Arch Linux

benwis

Member

Registered: 2017-05-30

Posts: 11

[SOLVED]GRUB cryptdevice v root order

Hi everyone,
I've almost finished setting up an Arch linux box with an encrypted /boot and /root in an lvm vgroup inside an encrypted container position.
Unfortunately, I'm having a bit of trouble with the grub config generator. What happens is the root value is correctly set to the logical volume that contains root, but it doesn't put a cryptdevice= before the root=, and thus fails to find the still encrypted lvm volume.

I can edit the /etc/default/grub file to add it manually using GRUB_CMDLINE_LINUX but it adds it at the end of the line, and thus it gives the same result as above. Is there a way to add the cryptdevice before the end of the line automatically, so I don't have to edit the grub.cfg file manually or create a custom entry?

Thanks

Last edited by benwis (2017-05-30 22:37:19)

sbmomeni

Member

Registered: 2013-07-26

Posts: 29

Re: [SOLVED]GRUB cryptdevice v root order

Welcome to the forums benwis

The order of root= and cryptdevice= parameters is not critical. I have `linux /vmlinuz-linux root=UUID=xxxxxxxxxxx rw cryptdevice=UUID=yyyyyyyyyyyyyyy:pvcrypt quiet` line in grub.cfg (the latter part is added using GRUB_CMDLINE_LINUX as you said) and it works.
Did you test that just swapping root= and cryptdevice= parameters creates/solves the problem?

benwis

Member

Registered: 2017-05-30

Posts: 11

Re: [SOLVED]GRUB cryptdevice v root order

I did try that, and I did actually find it critical. If root is first, the encrypt hook times out. If cryptdevice is first, encrypt finds the logical volume.

Thanks for the welcome I had an old account, but I haven't used Arch in a while, so I started a new one. The register process was a tad more irritating with that command line string than before, I was trying to register on my laptop adjacent,

Current non working grub.cfg

### BEGIN /etc/grub.d/10_linux ###
menuentry 'Arch Linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-9e9aa720-6d80-4af3-bac5-b1df908e9ff0' {
	load_video
	set gfxpayload=keep
	insmod gzio
	insmod part_gpt
	insmod cryptodisk
	insmod luks
	insmod gcry_rijndael
	insmod gcry_rijndael
	insmod gcry_sha256
	insmod lvm
	insmod ext2
	cryptomount -u 9b451ed480374edab1328374af6fabf2
	set root='lvmid/toW1pH-XBED-Q6Qi-PvAF-lXIV-98u4-40AfDp/4385om-PC9e-b062-kGEu-TCwR-J9Tm-L7MO5G'
	if [ x$feature_platform_search_hint = xy ]; then
	  search --no-floppy --fs-uuid --set=root --hint='lvmid/toW1pH-XBED-Q6Qi-PvAF-lXIV-98u4-40AfDp/4385om-PC9e-b062-kGEu-TCwR-J9Tm-L7MO5G'  9e9aa720-6d80-4af3-bac5-b1df908e9ff0
	else
	  search --no-floppy --fs-uuid --set=root 9e9aa720-6d80-4af3-bac5-b1df908e9ff0
	fi
	echo	'Loading Linux linux ...'
	linux	/boot/vmlinuz-linux root=/dev/mapper/vg-root rw crpytdevice=/dev/sdc2:root nomodeset quiet
	echo	'Loading initial ramdisk ...'
	initrd  /boot/intel-ucode.img /boot/initramfs-linux.img
}

If I move cryptdevice before root then it works. Maybe I'm doing something else wrong?

Last edited by benwis (2017-05-30 06:57:25)

sbmomeni

Member

Registered: 2013-07-26

Posts: 29

Re: [SOLVED]GRUB cryptdevice v root order

What is the content of HOOKS in /etc/mkinitcpio.conf file?
Output of `sudo blkid` command?
Test replacing `root=/dev/mapper/vg-root` with `root=UUID=xxxxxxx` changing the xxxxxxx with the appropriate uuid from the output of above command.

frostschutz

Member

Registered: 2013-11-15

Posts: 1,499

Re: [SOLVED]GRUB cryptdevice v root order

It's a typo (crpyt vs. crypt)?

If the initramfs drops you to a rescue shell, do a cat /proc/cmdline to see what it got passed as parameters, just to verify it is what you expected

Last edited by frostschutz (2017-05-30 07:38:55)

benwis

Member

Registered: 2017-05-30

Posts: 11

Re: [SOLVED]GRUB cryptdevice v root order

It's a typo (crpyt vs. crypt)?

If the initramfs drops you to a rescue shell, do a cat /proc/cmdline to see what it got passed as parameters, just to verify it is what you expected

It actually was just a typo. That's kinda infuriating. I fixed that

I also replaced the cryptdevice path with an UUID, thanks @sbmomemi. I don't think I should change the root to a UUID, since it was autogenerated that way and will just get overwritten.

Final question, I have an encrypted rhel7 distro on a different partition. It's detected by os-prober, but it also doesn't have a cryptdevice line. Is there a config option to add to /etc/default/grub to append a cryptdevice to that line?

frostschutz

Member

Registered: 2013-11-15

Posts: 1,499

Re: [SOLVED]GRUB cryptdevice v root order

It actually was just a typo. That's kinda infuriating. I fixed that

It happens to me too. You don't see typos yourself esp. when staring at a problem for too long.

Final question, I have an encrypted rhel7 distro on a different partition. It's detected by os-prober, but it also doesn't have a cryptdevice line. Is there a config option to add to /etc/default/grub to append a cryptdevice to that line?

What you have to be aware is that these options aren't necessarily standard... it's not a kernel option but initramfs option so something the userland invented and comes in various flavours (systemd, initcpio, dracut, genkernel, or even custom-made).

I don't know what a valid boot entry looks like for RHEL7, it's one of the distros I'm not using anywhere. And booting RHEL7 with an ArchLinux kernel and initramfs is probably not a good idea.

The /etc/grub.d/30_os-prober doesn't look like it's using such an option. If RHEL7 maintained its own grub.cfg you could probably come up with a script that just takes over those entries. Or add a custom menu entry to switch to the other config file.

Getting two separate distros to cooperate in regards to /boot and grub entries... is not simple. Maybe it works better for EFI

benwis

Member

Registered: 2017-05-30

Posts: 11

Re: [SOLVED]GRUB cryptdevice v root order

Good to know. I guess I can just use RHEL's bootloader when I have to deal with it.

Thanks!