Arch Linux

Erneraude

Member

Registered: 2019-08-17

Posts: 2

[SOLVED] Trouble booting with an encrypted root

Hello everybody

I just made a fresh installation of Arch with an encrypted root and a unencrypted /boot in another partition using GRUB, following guidelines in this wiki article: Encrypting an entire system#LVM on LUKS. However the boot process seems a bit broken, as it doesn't ask me for decrypting the partition, and display me those error messages:

Starting version 242.84-1-arch
ERROR: device '/dev/mapper/home--vg-root' not found. Skipping fsck.
mount: /new_root: no filesystem type specified.
You are now being dropped into an emergency shell.
sh: can't access tty; job control turned off

However I can still do it manually, and those commands allow me to boot properly:

cryptsetup open /dev/nvme0n1p3 cryptlvm
mount /dev/mapper/home--vg-root /new_root
exit

So I can still boot but it is pretty annoying. Since the encryption work, I assume I made an error while setting up the boot process, either with mkinitcpio or grub. Here are my configuration files:

/etc/default/grub

# GRUB boot loader configuration

GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Arch"
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet cryptdevice=08b39496-6eb3-49ab-a00d-aeaacf7c4dd9:cryptlvm"
GRUB_CMDLINE_LINUX=""

# Preload both GPT and MBR modules so that they are not missed
GRUB_PRELOAD_MODULES="part_gpt part_msdos"

# Uncomment to enable booting from LUKS encrypted devices
GRUB_ENABLE_CRYPTODISK=y

# Set to 'countdown' or 'hidden' to change timeout behavior,
# press ESC key to display menu.
GRUB_TIMEOUT_STYLE=menu

# Uncomment to use basic console
GRUB_TERMINAL_INPUT=console

# Uncomment to disable graphical terminal
#GRUB_TERMINAL_OUTPUT=console

# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
GRUB_GFXMODE=auto

# Uncomment to allow the kernel use the same resolution used by grub
GRUB_GFXPAYLOAD_LINUX=keep

# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
#GRUB_DISABLE_LINUX_UUID=true

# Uncomment to disable generation of recovery mode menu entries
GRUB_DISABLE_RECOVERY=true

# Uncomment and set to the desired menu colors.  Used by normal and wallpaper
# modes only.  Entries specified as foreground/background.
#GRUB_COLOR_NORMAL="light-blue/black"
#GRUB_COLOR_HIGHLIGHT="light-cyan/blue"

# Uncomment one of them for the gfx desired, a image background or a gfxtheme
#GRUB_BACKGROUND="/path/to/wallpaper"
#GRUB_THEME="/path/to/gfxtheme"

# Uncomment to get a beep at GRUB start
#GRUB_INIT_TUNE="480 440 1"

# Uncomment to make GRUB remember the last selection. This requires to
# set 'GRUB_DEFAULT=saved' above.
#GRUB_SAVEDEFAULT="true"

The command `grub-mkconfig -o /boot/grub/grub.cfg` generates the following file:

#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
insmod part_gpt
insmod part_msdos
if [ -s $prefix/grubenv ]; then
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
    saved_entry="${chosen}"
    save_env saved_entry
  fi
}

function load_video {
  if [ x$feature_all_video_module = xy ]; then
    insmod all_video
  else
    insmod efi_gop
    insmod efi_uga
    insmod ieee1275_fb
    insmod vbe
    insmod vga
    insmod video_bochs
    insmod video_cirrus
  fi
}

if [ x$feature_default_font_path = xy ] ; then
   font=unicode
else
insmod lvm
insmod ext2
set root='lvmid/5atKN9-PQBi-T9wb-Iyz8-qP4y-HN2E-c5uLOT/C9zkjF-IHu0-qQkP-KgLf-8rAy-TVPu-HQ7gtj'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint=lvmid/5atKN9-PQBi-T9wb-Iyz8-qP4y-HN2E-c5uLOT/C9zkjF-IHu0-qQkP-KgLf-8rAy-TVPu-HQ7gtj'  a7bb84c4-e3cc-47d9-9be7-e8153ded1ad2
else
  search --no-floppy --fs-uuid --set=root a7bb84c4-e3cc-47d9-9be7-e8153ded1ad2
fi
    font="/usr/share/grub/unicode.pf2"
fi

if loadfont $font ; then
  set gfxmode=auto
  load_video
  insmod gfxterm
  set locale_dir=$prefix/locale
  set lang=en_US
  insmod gettext
fi
terminal_input console
terminal_output gfxterm
if [ x$feature_timeout_style = xy ] ; then
  set timeout_style=menu
  set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
  set timeout=5
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/10_linux ###
menuentry 'Arch Linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-a7bb84c4-e3cc-47d9-9be7-e8153ded1ad2' {
	load_video
	set gfxpayload=keep
	insmod gzio
	insmod part_gpt
	insmod ext2
	if [ x$feature_platform_search_hint = xy ]; then
	  search --no-floppy --fs-uuid --set=root 6efc0141-4ed6-4046-b1bd-10779f8ec359
	else
	  search --no-floppy --fs-uuid --set=root 6efc0141-4ed6-4046-b1bd-10779f8ec359
	fi
	echo	'Loading Linux linux ...'
	linux	/vmlinuz-linux root=/dev/mapper/home--vg-root rw  loglevel=3 quiet cryptdevice=08b39496-6eb3-49ab-a00d-aeaacf7c4dd9:cryptlvm
	echo	'Loading initial ramdisk ...'
	initrd	/initramfs-linux.img
}
submenu 'Advanced options for Arch Linux' $menuentry_id_option 'gnulinux-advanced-a7bb84c4-e3cc-47d9-9be7-e8153ded1ad2' {
	menuentry 'Arch Linux, with Linux linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-advanced-a7bb84c4-e3cc-47d9-9be7-e8153ded1ad2' {
		load_video
		set gfxpayload=keep
		insmod gzio
		insmod part_gpt
		insmod ext2
		if [ x$feature_platform_search_hint = xy ]; then
		  search --no-floppy --fs-uuid --set=root  6efc0141-4ed6-4046-b1bd-10779f8ec359
		else
		  search --no-floppy --fs-uuid --set=root 6efc0141-4ed6-4046-b1bd-10779f8ec359
		fi
		echo	'Loading Linux linux ...'
		linux	/vmlinuz-linux root=/dev/mapper/home--vg-root rw  loglevel=3 quiet cryptdevice=08b39496-6eb3-49ab-a00d-aeaacf7c4dd9:cryptlvm
		echo	'Loading initial ramdisk ...'
		initrd	/initramfs-linux.img
	}
	menuentry 'Arch Linux, with Linux linux (fallback initramfs)' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-fallback-a7bb84c4-e3cc-47d9-9be7-e8153ded1ad2' {
		load_video
		set gfxpayload=keep
		insmod gzio
		insmod part_gpt
		insmod ext2
		if [ x$feature_platform_search_hint = xy ]; then
		  search --no-floppy --fs-uuid --set=root 6efc0141-4ed6-4046-b1bd-10779f8ec359
		else
		  search --no-floppy --fs-uuid --set=root 6efc0141-4ed6-4046-b1bd-10779f8ec359
		fi
		echo	'Loading Linux linux ...'
		linux	/vmlinuz-linux root=/dev/mapper/home--vg-root rw  loglevel=3 quiet cryptdevice=08b39496-6eb3-49ab-a00d-aeaacf7c4dd9:cryptlvm
		echo	'Loading initial ramdisk ...'
		initrd	/initramfs-linux-fallback.img
	}
}

### END /etc/grub.d/10_linux ###

### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###

### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###

### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###

### BEGIN /etc/grub.d/41_custom ###
if [ -f  ${config_directory}/custom.cfg ]; then
  source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f  $prefix/custom.cfg ]; then
  source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###

And here is my /etc/mkinitcpio.conf file (I used the command `mkinitcpio -p linux` after modifying it):

# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run.  Advanced users may wish to specify all system modules
# in this array.  For instance:
#     MODULES=(piix ide_disk reiserfs)
MODULES=()

# BINARIES
# This setting includes any additional binaries a given user may
# wish into the CPIO image.  This is run last, so it may be used to
# override the actual binaries included by a given hook
# BINARIES are dependency parsed, so you may safely ignore libraries
BINARIES=()

# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in any way.  This is useful for config files.
FILES=()

# HOOKS
# This is the most important setting in this file.  The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added.  Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
##   This setup specifies all modules in the MODULES setting above.
##   No raid, lvm2, or encrypted root is needed.
#    HOOKS=(base)
#
##   This setup will autodetect all modules for your system and should
##   work as a sane default
#    HOOKS=(base udev autodetect block filesystems)
#
##   This setup will generate a 'full' image which supports most systems.
##   No autodetection is done.
#    HOOKS=(base udev block filesystems)
#
##   This setup assembles a pata mdadm array with an encrypted root FS.
##   Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
#    HOOKS=(base udev block mdadm encrypt filesystems)
#
##   This setup loads an lvm2 volume group on a usb device.
#    HOOKS=(base udev block lvm2 filesystems)
#
##   NOTE: If you have /usr on a separate partition, you MUST include the
#    usr, fsck and shutdown hooks.
HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems fsck)

# COMPRESSION
# Use this to compress the initramfs image. By default, gzip compression
# is used. Use 'cat' to create an uncompressed image.
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
#COMPRESSION="xz"
#COMPRESSION="lzop"
#COMPRESSION="lz4"

# COMPRESSION_OPTIONS
# Additional options for the compressor
#COMPRESSION_OPTIONS=()

Here is the output of the command `lsblk -f`, just after booting and logging into the system:

NAME                FSTYPE      LABEL UUID                                   FSAVAIL FSUSE% MOUNTPOINT
nvme0n1                                                                                     
├─nvme0n1p1         vfat              8502-EF67                               255.9M     0% /boot/efi
├─nvme0n1p2         ext4        boot  6efc0141-4ed6-4046-b1bd-10779f8ec359    377.3M    15% /boot
└─nvme0n1p3         crypto_LUKS       08b39496-6eb3-49ab-a00d-aeaacf7c4dd9         
  └─cryptlvm        LVM2_member       UX4JVG-6wF7-kiM8-b3Cp-dE09-jWi4-a985H7                
    ├─home--vg-swap swap        swap  be4bdf00-8d29-44e7-8ccf-4cd8f7dd6c9d                  [SWAP]
    └─home--vg-root ext4        root  a7bb84c4-e3cc-47d9-9be7-e8153ded1ad2      851G     0% /

Last edited by Erneraude (2019-08-19 16:32:15)

Erneraude

Member

Registered: 2019-08-17

Posts: 2

Re: [SOLVED] Trouble booting with an encrypted root

I finally found the solution, it was a little mistake in the grub configuration, I changed it to the following in /etc/default/grub:

GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet cryptdevice=UUID=08b39496-6eb3-49ab-a00d-aeaacf7c4dd9:cryptlvm"

The UUID= was missing.