LUKS on LVM - single encrypted root partition - kernel not found

soripants · 2019-05-03 17:37:38

Hello,

I'm attempting to add another encrypted arch install for work to my existing LVM partition - I have linux/home, linux/root, and linux/swap- and now I'm adding linux/work. I can get it encrypted just fine, and then I can get it installed- but I'm having a hell of a time getting it to boot with a new boot menu.

I've been following this guide here: https://wiki.archlinux.org/index.php/Dm … UKS_on_LVM - and trying to modify it for my needs. Here are my Hooks:

HOOKS=(base udev autodetect keyboard keymap modconf block lvm2 encrypt filesystems fsck)

If I add "cryptdevice=(/dev/linux/work UUID):root root=/dev/mapper/root" to /etc/defaults/grub kernel perimeters my main install doesn't boot (blank screen.) I seem to be able to reproduce that specific thing in my menu entry but it still doesn't boot. Here's my menu entry for this:

menuentry 'Arch Linux - Work' --class arch --class gnu-linux --class gnu --class os {
	load_video
	set gfxpayload=keep
	insmod gzio
	insmod ext2
	if [ x$feature_platform_search_hint = xy ]; then
	  search --no-floppy --fs-uuid --set=root --hint-ieee1275='ieee1275//disk@0,gpt1' --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1  EC87-E2F1
	else
	  search --no-floppy --fs-uuid --set=root EC87-E2F1
	fi
	linux	/vmlinuz-linux-work cryptdevice=UUID=ab4e9982-2f9d-43c1-9861-9ab5f4817bc4:root root=/dev/mapper/root rw quiet
	initrd	/initramfs-linux-work.img
}

And for reference, here's my blkid with the partition open:

/dev/sda1: UUID="EC87-E2F1" TYPE="vfat" PARTUUID="14a65227-f427-ab44-836b-19f7507115f0"
/dev/sda2: UUID="ESipwX-K51U-adxv-eRbs-dqsb-cFqf-X3jF3A" TYPE="LVM2_member" PARTUUID="83dfe0c7-ff86-4d42-91a0-eec85fee8c4c"
/dev/mapper/linux-root: UUID="1481cf6f-8e8d-4fdd-b93f-6114fa6cda79" TYPE="ext4"
/dev/mapper/linux-home: UUID="27e12b69-0075-4dc1-a436-918a50f5f06d" TYPE="ext4"
/dev/mapper/linux-work: UUID="ab4e9982-2f9d-43c1-9861-9ab5f4817bc4" TYPE="crypto_LUKS"
/dev/mapper/root: UUID="d790b559-279f-4442-a27d-0b67ac4ab1f2" TYPE="ext4"

Adding the cryptdevice kernel parameter ends up causing a black screen on boot in both cases, so I've added it to my "linux" line in the menu entry. I've generated separate kernels using mkinitcpio with arch-chroot logged into the new encrypted system on the old one. I'm not sure where this is going wrong - I just get a blank screen when crypt tries to unlock the device.

Last edited by soripants (2019-05-03 18:05:18)

JayDoe · 2019-05-04 09:29:11

I think this line should look like this:

linux /vmlinuz-linux-work cryptdevice=UUID=ab4e9982-2f9d-43c1-9861-9ab5f4817bc4:root root=/dev/mapper/linux-root rw quiet

.

soripants · 2019-05-04 18:48:17

JayDoe wrote:

I think this line should look like this:
linux /vmlinuz-linux-work cryptdevice=UUID=ab4e9982-2f9d-43c1-9861-9ab5f4817bc4:root root=/dev/mapper/linux-root rw quiet
.

/dev/mapper/root is what the line cryptdevice=UUID=ab4e9982-2f9d-43c1-9861-9ab5f4817bc4:root sets it up as, right?

r0b0t · 2019-05-04 19:26:42

Is there any point on encrypting only one partition...?

soripants · 2019-05-04 20:18:08

r0b0t wrote:

Is there any point on encrypting only one partition...?

Work needs to have a separate encryption than personal and it needs to be on the same machine.

JayDoe · 2019-05-04 21:13:24

soripants wrote:

/dev/mapper/root is what the line cryptdevice=UUID=ab4e9982-2f9d-43c1-9861-9ab5f4817bc4:root sets it up as, right?

Maybe I misunderstood you... is /dev/mapper/linux-work: UUID="ab4e9982-2f9d-43c1-9861-9ab5f4817bc4" TYPE="crypto_LUKS" a root partition with a separate "work" linux installation on it?

If "linux-work"points to your root directory, then the command in grub should be (afaik)

root=/dev/mapper/linux-work

because that's were your root filesystem is:

/dev/sda1: UUID="EC87-E2F1" TYPE="vfat" PARTUUID="14a65227-f427-ab44-836b-19f7507115f0"
/dev/sda2: UUID="ESipwX-K51U-adxv-eRbs-dqsb-cFqf-X3jF3A" TYPE="LVM2_member" PARTUUID="83dfe0c7-ff86-4d42-91a0-eec85fee8c4c"
/dev/mapper/linux-root: UUID="1481cf6f-8e8d-4fdd-b93f-6114fa6cda79" TYPE="ext4"
/dev/mapper/linux-home: UUID="27e12b69-0075-4dc1-a436-918a50f5f06d" TYPE="ext4"
/dev/mapper/linux-work: UUID="ab4e9982-2f9d-43c1-9861-9ab5f4817bc4" TYPE="crypto_LUKS"
/dev/mapper/root: UUID="d790b559-279f-4442-a27d-0b67ac4ab1f2" TYPE="ext4"

For your other linux installation it should be then

root=/dev/mapper/linux-root

See also https://www.gnu.org/software/grub/manua … .html#root

Maybe just try it...

soripants · 2019-05-05 01:23:59

JayDoe wrote:

soripants wrote:
/dev/mapper/root is what the line cryptdevice=UUID=ab4e9982-2f9d-43c1-9861-9ab5f4817bc4:root sets it up as, right?
Maybe I misunderstood you... is /dev/mapper/linux-work: UUID="ab4e9982-2f9d-43c1-9861-9ab5f4817bc4" TYPE="crypto_LUKS" a root partition with a separate "work" linux installation on it?
If "linux-work"points to your root directory, then the command in grub should be (afaik)
root=/dev/mapper/linux-work
because that's were your root filesystem is:
/dev/sda1: UUID="EC87-E2F1" TYPE="vfat" PARTUUID="14a65227-f427-ab44-836b-19f7507115f0"
/dev/sda2: UUID="ESipwX-K51U-adxv-eRbs-dqsb-cFqf-X3jF3A" TYPE="LVM2_member" PARTUUID="83dfe0c7-ff86-4d42-91a0-eec85fee8c4c"
/dev/mapper/linux-root: UUID="1481cf6f-8e8d-4fdd-b93f-6114fa6cda79" TYPE="ext4"
/dev/mapper/linux-home: UUID="27e12b69-0075-4dc1-a436-918a50f5f06d" TYPE="ext4"
/dev/mapper/linux-work: UUID="ab4e9982-2f9d-43c1-9861-9ab5f4817bc4" TYPE="crypto_LUKS"
/dev/mapper/root: UUID="d790b559-279f-4442-a27d-0b67ac4ab1f2" TYPE="ext4"
For your other linux installation it should be then
root=/dev/mapper/linux-root
See also https://www.gnu.org/software/grub/manua … .html#root

Maybe just try it...

I tried it - so to explain "/dev/mapper/root" IS /dev/mapper/linux-work when it is unlocked. It's what you access after you unlock /dev/mapper/linux-work with "cryptsetup open /dev/mapper/linux-work root."

The line "cryptdevice=UUID=ab4e9982-2f9d-43c1-9861-9ab5f4817bc4:root" is supposed to be doing this, and it doesn't work in either kernel parameters or in the menu entry, where I have it now.

soripants · 2019-05-06 22:09:05

Abandoning this attempt, probably something to do with my laptop hardware. Will run in a VM instead.

2ManyDogs · 2019-05-06 23:09:37

Closing this abandoned topic.

Arch Linux

#1 2019-05-03 17:37:38

LUKS on LVM - single encrypted root partition - kernel not found

#2 2019-05-04 09:29:11

Re: LUKS on LVM - single encrypted root partition - kernel not found

#3 2019-05-04 18:48:17

Re: LUKS on LVM - single encrypted root partition - kernel not found

#4 2019-05-04 19:26:42

Re: LUKS on LVM - single encrypted root partition - kernel not found

#5 2019-05-04 20:18:08

Re: LUKS on LVM - single encrypted root partition - kernel not found

#6 2019-05-04 21:13:24

Re: LUKS on LVM - single encrypted root partition - kernel not found

#7 2019-05-05 01:23:59

Re: LUKS on LVM - single encrypted root partition - kernel not found

#8 2019-05-06 22:09:05

Re: LUKS on LVM - single encrypted root partition - kernel not found

#9 2019-05-06 23:09:37

Re: LUKS on LVM - single encrypted root partition - kernel not found

Board footer