mapper/crypt_root: UUID="236e4027-f027-4dcb-89ee-29daccd967e7" TYPE="ext4"
/dev/mapper/crypt_home: UUID="eb971f42-212f-4464-8e11-620c5a3e741f" TYPE="ext4"
/dev/mapper/crypt_swap: UUID="a8cb0e3d-742d-4979-aaa0-d7f4896d0184" TYPE="swap"

/etc/fstab

# /dev/mapper/crypt_root
UUID=236e4027-f027-4dcb-89ee-29daccd967e7	/         	ext4      	rw,relatime,data=ordered	0 1

# /dev/mapper/crypt_boot
UUID=b2bb9857-abf1-4ab9-a293-6552b5f8b8df	/boot     	ext4      	rw,relatime,data=ordered	0 2

# /dev/sda1
UUID=9701-024F      	/boot/efi 	vfat      	rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro	0 2

# /dev/mapper/crypt_home
UUID=eb971f42-212f-4464-8e11-620c5a3e741f	/home     	ext4      	rw,relatime,data=ordered	0 2

# /dev/mapper/crypt_swap
UUID=a8cb0e3d-742d-4979-aaa0-d7f4896d0184	none      	swap      	defaults  	0 0

/etc/crypttab

# <name>       <device>                                     <password>              <options>
crypt_home	UUID=1dbec147-6278-40d4-8653-326b9fb86893   none luks
crypt_swap	UUID=f7992eae-92fb-4157-b8bf-c17c11346544   none luks
crypt_boot	UUID=b10e6560-99be-4032-8bca-985ef9001a0f   none luks

/etc/mkinitcpio.conf

MODULES=""
HOOKS="base systemd autodetect modconf block sd-encrypt filesystems keyboard fsck"

/etc/default/grub

GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Arch"
GRUB_CMDLINE_LINUX_DEFAULT="luks.uuid=a99042ca-a8f6-4f4b-98cc-74e16177c065 luks.name=a99042ca-a8f6-4f4b-98cc-74e16177c065=crypt_root quiet"
GRUB_CMDLINE_LINUX=""
GRUB_ENABLE_CRYPTODISK=y
GRUB_PRELOAD_MODULES="part_gpt part_msdos"
GRUB_TERMINAL_INPUT=console
GRUB_GFXMODE=auto
GRUB_GFXPAYLOAD_LINUX=keep
GRUB_DISABLE_RECOVERY=true

swapon -s

Filename				Type		Size	Used	Priority
/dev/dm-3                              	partition	1045480	0	-1

The error I am getting

Here is a part of Boot Log (Pastebin)

x---------------------------------------------------------------------------------------x
After booting in emergency mode and listing the content of /dev/mapper, I find the "crypt_root" and "home" enteries there, no "crypt_boot" and "crypt_swap".
Also why sda3(home partition) is mapped as "home" and not "crypt_home" even though the <name> field in "crypttab" file is "crypt_home".

Last edited by userak (2017-02-04 17:54:13)

userak · 2017-02-06 19:07:39

After a lots trial and error.. I finally managed to boot into archlinux..

What I did is commented out all the enteries in "/etc/crypttab" file and added all those enteries to the "GRUB_CMDLINE_LINUX_DEFAULT" parameter of the "/etc/default/grub" file as follows.

/etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="luks.uuid=a99042ca-a8f6-4f4b-98cc-74e16177c065 luks.name=a99042ca-a8f6-4f4b-98cc-74e16177c065=crypt_root
luks.uuid=b10e6560-99be-4032-8bca-985ef9001a0f luks.name=b10e6560-99be-4032-8bca-985ef9001a0f=crypt_boot luks.uuid=1dbec147-6278-40d4-8653-326b9fb86893 luks.name=1dbec147-6278-40d4-8653-326b9fb86893=crypt_home luks.uuid=f7992eae-92fb-4157-b8bf-c17c11346544 luks.name=f7992eae-92fb-4157-b8bf-c17c11346544=crypt_swap quiet"

I am still getting the error "failed to activate swap partition" during boot.

Why crypttab file doesn't seems to be working ? What is wrong with the configuration ? Please guys help me with this .

Last edited by userak (2017-02-06 19:08:32)

piratebill · 2017-02-10 22:54:02

This may or may not help, but I've never gotten crypttab to decrypt anything with a password. Only have had luck with key files, but maybe I'm doing something dumb.

userak · 2017-02-18 09:06:09

@piratebill I tried doing it ... but no help

userak · 2017-02-18 13:36:12

Regarding the error related to swap partition not being mounted ... From what I have read systemd-boot tries to automatically mount a swap partition by recognising it type-code. This behaviour can be changed by issuing the following command.

systemctl mask dev-sda8.swap

*** Change the dev-sda8.swap to appropriate partition in your case.

Above command will supress the automatic mounting of swap partition and entry from crypttab file will be used instead.

Last edited by userak (2017-02-18 13:38:11)

Arch Linux

#1 2017-02-04 14:53:12

Full Disk Encryption, arch booting to emergency mode

#2 2017-02-06 19:07:39

Re: Full Disk Encryption, arch booting to emergency mode

#3 2017-02-10 22:54:02

Re: Full Disk Encryption, arch booting to emergency mode

#4 2017-02-18 09:06:09

Re: Full Disk Encryption, arch booting to emergency mode

#5 2017-02-18 13:36:12

Re: Full Disk Encryption, arch booting to emergency mode

Board footer