You are not logged in.

#1 2019-10-08 08:21:29

LHP22
Member
Registered: 2019-10-08
Posts: 11

[Solved] Encrypted root with dm-crypt (LUKS method) boot failed.

Hi!

I come here as last hope. I've used Arch for one year, and i've decided to reinstall it with this method : https://wiki.archlinux.org/index.php/Dm … _partition .

When I boot, I get this grub error message :

Welcome to GRUB!

error: no such device: 5055e6c8-e6d9-49c3-b3e7-0d89fa5e3dae.
error: unknown filesystem.
Enterig rescue mode...
grub rescue>

But, I don't see what I've bad done with my /etc/default/grub file. You'll find below all the files I think about that you could need to help me >.<" And I did `grub-mkconfig -o /boot/grub/grub.cfg` after modifying my /etc/default/grub.

May anyone help me ?

Answer : For me, mount points wern't important. In fact, they were. I have installed grub in /boot/efi, with /boot which was in my root partition (encrypted), and no in my boot partition (uncrypted). I've merged these (see below), and GRUB booted. smile

_____

This is `lsblk -f` answer


sda is the archlinux install usb key, where the commands are executed from
sdb : the usb on which I copy the results, to copy here from another computer
mmcblk0 : my main "disk" (flash card)
  - p1 : boot partition
  - p2 : root partition
  - p3 : swap partition
  - p4 : home partition

mmcblk0p2 is encrypted with a passphrase, mmcblk0p4 with a keyfile stored in p2.

About the mounpoint : i've all mounted in the ~ folder of the install key usb.


My mkinitcpio.conf :

# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run.  Advanced users may wish to specify all system modules
# in this array.  For instance:
#     MODULES=(piix ide_disk reiserfs)
MODULES=()

# BINARIES
# This setting includes any additional binaries a given user may
# wish into the CPIO image.  This is run last, so it may be used to
# override the actual binaries included by a given hook
# BINARIES are dependency parsed, so you may safely ignore libraries
BINARIES=()

# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in any way.  This is useful for config files.
FILES=()

# HOOKS
# This is the most important setting in this file.  The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added.  Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
##   This setup specifies all modules in the MODULES setting above.
##   No raid, lvm2, or encrypted root is needed.
#    HOOKS=(base)
#
##   This setup will autodetect all modules for your system and should
##   work as a sane default
#    HOOKS=(base udev autodetect block filesystems)
#
##   This setup will generate a 'full' image which supports most systems.
##   No autodetection is done.
#    HOOKS=(base udev block filesystems)
#
##   This setup assembles a pata mdadm array with an encrypted root FS.
##   Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
#    HOOKS=(base udev block mdadm encrypt filesystems)
#
##   This setup loads an lvm2 volume group on a usb device.
#    HOOKS=(base udev block lvm2 filesystems)
#
##   NOTE: If you have /usr on a separate partition, you MUST include the
#    usr, fsck and shutdown hooks.
HOOKS=(base udev autodetect keyboard keymap modconf block encrypt filesystems keyboard fsck)

# COMPRESSION
# Use this to compress the initramfs image. By default, gzip compression
# is used. Use 'cat' to create an uncompressed image.
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
#COMPRESSION="xz"
#COMPRESSION="lzop"
#COMPRESSION="lz4"

# COMPRESSION_OPTIONS
# Additional options for the compressor
#COMPRESSION_OPTIONS=()

My /etc/default/grub file :

# GRUB boot loader configuration

GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Arch"
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet"
GRUB_CMDLINE_LINUX="cryptdevice=UUID=8b886454-ad90-4b81-82b2-8370ee5d4cc3:cryptroot root=/dev/mapper/cryptroot"

# Preload both GPT and MBR modules so that they are not missed
GRUB_PRELOAD_MODULES="part_gpt part_msdos"

# Uncomment to enable booting from LUKS encrypted devices
#GRUB_ENABLE_CRYPTODISK=y

# Set to 'countdown' or 'hidden' to change timeout behavior,
# press ESC key to display menu.
GRUB_TIMEOUT_STYLE=menu

# Uncomment to use basic console
GRUB_TERMINAL_INPUT=console

# Uncomment to disable graphical terminal
#GRUB_TERMINAL_OUTPUT=console

# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
GRUB_GFXMODE=auto

# Uncomment to allow the kernel use the same resolution used by grub
GRUB_GFXPAYLOAD_LINUX=keep

# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
#GRUB_DISABLE_LINUX_UUID=true

# Uncomment to disable generation of recovery mode menu entries
GRUB_DISABLE_RECOVERY=true

# Uncomment and set to the desired menu colors.  Used by normal and wallpaper
# modes only.  Entries specified as foreground/background.
#GRUB_COLOR_NORMAL="light-blue/black"
#GRUB_COLOR_HIGHLIGHT="light-cyan/blue"

# Uncomment one of them for the gfx desired, a image background or a gfxtheme
#GRUB_BACKGROUND="/path/to/wallpaper"
#GRUB_THEME="/path/to/gfxtheme"

# Uncomment to get a beep at GRUB start
#GRUB_INIT_TUNE="480 440 1"

# Uncomment to make GRUB remember the last selection. This requires to
# set 'GRUB_DEFAULT=saved' above.
#GRUB_SAVEDEFAULT="true"

And, if that can help

My crypttab file :

# Configuration for encrypted block devices.
# See crypttab(5) for details.

# NOTE: Do not list your root (/) partition here, it must be set up
#       beforehand by the initramfs (/etc/mkinitcpio.conf).

# <name>       <device>                                     <password>              <options>
# home         UUID=b8ad5c18-f445-495d-9095-c9ec4f9d2f37    /etc/mypassword1
# data1        /dev/sda3                                    /etc/mypassword2
# data2        /dev/sda5                                    /etc/cryptfs.key
cryptswap      UUID=e235e691-9e91-4814-8799-ef064b4d7050    /dev/urandom            swap,cipher=aes-cbc-essiv:sha256,size=512,offset=2048
# vol          /dev/sdb7                                    none
crypthome      UUID=4bcebc66-f299-4adc-994e-67dbb3440f09    /etc/keyfile4             

And my fstab file :

# Static information about the filesystems.
# See fstab(5) for details.

# <file system> <dir> <type> <options> <dump> <pass>

/dev/mapper/crypthome 	/home         	ext4      	rw,relatime	0 1
/dev/mapper/cryptswap   none swap defaults 0 0

# /dev/mmcblk1p1
UUID=9d52ba46-665e-4a93-84c6-74be4af16c51	/mnt/csd         	ext4      	rw,relatime	0 1

And, if needed my /boot/grub/grub.cfg after

grub-mkconfig -o /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
insmod part_gpt
insmod part_msdos
if [ -s $prefix/grubenv ]; then
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
    saved_entry="${chosen}"
    save_env saved_entry
  fi
}

function load_video {
  if [ x$feature_all_video_module = xy ]; then
    insmod all_video
  else
    insmod efi_gop
    insmod efi_uga
    insmod ieee1275_fb
    insmod vbe
    insmod vga
    insmod video_bochs
    insmod video_cirrus
  fi
}

if [ x$feature_default_font_path = xy ] ; then
   font=unicode
else
insmod ext2
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root  5055e6c8-e6d9-49c3-b3e7-0d89fa5e3dae
else
  search --no-floppy --fs-uuid --set=root 5055e6c8-e6d9-49c3-b3e7-0d89fa5e3dae
fi
    font="/usr/share/grub/unicode.pf2"
fi

if loadfont $font ; then
  set gfxmode=auto
  load_video
  insmod gfxterm
  set locale_dir=$prefix/locale
  set lang=en_US
  insmod gettext
fi
terminal_input console
terminal_output gfxterm
if [ x$feature_timeout_style = xy ] ; then
  set timeout_style=menu
  set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
  set timeout=5
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/10_linux ###
menuentry 'Arch Linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-5055e6c8-e6d9-49c3-b3e7-0d89fa5e3dae' {
	load_video
	set gfxpayload=keep
	insmod gzio
	insmod ext2
	if [ x$feature_platform_search_hint = xy ]; then
	  search --no-floppy --fs-uuid --set=root  5055e6c8-e6d9-49c3-b3e7-0d89fa5e3dae
	else
	  search --no-floppy --fs-uuid --set=root 5055e6c8-e6d9-49c3-b3e7-0d89fa5e3dae
	fi
	echo	'Loading Linux linux ...'
	linux	/boot/vmlinuz-linux root=UUID=5055e6c8-e6d9-49c3-b3e7-0d89fa5e3dae rw cryptdevice=UUID=8b886454-ad90-4b81-82b2-8370ee5d4cc3:cryptroot root=/dev/mapper/cryptroot loglevel=3 quiet
	echo	'Loading initial ramdisk ...'
	initrd	/boot/intel-ucode.img /boot/initramfs-linux.img
}
submenu 'Advanced options for Arch Linux' $menuentry_id_option 'gnulinux-advanced-5055e6c8-e6d9-49c3-b3e7-0d89fa5e3dae' {
	menuentry 'Arch Linux, with Linux linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-advanced-5055e6c8-e6d9-49c3-b3e7-0d89fa5e3dae' {
		load_video
		set gfxpayload=keep
		insmod gzio
		insmod ext2
		if [ x$feature_platform_search_hint = xy ]; then
		  search --no-floppy --fs-uuid --set=root  5055e6c8-e6d9-49c3-b3e7-0d89fa5e3dae
		else
		  search --no-floppy --fs-uuid --set=root 5055e6c8-e6d9-49c3-b3e7-0d89fa5e3dae
		fi
		echo	'Loading Linux linux ...'
		linux	/boot/vmlinuz-linux root=UUID=5055e6c8-e6d9-49c3-b3e7-0d89fa5e3dae rw cryptdevice=UUID=8b886454-ad90-4b81-82b2-8370ee5d4cc3:cryptroot root=/dev/mapper/cryptroot loglevel=3 quiet
		echo	'Loading initial ramdisk ...'
		initrd	/boot/intel-ucode.img /boot/initramfs-linux.img
	}
	menuentry 'Arch Linux, with Linux linux (fallback initramfs)' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-fallback-5055e6c8-e6d9-49c3-b3e7-0d89fa5e3dae' {
		load_video
		set gfxpayload=keep
		insmod gzio
		insmod ext2
		if [ x$feature_platform_search_hint = xy ]; then
		  search --no-floppy --fs-uuid --set=root  5055e6c8-e6d9-49c3-b3e7-0d89fa5e3dae
		else
		  search --no-floppy --fs-uuid --set=root 5055e6c8-e6d9-49c3-b3e7-0d89fa5e3dae
		fi
		echo	'Loading Linux linux ...'
		linux	/boot/vmlinuz-linux root=UUID=5055e6c8-e6d9-49c3-b3e7-0d89fa5e3dae rw cryptdevice=UUID=8b886454-ad90-4b81-82b2-8370ee5d4cc3:cryptroot root=/dev/mapper/cryptroot loglevel=3 quiet
		echo	'Loading initial ramdisk ...'
		initrd	/boot/initramfs-linux-fallback.img
	}
}

### END /etc/grub.d/10_linux ###

### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###

### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###

### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###

### BEGIN /etc/grub.d/41_custom ###
if [ -f  ${config_directory}/custom.cfg ]; then
  source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f  $prefix/custom.cfg ]; then
  source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###

Last edited by LHP22 (2019-10-08 12:21:17)

Offline

#2 2019-10-08 08:54:34

frostschutz
Member
Registered: 2013-11-15
Posts: 1,409

Re: [Solved] Encrypted root with dm-crypt (LUKS method) boot failed.

		if [ x$feature_platform_search_hint = xy ]; then
		  search --no-floppy --fs-uuid --set=root  5055e6c8-e6d9-49c3-b3e7-0d89fa5e3dae
		else
		  search --no-floppy --fs-uuid --set=root 5055e6c8-e6d9-49c3-b3e7-0d89fa5e3dae
		fi

For some reason your grub.cfg looks for the UUID of your ext4 root filesystem. Which it can't find because ... hey, it's encrypted!

What it should be looking for instead is your unencrypted boot partition.

So maybe your /boot was not mounted. And hey I don't see /boot in your fstab. And the way you mounted it earlier (/root/boot and /root/root) is incorrect as well, after all, it would be /root/root/boot or rather (on a livecd) mount root to /mnt and boot to /mnt/boot, (and bind proc sys dev), then chroot.

Basically a dependency problem, if you have a boot partition it should be mounted and set as the boot partition. Your grub didn't see any boot partition and assumed /boot as belonging to your / root. And due to the encryption this won't work unless you follow steps to make encrypted /boot work which means using LUKS1 instead of LUKS2, enabling grub cryptodisk support, reinstalling grub and other things.

But you have unencrypted /boot, which makes things so much simpler, you just have to mount it properly and/or tell grub about it.

Last edited by frostschutz (2019-10-08 08:57:15)

Offline

#3 2019-10-08 09:02:50

LHP22
Member
Registered: 2019-10-08
Posts: 11

Re: [Solved] Encrypted root with dm-crypt (LUKS method) boot failed.

1/ About mountpoints : i've all mounted in the root home from the arch key.to get this lsblk.

2/ If the linux img isn't found (that's the case, no?), fstab can be found, so it can't be the problem, isn't it ?

[sout][edit : i try your tips][/sout]

Last edited by LHP22 (2019-10-08 09:04:20)

Offline

#4 2019-10-08 09:12:03

LHP22
Member
Registered: 2019-10-08
Posts: 11

Re: [Solved] Encrypted root with dm-crypt (LUKS method) boot failed.

I did, after arch-chroot

pacman -R grub
pacman -S grub
mount /dev/mmcblk1p1 /boot/efi
grub-install --target=x86_86-efi --efi-directory=/boot/efi --bootloader-id=GRUB
[modify the GRUB_CMDLINE_LINUX line as above]
grub-mkconfig -o /boot/grub/grub.cfg

And I get the same error message.

Offline

#5 2019-10-08 09:51:43

frostschutz
Member
Registered: 2013-11-15
Posts: 1,409

Re: [Solved] Encrypted root with dm-crypt (LUKS method) boot failed.

in your earlier lsblk, it was "/root/boot"

mount /dev/mmcblk1p1 /boot/efi

now, it's /boot/efi

if it's /boot/efi but your kernel and initrd is in /boot, which belongs to /, it would mean your kernel and initrd is encrypted and grub would have to decrypt it (grub cryptodisk). Which is possible but only for LUKS1, not LUKS2 encryption.

my preference is to have /boot unencrypted. in the end you just have to pick one or the other. your current state is a "mixed up"

----

the wiki you linked to does it correctly. it puts the encrypted root filesystem in /mnt. then it puts the unencrypted boot partition in /mnt/boot. (not boot/efi). so kernel, initrd, etc. will be unencrypted and grub does not need cryptodisk support, and not look for /boot/kernel (relative to rootfs) but /kernel (relative to boot partition)

maybe someone else can explain this better, sorry

Last edited by frostschutz (2019-10-08 09:56:06)

Offline

#6 2019-10-08 10:06:28

LHP22
Member
Registered: 2019-10-08
Posts: 11

Re: [Solved] Encrypted root with dm-crypt (LUKS method) boot failed.

Ok, yes. I think I understand where I was wrong. I try to reset up partitions properly, and I come here again if that doesn't work. thanks smile

Offline

#7 2019-10-08 10:19:13

LHP22
Member
Registered: 2019-10-08
Posts: 11

Re: [Solved] Encrypted root with dm-crypt (LUKS method) boot failed.

So, I've mounted /dev/mmcblk0p1 on a folder, copy it in /boot/efi and then copy /boot in /dev/mmcblk0p1, and then re set up grub, and then it's OK ! big_smile

If I get other issues about crypted system set upin, should I post here a open a new subject ?

Offline

#8 2019-10-08 12:22:34

LHP22
Member
Registered: 2019-10-08
Posts: 11

Re: [Solved] Encrypted root with dm-crypt (LUKS method) boot failed.

Thx frostschutz ! I send you web chocolate cookies ! :3 You saved my day smile

I mark [Solved] this topic : all the problems i've got after the boot I could solve.

Offline

Board footer

Powered by FluxBB