You are not logged in.
- Topics: Active | Unanswered
#1 2020-09-19 21:10:52
- teer
- Member
- Registered: 2020-09-19
- Posts: 4
Cannot boot encrypted Arch: no password prompt/shell in initramfs
I installed Arch recently onto a zpool, all within a LUKS-encrypted internal hard drive with a detached header.
I can get into GRUB, but not the system: initramfs does not ask for password to encrypted root after installation.
And I cannot get into initramfs console: "root account locked"
Verbatim:
[FAILED] Failed to mount /sysroot.
[DEPEND] Dependency failed for Initrd Root File System.
[DEPEND] Dependency failed for Relo■figuration from the Real Root
You are in emergency mode. After logging in, type "journalctl -xb" to view system logs, "systemctl reboot" to reboot, "systemctl default" or "exit" into default mode.Cannot open access to console, the root account is locked. See sulogin(8) man page for more details.
Press Enter to continue.
Reloading system manager configuration
You are in emergency mode. After logging in, type "journalctl -xb" to view system logs, "systemctl reboot" to reboot, "systemctl default" or "exit" into default mode.Cannot open access to console, the root account is locked. See sulogin(8) man page for more details.
Press Enter to continue.
The header/bootloader are on a USB stick:
/dev/sda
Internal SSDLUKS container archcrypt
zpool zroot (containing installed Arch system)
/dev/sdb
USB drive/dev/sdb1
1M BIOS boot/dev/sdb2
512MB boot with GRUB, header/dev/sdb3
3.3G not being used
Files are as follows:
/etc/mkinitcpio.conf
...
FILES=(/boot/header.img)
...
HOOKS=(base systemd autodetect keyboard keymap sd-vconsole modconf block sd-encrypt sd-lvm2 zfs filesystems fsck)/etc/crypttab.initramfs
archcrypt1 /dev/disk/by-id/ata-Samsung_etc_etc_etc none header=/boot/header.img/boot/grub/grub.cfg
...
menuentry 'Arch Linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-dbafe9793fadcd06' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_gpt
insmod ext2
set root='hd5,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-ieee1275='ieee1275/(null)/sas/disk@0\,1000000000000,gpt2' --hint-bios=hd5,gpt2 --hint-efi=hd5,gpt2 --hint-baremetal=ahci5,gpt2 abcd-usb-stick-uuid-dcba
else
search --no-floppy --fs-uuid --set=root abcd-usb-stick-uuid-dcba
fi
echo 'Loading Linux linux ...'
linux /vmlinuz-linux root=ZFS=zroot rw cryptdevice=/dev/disk/by-id/ata-Samsung_etc_etc_etc:archcrypt1 loglevel=3 quiet
echo 'Loading initial ramdisk ...'
initrd /initramfs-linux.img
}
submenu 'Advanced options for Arch Linux' $menuentry_id_option 'gnulinux-advanced-dbafe9793fadcd06' {
menuentry 'Arch Linux, with Linux linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-advanced-dbafe9793fadcd06' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_gpt
insmod ext2
set root='hd5,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-ieee1275='ieee1275/(null)/sas/disk@0\,1000000000000,gpt2' --hint-bios=hd5,gpt2 --hint-efi=hd5,gpt2 --hint-baremetal=ahci5,gpt2 abcd-usb-stick-uuid-dcba
else
search --no-floppy --fs-uuid --set=root abcd-usb-stick-uuid-dcba
fi
echo 'Loading Linux linux ...'
linux /vmlinuz-linux root=ZFS=zroot rw cryptdevice=/dev/disk/by-id//dev/disk/by-id/ata-Samsung_etc_etc_etc:archcrypt1 loglevel=3 quiet
echo 'Loading initial ramdisk ...'
initrd /initramfs-linux.img
}
menuentry 'Arch Linux, with Linux linux (fallback initramfs)' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-fallback-dbafe9793fadcd06' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_gpt
insmod ext2
set root='hd5,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-ieee1275='ieee1275/(null)/sas/disk@0\,1000000000000,gpt2' --hint-bios=hd5,gpt2 --hint-efi=hd5,gpt2 --hint-baremetal=ahci5,gpt2 abcd-usb-stick-uuid-dcba
else
search --no-floppy --fs-uuid --set=root abcd-usb-stick-uuid-dcba
fi
echo 'Loading Linux linux ...'
linux /vmlinuz-linux root=ZFS=zroot rw cryptdevice=/dev/disk/by-id/ata-Samsung_etc_etc_etc:archcrypt1 loglevel=3 quiet
echo 'Loading initial ramdisk ...'
initrd /initramfs-linux-fallback.img
}
}
...Booting into GRUB happens, so GRUB is installed.
It displays a two-item boot menu: Arch Linux, and advanced Arch Linux.
Selecting the first results in:
There is no console, so I cannot even figure out what is wrong.
Any help would be very much appreciated!
Last edited by teer (2020-09-19 21:31:29)
Offline
#2 2020-09-20 00:24:33
- loqs
- Member
- Registered: 2014-03-06
- Posts: 18,335
Re: Cannot boot encrypted Arch: no password prompt/shell in initramfs
Root login is disabled https://github.com/archlinux/svntogit-p … a0ab7c8d0a
cryptdevice=/dev/disk/by-id/ata-Samsung_etc_etc_etc:archcrypt1 is not used by systemd-cryptsetup.
If the zfs hook is from https://aur.archlinux.org/packages/zfs-utils I do not believe it supports systemd.
Offline
#3 2020-09-26 14:54:54
- teer
- Member
- Registered: 2020-09-19
- Posts: 4
Re: Cannot boot encrypted Arch: no password prompt/shell in initramfs
Update
Thanks to loqs' helpful post above I removed the systemd config, and used the second option: Modifying encrypt hook to great avail, and was able to get a password prompt. Hurray!
Now I can decrypt the LUKS volume, but I get the following error immediately after:
Starting version 246.6-1-arch
A password is required to access the archcrypt1 volume:
Enter passphrase for /dev/disk/by-id/ata-Samsung_etc_etc_etc:
ERROR: device ' ZFS=zroot/ROOT/defauIt' not found. Skipping fsck.
no pools available to import
ERROR: Root device mounted successfully, but /sbin/init does not exist.
Bailing out, you are on your own. Good luck.
sh: can't access tty: Job control turned off
[rootfs ]# This is my current grub.cfg
...
menuentry 'Arch Linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-dbafe9793fadcd06' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_gpt
insmod ext2
set root='hd4,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-ieee1275='ieee1275/(null)/sas/disk@0,gpt2' --hint-bios=hd4,gpt2 --hint-efi=hd4,gpt2 --hint-baremetal=ahci4,gpt2 12345abcd-usb-stick-uuid-dcba54321
else
search --no-floppy --fs-uuid --set=root 12345abcd-usb-stick-uuid-dcba54321
fi
echo 'Loading Linux linux ...'
linux /vmlinuz-linux cryptdevice=/dev/disk/by-id/ata-Samsung_etc_etc_etc:archcrypt1:header root=ZFS=zroot/ROOT/default rw loglevel=3 quiet
echo 'Loading initial ramdisk ...'
initrd /initramfs-linux.img
}
...Any thoughts? I feel like I'm so close to the finish line!
Last edited by teer (2020-09-26 15:00:43)
Offline
#4 2020-09-29 13:36:22
- teer
- Member
- Registered: 2020-09-19
- Posts: 4
Re: Cannot boot encrypted Arch: no password prompt/shell in initramfs
No matter what I do, I seem to end up with either what I got in above, or this:
EDIT: pictures are bad, have some nice text instead 
ERROR: device '' not found. Skipping fsck.
no pools available to import
ERROR: Failed to mount the real root device.
Bailing out, you are on your own. Good luck.
sh: can't access tty; job control turned off
[rootfs ]# zfs list
NAME USED AVAIL REFER MOUNTPOINT
zroot 6.32G 443G 6.31G legacy
zroot/ROOT 192K 443G 96K none
zroot/ROOT/default 96K 443G 96K none
zroot/boot 192K 443G 96K legacy
zroot/boot/grub 96K 443G 96K legacy
zroot/data 192K 443G 96K none
zroot/data/home 96K 443G 96K legacy
[rootfs ]# zpool status
pool: zroot
state: ONLINE
scan: none requested
config:
NAME STATE READ WRITE CKSUM
zroot ONLINE 0 0 0
dm-uuid-CRYPT-LUKS2-12345abcde54321vwxyz-archcrypt1 ONLINE 0 0 0
errors: No known data errors
[rootfs ]#So the decryption works.
And the zpool zroot exists, and it can find it. Is it a mounting problem? Is it an fstab problem?
What am I missing here?
Last edited by teer (2020-09-29 14:06:59)
Offline
#5 2020-10-04 08:52:36
- obtusescholar
- Member
- Registered: 2020-10-03
- Posts: 4
Re: Cannot boot encrypted Arch: no password prompt/shell in initramfs
I don't know if this helps with your issue but is there a reason you have keymap with sd-encrypt?
https://wiki.archlinux.org/index.php/Dm … mkinitcpio
Offline
#6 2020-10-07 15:44:45
- teer
- Member
- Registered: 2020-09-19
- Posts: 4
Re: Cannot boot encrypted Arch: no password prompt/shell in initramfs
Update:
I got rid of the zroot/ROOT and zroot/ROOT/default pools because they do not do anything. Not sure why they are there, to be quite honest.
But it did not solve anything
Output remains:
ERROR: device '' not found. Skipping fsck.
no pools available to import
ERROR: Failed to mount the real root device.
Bailing out, you are on your own. Good luck.
sh: can't access tty; job control turned off
[rootfs ]# zfs list
NAME USED AVAIL REFER MOUNTPOINT
zroot 6.32G 443G 6.31G legacy
zroot/boot 192K 443G 96K legacy
zroot/boot/grub 96K 443G 96K legacy
zroot/data 192K 443G 96K none
zroot/data/home 96K 443G 96K legacy
[rootfs ]# zpool status
pool: zroot
state: ONLINE
scan: none requested
config:
NAME STATE READ WRITE CKSUM
zroot ONLINE 0 0 0
dm-uuid-CRYPT-LUKS2-12345abcde54321vwxyz-archcrypt1 ONLINE 0 0 0
errors: No known data errors
[rootfs ]#I don't know if this helps with your issue but is there a reason you have keymap with sd-encrypt?
https://wiki.archlinux.org/index.php/Dm … mkinitcpio
Could it be affecting ZFS? In any event I am not using systemd, sd-encrypt or sd-lvm anymore
EDIT: I use keymap as per the instructions in https://wiki.archlinux.org/index.php/Dm … crypt_hook
Current mkinitcpio.conf
...
HOOKS=(base udev autodetect keyboard keymap modconf block encrypt2 lvm2 zfs filesystems fsck)
...What am I going to do? I have never had a problem this difficult to solve, this is extremely frustrating and discouraging.
I have spent more hours than I care to divulge trying every tutorial, forum post, outdated guide, etc.
And the worst part is that I'm so close! I can boot, I can decrypt the drive, I just need to import the damn zpool and I'm good to go.
Last edited by teer (2020-10-07 20:20:40)
Offline