You are not logged in.

#1 2020-02-12 11:06:26

duskrider
Member
Registered: 2020-02-12
Posts: 7

Booting encrypted hdd from EFI fails

Hello everyone,

I am new to Arch, but not new to Linux, so I know some of the basics. Trying to install Arch on my Laptop (ASUS N550J), I have run into two problems I couldn't solve. First my basic setup:

/dev/sda uses a GPT partition table
/dev/sda1 is an EFI partition (ESP)
/dev/sda2 is LUKS-encrypted (--type=luks1), mapped to /dev/mapper/luks
root, tmp, var, home, swap are LVM-volumes on top of /dev/mapper/luks

I am trying to boot an EFISTUB directly from ESP, no other boot loader is involved.

1) First problem (unsolved, but worked around):
mkinitcpio says

==> ERROR: Hook 'filesystems' cannot be found

The hook itself is obviously there, and I can query it using

mkinitcpio -H filesystems

But after boot ext4 is unknown, so I assume it's the filesystem modules themselves that are missing.

Therefore my workaround is:

MODULES=(ext4)

2) Second problem (unsolved):

I fall into an emergency shell:

TSC_DEADLINE disabled due to Errata; please update microcode to version 0x22 (or later)
:: running early hook [udev]
Starting version 244.2-2-arch
:: running early hook [lvm2]
:: running hook [udev]
:: Triggering uevents...
:: running hook [keymap]
:: Loading keymap...done
:: running hook [encrypt]
ERROR: device b8ddae82-3c09-45df-b4da-307bf78325b5' not found. Skipping fsck
:: mounting b8ddae82-3c09-45df-b4da-307bf78325b5 on real root
mount: /new_root: special deviceb8ddae82-3c09-45df-b4da-307bf78325b5 does not exist.
You are being dropped into an emergency shell.
sh: can't access tty: job control turned off

from there, I can run

cryptsetup open /dev/sda2 luks
mount /dev/lvm/root new_root
exit

and boot normally. But the automatic decryption is not triggered.

Debug data

mkinitcpio.conf
Default, except:

MODULES=(ext4)
HOOKS=(base udev autodetect keyboard keymap modconf block encrypt lvm2 fileystems fsck)

efibootmgr calls

LUKS="63821303-69c3-4d95-a69c-4d1e1650a1af"
ROOT="b8ddae82-3c09-45df-b4da-307bf78325b5"

mkentry()
{
	efibootmgr -c -d /dev/sda -p 1 -L "$1" -l "$2" -u 'cryptdevice='$LUKS':luks root='$ROOT' rw verbose initrd='"$3"
}

mkentry "Arch Rescue"  \\vmlinuz-linux-lts \\initramfs-linux-lts-fallback.img
mkentry "Arch LTS"     \\vmlinuz-linux-lts \\initramfs-linux-lts.img
mkentry "Arch Default" \\vmlinuz-linux     \\initramfs-linux.img

efibootmgr -v

...
Boot0002* Arch Default	HD(1,GPT,1588c111-ca95-bb45-be18-43f242043c8e,0x800,0x96000)/File(\vmlinuz-linux)c.r.y.p.t.d.e.v.i.c.e.=.6.3.8.2.1.3.0.3.-.6.9.c.3.-.4.d.9.5.-.a.6.9.c.-.4.d.1.e.1.6.5.0.a.1.a.f.:.l.u.k.s. .r.o.o.t.=.b.8.d.d.a.e.8.2.-.3.c.0.9.-.4.5.d.f.-.b.4.d.a.-.3.0.7.b.f.7.8.3.2.5.b.5. .r.w. .v.e.r.b.o.s.e. .i.n.i.t.r.d.=.\.i.n.i.t.r.a.m.f.s.-.l.i.n.u.x...i.m.g.
...

blkid

/dev/sda1: UUID="58E8-14FC" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="1588c111-ca95-bb45-be18-43f242043c8e"
/dev/sda2: UUID="63821303-69c3-4d95-a69c-4d1e1650a1af" TYPE="crypto_LUKS" PARTUUID="40cd571b-ebed-f548-97ea-addac72aeecd"
/dev/sdb1: LABEL="ARCH_202002" UUID="08E1-C500" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="2405243e-01"
/dev/mapper/luks: UUID="EfPe6i-2Utp-gbso-fb8H-e4En-cTXZ-8Ob2mN" TYPE="LVM2_member"
/dev/mapper/lvm-root: UUID="b8ddae82-3c09-45df-b4da-307bf78325b5" BLOCK_SIZE="4096" TYPE="ext4"
/dev/mapper/lvm-swap: UUID="22fcc410-1c7a-41dc-9797-35a00e10f68f" TYPE="swap"
/dev/mapper/lvm-home: UUID="3d636d3c-c2d5-40db-8ceb-70105f032626" BLOCK_SIZE="4096" TYPE="ext4"
/dev/mapper/lvm-var: UUID="f27883df-2714-4234-a9e6-ba35380a7035" BLOCK_SIZE="4096" TYPE="ext4"
/dev/mapper/lvm-tmp: UUID="5366bf55-1563-4c53-b146-4e510ce9e286" BLOCK_SIZE="4096" TYPE="ext4"

I am very grateful for all the hints you can give me! I am obviously most interested in a solution for problem 2, but I would also like to understand problem 1 (And maybe it contributes? Although the initramfs seems to have all modules necessary to boot...).

Best Regards,
Jörg

Offline

#2 2020-02-12 11:37:15

frostschutz
Member
Registered: 2013-11-15
Posts: 1,409

Re: Booting encrypted hdd from EFI fails

I don't understand why it can't find the filesystems hook, any invisible/special characters in the config file, sometimes you get these with copypaste?

What are your kernel parameters? In the emergency shell, cat /proc/cmdline

it has to know to decrypt the luks device uuid 63821303-69c3-4d95-a69c-4d1e1650a1af , then run lvm2 before it can find the root uuid b8ddae82-3c09-45df-b4da-307bf78325b5

(the efibootmgr looks like that might be what it does but its hard to read that way)

Last edited by frostschutz (2020-02-12 11:40:33)

Offline

#3 2020-02-12 11:38:29

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 21,427

Re: Booting encrypted hdd from EFI fails

Not sure regarding the mkinitcpio problem but for the second you didn't specify UUID= in both definitions that would be needed to tell the kernel it should use UUIDs instead of device paths.

Offline

#4 2020-02-12 11:59:27

duskrider
Member
Registered: 2020-02-12
Posts: 7

Re: Booting encrypted hdd from EFI fails

V1del wrote:

Not sure regarding the mkinitcpio problem but for the second you didn't specify UUID= in both definitions that would be needed to tell the kernel it should use UUIDs instead of device paths.

Right, that does it! Thank you very much! I feel a bit stupid now...


frostschutz wrote:

I don't understand why it can't find the filesystems hook, any invisible/special characters in the config file, sometimes you get these with copypaste?

That's a good point - I was doing some of the prep work on a Windows machine and was battling CRLFs at some point in time. Unfortunately, no. The "HOOKS=..." line is completely clean in the hex dump.

-> For me, this topic can be closed. The subject makes no mention of the strange mkinitcpio behaviour.

Last edited by duskrider (2020-02-12 12:00:51)

Offline

#5 2020-02-12 12:19:18

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 1,933
Website

Re: Booting encrypted hdd from EFI fails

duskrider wrote:

HOOKS=(base udev autodetect keyboard keymap modconf block encrypt lvm2 fileystems fsck)

You probably inadvertently corrected your typo when posting the error message.

Last edited by schard (2020-02-12 12:20:47)

Offline

#6 2020-02-12 13:14:12

frostschutz
Member
Registered: 2013-11-15
Posts: 1,409

Re: Booting encrypted hdd from EFI fails

ah yes, the invisible s trikes again

Offline

Board footer

Powered by FluxBB