You are not logged in.
Hi all,
I've been struggling with this for 3-4 days now and most of the time (also right now) the PC don't even seem to load GRUB - the PC jumps directly into Windows 10 (instead of GRUB). I've searched everything I could but I seem to cannot find out what is wrong... Secure boot is disabled in BIOS + EFI/UEFI and GPT are used. Here are my partitions:
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 238.5G 0 disk
├─sda1 8:1 0 100M 0 part /mnt/boot/efi
├─sda2 8:2 0 16M 0 part
├─sda3 8:3 0 119.8G 0 part
├─sda4 8:4 0 1G 0 part
├─sda5 8:5 0 200M 0 part
│ └─cryptboot 254:3 0 198M 0 crypt /mnt/boot
└─sda6 8:6 0 117.4G 0 part
├─myVG-lvCryptDisk 254:0 0 100G 0 lvm
│ └─crptDsk 254:2 0 100G 0 crypt /mnt
└─myVG-lvSwap 254:1 0 10G 0 lvm [SWAP]
sdb 8:16 1 3.8G 0 disk /run/archiso/bootmnt
├─sdb1 8:17 1 749M 0 part
└─sdb2 8:18 1 40M 0 part
loop0 7:0 0 325M 1 loop /run/archiso/sfs/airootfsSome extra details (sda1=EFI, sda2=Microsoft reserved, sda3=C:\ NTFS, sda4=maybe MS recovery partition?, sda5=my encrypted boot-partition, sda6=my encrypted root-partition):
gdisk -l /dev/sda
GPT fdisk (gdisk) version 1.0.1
...
...
Found valid GPT with protective MBR; using GPT.
Disk /dev/sda: 500118192 sectors, 238.5 GiB
...
...
Number Start (sector) End (sector) Size Code Name
1 2048 206847 100.0 MiB EF00 EFI system partition
2 206848 239615 16.0 MiB 0C01 Microsoft reserved ...
3 239616 251461631 119.8 GiB 0700 Basic data partition
4 498020352 500117503 1024.0 MiB 2700 Basic data partition
5 251461632 251871231 200.0 MiB 8300 bootPart
6 251871232 498020351 117.4 GiB 8E00 LVMpartI think this is maybe an unusual setup - but it should work? I thought it would be safest to have a separate encrypted boot partition outside LVM, as my impression is that there is not much space for LVM-code-execution at the initramfs-stage. But maybe this is a mistake. Would it be better to have my encrypted boot partition inside the LVM (inside /dev/sda6 ) ? I think so - but this should also work, right?
My mikinitcpio.conf-file:
...
FILES=""
HOOKS="base udev autodetect modconf keyboard block encrypt lvm2 mdadm_udev keymap resume filesystems fsck"
...My /etc/crypttab-file (I'm not using the /root/crypto_keyfile.bin yet, but I'm thinking it doesn't harm to be a little ahead, for my next task - to avoid entering password twice, is this right or wrong???):
# crypttab: mappings for encrypted partitions
cryptboot /dev/sda5 /root/crypto_keyfile.bin luksMy /etc/fstab-file:
# /dev/mapper/crptDsk
UUID=24472288-be67-4520-8ba7-d916414d12a2 / ext4 rw,relatime,data=ordered 0 1
# /dev/mapper/cryptboot
UUID=39aaee78-a741-4cc1-9f67-637896f79a34 /boot ext4 rw,relatime,stripe=4,data=ordered 0 2
# /dev/sda1 LABEL=ESP
UUID=603B-B4B9 /boot/efi vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro 0 2
# /dev/mapper/myVG-lvSwap
UUID=ae53a42d-823d-4b6e-9220-332f996a05f3 none swap defaults 0 0This is how I (tried) installed grub:
# cryptsetup luksOpen /dev/mapper/myVG-lvCryptDisk crptDsk
# cryptsetup luksOpen /dev/sda5 cryptboot
# mount /dev/mapper/crptDsk /mnt
# mount /dev/mapper/cryptboot /mnt/boot
# mount /dev/sda1 /mnt/boot/efi
# swapon /dev/mapper/myVG-lvSwap
... pacstrap etc...
# arch-chroot /mnt /bin/bash
# vi /etc/default/grubNow, this is where things gets exciting and also where I do a lot of experiments - because in around 10% of the cases I do something and the GRUB configuration gets written to disk, because I see GRUB asks for a password right after a reboot, in order to try to unencrypt my partitions. However, I've made something wrong, so I always end back rebooting from USB to fix boot-loader configuration, please see output:
grub-mkconfig -o /boot/grub/grub.cfg
Generating grub configuration file ...
WARNING: Failed to connect to lvmetad. Falling back to device scanning.
WARNING: Failed to connect to lvmetad. Falling back to device scanning.
....
....
WARNING: Failed to connect to lvmetad. Falling back to device scanning.
WARNING: Failed to connect to lvmetad. Falling back to device scanning.
Found linux image: /boot/vmlinuz-linux
Found initrd image(s) in /boot: intel-ucode.img initramfs-linux.img
Found fallback initrd image(s) in /boot: intel-ucode.img initramfs-linux-fallback.img
WARNING: Failed to connect to lvmetad. Falling back to device scanning.
[ ] squashfs: SQUASHFS ERROR: can't find a SQUASHFS superblock on sda2
[ ] EXT4-fs (sda2) :VFS: Can't find ext4 filesystem
[ ] EXT4-fs (sda2) :VFS: Can't find ext4 filesystem
[ ] EXT4-fs (sda2) :VFS: Can't find ext4 filesystem
[ ] FAT-fs (sda2): bogus number of reserved sectors
grub-probe: error: cannot find a GRUB drive for /dev/sdb1. Check your device.map.
doneFrom what I've read, the warnings/error messages, e.g. "WARNING: Failed to connect to levmetad. Falling back to device scanning" can be ignored. I don't know why it complains about ext4 on sda2 ? Am I doing something wrong here? grub-install ALWAYS gives these very weird messages:
# grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=grub --recheck
Installing for x86_64-efi platform.
Installation finished. No error reported.The message "No error reported" is rather awkward... The most annoying thing here is that GRUB is very often not even loaded - after reboot, Windows directly begins to load, as if there is no GRUB installation...?
I finally discovered I should google for "acer laptop efibootmgr changes are reverted" - and found a lot of inspiration, e.g. some people had to replace /boot/efi/EFI/Microsoft/Boot/bootmgfw.efi with /boot/efi/EFI/arch/grubx64.efi - now I'm really really fed up with GRUB. I cannot explain why GRUB didn't store my changes, but I made huge progress now using:
pacman -S refind-efi
refind-installNow the machine doesn't directly boot into Windows, which is a requirement for solving my problem. UPDATE: It seemed to be a random coincidence, that this worked... Now I've been struggling again for many hours and I'm sure this can help other people too (I'm on an Acer-laptop):
1) Hit F2 on boot to enter setup and switch to the Security tab.
2) Set a supervisor password.
3) Choose "Select an UEFI file as trusted for executing" and select HDD0\EFI\...(insert file-name)...efi.
4) You can choose between Windows and Linux at the F12 menu, and choose a default in setup.However, I still have a problem - I suspect maybe my /etc/default/grub-file is not ok?:
...
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda6:myVG root=/dev/mapper/myVG-lvCryptDisk resume=/dev/mapper/myVG-lvSwap"
...
# I'll change below to false + add replace above with UUID's later (when the system can boot up)...
GRUB_DISABLE_LINUX_UUID=true
...
GRUB_ENABLE_CRYPTODISK=yWhat could be wrong here? Following my success with the new boot-manager, this is what I get when I boot up:
[ ] platform MSFT0101:00: failed to claim resource 1
[ ] acpi MSFT0101:00: platform device creation failed: -16
starting version 232
ERROR: Failed to open encryption mapping: The device /dev/sda6 is not a LUKS volume and the crypto= paramater was not specified.
[ ] sd 3:0:0:0: [sdb] No Caching mode page found
[ ] sd 3:0:0:0: [sdb] Assuming drive cache: write through
ERROR: resume: hibernation device '/dev/mapper/myVG-lvSwap' not found
ERROR: device '/dev/mapper/myVG-lvCryptDisk' not found. Skipping fsck.
mount: special device /dev/mapper/myVG-lvCryptDisk does not exist
You are now being dropped into an emergency shell.
sh: can't access tty; job control turned off
[rootfs ]# And there's my prompt... This is a huge step forward now, but I just need to solve this last puzzle... Any hints/advice is greatly appreciated, thanks!
Last edited by newsboost (2017-04-15 03:29:34)
Offline
I just want to follow-up - I've spent numerous hours now... I tried a lot of things, one of them:
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda6/myVG:lvCryptDisk root=/dev/mapper/lvcryptDisk resume=/dev/sda6/myVG:lvSwap"However, this gave me the problem that the LVM-partitions didn't appear under /dev/mapper - so I cannot/couldn't boot! I began searching for "luks boot grub lvscan inactive lvm" and 'luks grub "volume group" is not active grub-install' which led me to this https://bbs.archlinux.org/viewtopic.php?id=218540 suggesting that I had to switch to systemd-based initramfs (change "udev" to "systemd" and "lvm2" to "sd-lvm2" in /etc/mkinitcpio.conf). In the end, this excellent recipe http://blog.ataboydesign.com/2012/08/29 … ux-on-lvm/ showed me that I needed this:
# vi /etc/rc.conf
USELVM="yes"Now I think I did "mkinitcpio -p linux" and:
GRUB_CMDLINE_LINUX="cryptdevice=/dev/mapper/myVG-lvCryptDisk:crptDsk root=/dev/mapper/crptDsk resume=/dev/mapper/myVG-lvSwap"... followed by grub-mkconfig -o /boot/grub/grub.cfg (I'm still going through GRUB even though I'm using refind as boot manager, as I currently do not know how setup refind boot options manually).
I rebooted - I received one/some errors, which I discovered was related to the missing /dev/mapper/cryptboot - I temporarily disabled "cryptboot /dev/sda5 /root/crypto_keyfile.bin luks" inside /etc/crypttab. I re-enabled this line, rebooted and VOILA - no errors! However, now I wanted to make sure the "/etc/rc.conf" really was the problem here - I decided to comment out the 'USELVM="yes"' in the /etc/rc.conf -file, followed by "mkinitcpio -p linux" + a reboot... I suspected that I would get severe warning(s) because I thought /dev/mapper did not contain my LVM-volumes... But no errors, strangely enough. It's really a shame that I don't know exactly what changed so LVM-volumes showed up under /dev/mapper........
Next task: I want to implement encrypted swap-partition - anyone can help with advice? You can probably see all relevant config-files above... Otherwise, I'll try on my own. Hopefully others can benefit from the mistakes I do...
Offline