You are not logged in.

#1 2017-10-12 05:31:22

Salkay
Member
Registered: 2014-05-22
Posts: 297

Cannot boot with dmcrypt + LUKS encrypted root

I followed the wiki, installing Arch with an encrypted root partition using dmcrypt + LUKS, and grub. However, when I boot, after the grub menu, I just get

Loading Linux linux ...
error: file `/vmlinuz-linux' not found.
Loading initial ramdisk ...
error: you ned to load the kernel first.

Press any key to continue ...

I've essentially followed the wiki. The modified part of /etc/mkinitcpio.conf is

HOOKS="base udev autodetect modconf keyboard block encrypt filesystems fsck"

The modified part of /etc/default/grub is

GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=/dev/disk/by-uuid/<UUID>:cryptroot root=/dev/mapper/cryptroot"

<UUID> was obtained from `fdisk -f`, and refers to the encrypted parent device.

I've run both `mkinitcpio -p linux` and `grub-mkconfig -o /boot/grub/grub.cfg`. I mounted the unencrypted /boot and generated fstab, as per the wiki, as well as all the other steps.

My actual setup is slightly more complicated, with /home and a data partition encrypted with keys, but these are all referenced in /etc/crypttab, and presumably not relevant here.

Offline

#2 2017-10-12 11:47:04

fsckd
Forum Moderator
Registered: 2009-06-15
Posts: 4,102

Re: Cannot boot with dmcrypt + LUKS encrypted root

The error is grub can't find your kernel. The questions to ask are, where is your kernel and where is grub looking for your kernel?


aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies

Offline

#3 2017-10-12 12:21:43

Salkay
Member
Registered: 2014-05-22
Posts: 297

Re: Cannot boot with dmcrypt + LUKS encrypted root

fsckd wrote:

The error is grub can't find your kernel. The questions to ask are, where is your kernel and where is grub looking for your kernel?

Perhaps this might be relevant. My EFI System Partition was just copied from the original Windows partition, since I want to dual boot, as per the wiki. This is the /boot partition.

My understanding is that the EFI System Partition must be loading if I see the grub menu at all? Then I don't quite understand why the system can't fine `/boot/vmlinuz-linux`, which does exist.

Offline

#4 2017-10-12 20:39:55

fsckd
Forum Moderator
Registered: 2009-06-15
Posts: 4,102

Re: Cannot boot with dmcrypt + LUKS encrypted root

I assume you mount the ESP to /boot? Share your grub.cfg and may be can work backwards from there.


aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies

Offline

#5 2017-10-12 23:50:22

Salkay
Member
Registered: 2014-05-22
Posts: 297

Re: Cannot boot with dmcrypt + LUKS encrypted root

Thank you for your help.

fsckd wrote:

I assume you mount the ESP to /boot?

Yes, that's correct. Here is `/etc/fstab`.

# 
# /etc/fstab: static file system information
#
# <file system>	<dir>	<type>	<options>	<dump>	<pass>
# /dev/mapper/cryptroot
UUID=bc78a3fc-c325-4ddd-a4bb-70714b73d24b	/         	ext4      	rw,relatime,data=ordered	0 1

# /dev/nvme0n1p1 LABEL=SYSTEM
UUID=4A35-4EE8      	/boot     	vfat      	rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro	0 2

# /dev/mapper/crypthome
UUID=ea50f7e7-7072-4eb1-b4a3-1c266cff2aa9	/home     	ext4      	rw,relatime,data=ordered	0 2

# /dev/mapper/cryptHDD
UUID=e0ca27f3-16c4-4551-b6ed-1abd9f649883	/HDD      	ext4      	rw,relatime,data=ordered	0 2

FWIW I also tried confirming the fstab entry by booting into the live USB, decrypting and mounting the root directory, then `arch-chroot /mnt`. I could then simply `mount /dev/nvme0n1p1`, which mounted the ESP correctly to /boot, confirming that /boot entry for fstab was correct.

fsckd wrote:

Share your grub.cfg and may be can work backwards from there.

Here is `/boot/grub/grub.cfg`.

#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
insmod part_gpt
insmod part_msdos
if [ -s $prefix/grubenv ]; then
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
    saved_entry="${chosen}"
    save_env saved_entry
  fi
}

function load_video {
  if [ x$feature_all_video_module = xy ]; then
    insmod all_video
  else
    insmod efi_gop
    insmod efi_uga
    insmod ieee1275_fb
    insmod vbe
    insmod vga
    insmod video_bochs
    insmod video_cirrus
  fi
}

if loadfont unicode ; then
  set gfxmode=auto
  load_video
  insmod gfxterm
  set locale_dir=$prefix/locale
  set lang=en_US
  insmod gettext
fi
terminal_input console
terminal_output gfxterm
if [ x$feature_timeout_style = xy ] ; then
  set timeout_style=menu
  set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
  set timeout=5
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/10_linux ###
menuentry 'Arch Linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-bc78a3fc-c325-4ddd-a4bb-70714b73d24b' {
	load_video
	set gfxpayload=keep
	insmod gzio
	insmod part_gpt
	insmod fat
	if [ x$feature_platform_search_hint = xy ]; then
	  search --no-floppy --fs-uuid --set=root  4A35-4EE8
	else
	  search --no-floppy --fs-uuid --set=root 4A35-4EE8
	fi
	echo	'Loading Linux linux ...'
	linux	/vmlinuz-linux root=UUID=bc78a3fc-c325-4ddd-a4bb-70714b73d24b rw  cryptdevice=/dev/disk/by-uuid/5bbe145a-0de3-49c1-9cc9-b98b89a2ea2f:cryptroot root=/dev/mapper/cryptroot
	echo	'Loading initial ramdisk ...'
	initrd  /initramfs-linux.img
}
submenu 'Advanced options for Arch Linux' $menuentry_id_option 'gnulinux-advanced-bc78a3fc-c325-4ddd-a4bb-70714b73d24b' {
	menuentry 'Arch Linux, with Linux linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-advanced-bc78a3fc-c325-4ddd-a4bb-70714b73d24b' {
		load_video
		set gfxpayload=keep
		insmod gzio
		insmod part_gpt
		insmod fat
		if [ x$feature_platform_search_hint = xy ]; then
		  search --no-floppy --fs-uuid --set=root  4A35-4EE8
		else
		  search --no-floppy --fs-uuid --set=root 4A35-4EE8
		fi
		echo	'Loading Linux linux ...'
		linux	/vmlinuz-linux root=UUID=bc78a3fc-c325-4ddd-a4bb-70714b73d24b rw  cryptdevice=/dev/disk/by-uuid/5bbe145a-0de3-49c1-9cc9-b98b89a2ea2f:cryptroot root=/dev/mapper/cryptroot
		echo	'Loading initial ramdisk ...'
		initrd  /initramfs-linux.img
	}
	menuentry 'Arch Linux, with Linux linux (fallback initramfs)' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-fallback-bc78a3fc-c325-4ddd-a4bb-70714b73d24b' {
		load_video
		set gfxpayload=keep
		insmod gzio
		insmod part_gpt
		insmod fat
		if [ x$feature_platform_search_hint = xy ]; then
		  search --no-floppy --fs-uuid --set=root  4A35-4EE8
		else
		  search --no-floppy --fs-uuid --set=root 4A35-4EE8
		fi
		echo	'Loading Linux linux ...'
		linux	/vmlinuz-linux root=UUID=bc78a3fc-c325-4ddd-a4bb-70714b73d24b rw  cryptdevice=/dev/disk/by-uuid/5bbe145a-0de3-49c1-9cc9-b98b89a2ea2f:cryptroot root=/dev/mapper/cryptroot
		echo	'Loading initial ramdisk ...'
		initrd  /initramfs-linux-fallback.img
	}
}

### END /etc/grub.d/10_linux ###

### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###

### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###

### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###

### BEGIN /etc/grub.d/41_custom ###
if [ -f  ${config_directory}/custom.cfg ]; then
  source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f  $prefix/custom.cfg ]; then
  source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###

Offline

#6 2017-10-13 02:32:41

fsckd
Forum Moderator
Registered: 2009-06-15
Posts: 4,102

Re: Cannot boot with dmcrypt + LUKS encrypted root

That looks like it should work. Can you confirm /boot/vmlinuz-linux exists?


aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies

Offline

#7 2017-10-13 02:49:25

Salkay
Member
Registered: 2014-05-22
Posts: 297

Re: Cannot boot with dmcrypt + LUKS encrypted root

fsckd wrote:

Can you confirm /boot/vmlinuz-linux exists?

Yes, after mounting the ESP aka /boot, I can confirm that /boot/vmlinuz-linux exists.

P.S. congratulations on your 4000th post! big_smile

Offline

#8 2017-10-15 10:13:36

fsckd
Forum Moderator
Registered: 2009-06-15
Posts: 4,102

Re: Cannot boot with dmcrypt + LUKS encrypted root

Thanks! big_smile

Hrm, unfortunately I'm stumped. It looks like it should work. There might be something I overlooked or haven't thought of...

May be change the thread title to something which matches the error so people don't get scared away by the mention of encryption. tongue


aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies

Offline

#9 2017-10-15 10:22:31

Salkay
Member
Registered: 2014-05-22
Posts: 297

Re: Cannot boot with dmcrypt + LUKS encrypted root

Good idea. I'll do that soon… after one more test. I'll attempt the install again except without the encryption steps, just to make sure 100% that the rest of it works. I'll post again after that test. Thank you again for all your help.

EDIT
That fails too. I just posted new simplified version with new topic.

Last edited by Salkay (2017-10-16 03:30:36)

Offline

#10 2017-10-17 09:33:58

fsckd
Forum Moderator
Registered: 2009-06-15
Posts: 4,102

Re: Cannot boot with dmcrypt + LUKS encrypted root

Alright. Technically that's cross-posting. tongue I'll close this thread so there's no risk of divided effort. Good luck!


aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies

Offline

Board footer

Powered by FluxBB