You are not logged in.

#1 2020-09-19 21:10:52

teer
Member
Registered: 2020-09-19
Posts: 4

Cannot boot encrypted Arch: no password prompt/shell in initramfs

I installed Arch recently onto a zpool, all within a LUKS-encrypted internal hard drive with a detached header. 

I can get into GRUB, but not the system: initramfs does not ask for password to encrypted root after installation.
And I cannot get into initramfs console: "root account locked"

Verbatim:

[FAILED] Failed to mount /sysroot.
[DEPEND] Dependency failed for Initrd Root File System.
[DEPEND] Dependency failed for Relo■figuration from the Real Root
You are in emergency mode. After logging in, type "journalctl -xb" to view system logs, "systemctl reboot" to reboot, "systemctl default" or "exit" into default mode.

Cannot open access to console, the root account is locked. See sulogin(8) man page for more details.

Press Enter to continue.

Reloading system manager configuration
You are in emergency mode. After logging in, type "journalctl -xb" to view system logs, "systemctl reboot" to reboot, "systemctl default" or "exit" into default mode.

Cannot open access to console, the root account is locked. See sulogin(8) man page for more details.

Press Enter to continue.


The header/bootloader are on a USB stick:

  • /dev/sda
    Internal SSD

    • LUKS container archcrypt

      • zpool zroot (containing installed Arch system)

  • /dev/sdb
    USB drive

    • /dev/sdb1
      1M BIOS boot

    • /dev/sdb2
      512MB boot with GRUB, header

    • /dev/sdb3
      3.3G not being used

Files are as follows:

/etc/mkinitcpio.conf
...
FILES=(/boot/header.img)
...
HOOKS=(base systemd autodetect keyboard keymap sd-vconsole modconf block sd-encrypt sd-lvm2 zfs filesystems fsck)
/etc/crypttab.initramfs
archcrypt1	/dev/disk/by-id/ata-Samsung_etc_etc_etc	none	header=/boot/header.img
/boot/grub/grub.cfg
...
menuentry 'Arch Linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-dbafe9793fadcd06' {
        load_video
        set gfxpayload=keep
        insmod gzio
        insmod part_gpt
        insmod ext2
        set root='hd5,gpt2'
        if [ x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root --hint-ieee1275='ieee1275/(null)/sas/disk@0\,1000000000000,gpt2' --hint-bios=hd5,gpt2 --hint-efi=hd5,gpt2 --hint-baremetal=ahci5,gpt2  abcd-usb-stick-uuid-dcba
        else
          search --no-floppy --fs-uuid --set=root abcd-usb-stick-uuid-dcba
        fi
        echo    'Loading Linux linux ...'
        linux   /vmlinuz-linux root=ZFS=zroot rw cryptdevice=/dev/disk/by-id/ata-Samsung_etc_etc_etc:archcrypt1 loglevel=3 quiet
        echo    'Loading initial ramdisk ...'
        initrd  /initramfs-linux.img
}
submenu 'Advanced options for Arch Linux' $menuentry_id_option 'gnulinux-advanced-dbafe9793fadcd06' {
        menuentry 'Arch Linux, with Linux linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-advanced-dbafe9793fadcd06' {
                load_video
                set gfxpayload=keep
                insmod gzio
                insmod part_gpt
                insmod ext2
                set root='hd5,gpt2'
                if [ x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root --hint-ieee1275='ieee1275/(null)/sas/disk@0\,1000000000000,gpt2' --hint-bios=hd5,gpt2 --hint-efi=hd5,gpt2 --hint-baremetal=ahci5,gpt2  abcd-usb-stick-uuid-dcba
                else
                  search --no-floppy --fs-uuid --set=root abcd-usb-stick-uuid-dcba
                fi
                echo    'Loading Linux linux ...'
                linux   /vmlinuz-linux root=ZFS=zroot rw cryptdevice=/dev/disk/by-id//dev/disk/by-id/ata-Samsung_etc_etc_etc:archcrypt1 loglevel=3 quiet
                echo    'Loading initial ramdisk ...'
                initrd  /initramfs-linux.img
        }
        menuentry 'Arch Linux, with Linux linux (fallback initramfs)' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-fallback-dbafe9793fadcd06' {
                load_video
                set gfxpayload=keep
                insmod gzio
                insmod part_gpt
                insmod ext2
                set root='hd5,gpt2'
                if [ x$feature_platform_search_hint = xy ]; then
                  search --no-floppy --fs-uuid --set=root --hint-ieee1275='ieee1275/(null)/sas/disk@0\,1000000000000,gpt2' --hint-bios=hd5,gpt2 --hint-efi=hd5,gpt2 --hint-baremetal=ahci5,gpt2  abcd-usb-stick-uuid-dcba
                else
                  search --no-floppy --fs-uuid --set=root abcd-usb-stick-uuid-dcba
                fi
                echo    'Loading Linux linux ...'
                linux   /vmlinuz-linux root=ZFS=zroot rw cryptdevice=/dev/disk/by-id/ata-Samsung_etc_etc_etc:archcrypt1 loglevel=3 quiet
                echo    'Loading initial ramdisk ...'
                initrd  /initramfs-linux-fallback.img
        }
}
...

Booting into GRUB happens, so GRUB is installed.
It displays a two-item boot menu: Arch Linux, and advanced Arch Linux. 
Selecting the first results in:

There is no console, so I cannot even figure out what is wrong.
Any help would be very much appreciated!

Last edited by teer (2020-09-19 21:31:29)

Offline

#2 2020-09-20 00:24:33

loqs
Member
Registered: 2014-03-06
Posts: 11,897

Re: Cannot boot encrypted Arch: no password prompt/shell in initramfs

Root login is disabled https://github.com/archlinux/svntogit-p … a0ab7c8d0a

cryptdevice=/dev/disk/by-id/ata-Samsung_etc_etc_etc:archcrypt1 is not used by systemd-cryptsetup.
If the zfs hook is from https://aur.archlinux.org/packages/zfs-utils I do not believe it supports systemd.

Offline

#3 2020-09-26 14:54:54

teer
Member
Registered: 2020-09-19
Posts: 4

Re: Cannot boot encrypted Arch: no password prompt/shell in initramfs

Update
Thanks to loqs' helpful post above I removed the systemd config, and used the second option: Modifying encrypt hook to great avail, and was able to get a password prompt.  Hurray!

Now I can decrypt the LUKS volume, but I get the following error immediately after:

Starting version 246.6-1-arch 

A password is required to access the archcrypt1 volume: 
Enter passphrase for /dev/disk/by-id/ata-Samsung_etc_etc_etc: 
ERROR: device ' ZFS=zroot/ROOT/defauIt' not found. Skipping fsck.
no pools available to import 
ERROR: Root device mounted successfully, but /sbin/init does not exist. 
Bailing out, you are on your own. Good luck.

sh: can't access tty: Job control turned off 
[rootfs ]#   

This is my current grub.cfg

... 
menuentry 'Arch Linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-dbafe9793fadcd06' {
	load_video
	set gfxpayload=keep
	insmod gzio
	insmod part_gpt
	insmod ext2
	set root='hd4,gpt2'
	if [ x$feature_platform_search_hint = xy ]; then
	  search --no-floppy --fs-uuid --set=root --hint-ieee1275='ieee1275/(null)/sas/disk@0,gpt2' --hint-bios=hd4,gpt2 --hint-efi=hd4,gpt2 --hint-baremetal=ahci4,gpt2  12345abcd-usb-stick-uuid-dcba54321
	else
	  search --no-floppy --fs-uuid --set=root 12345abcd-usb-stick-uuid-dcba54321
	fi
	echo	'Loading Linux linux ...'
	linux	/vmlinuz-linux cryptdevice=/dev/disk/by-id/ata-Samsung_etc_etc_etc:archcrypt1:header root=ZFS=zroot/ROOT/default rw loglevel=3 quiet
	echo	'Loading initial ramdisk ...'
	initrd	/initramfs-linux.img
}

...

Any thoughts?  I feel like I'm so close to the finish line!

Last edited by teer (2020-09-26 15:00:43)

Offline

#4 2020-09-29 13:36:22

teer
Member
Registered: 2020-09-19
Posts: 4

Re: Cannot boot encrypted Arch: no password prompt/shell in initramfs

No matter what I do, I seem to end up with either what I got in above, or this:

EDIT: pictures are bad, have some nice text instead smile

ERROR: device '' not found. Skipping fsck. 
no pools available to import 
ERROR: Failed to mount the real root device.
Bailing out, you are on your own. Good luck.

sh: can't access tty; job control turned off 
[rootfs ]# zfs list 
NAME                         USED      AVAIL       REFER      MOUNTPOINT 
zroot                        6.32G     443G        6.31G      legacy
zroot/ROOT                   192K      443G        96K        none 
zroot/ROOT/default           96K       443G        96K        none 
zroot/boot                   192K      443G        96K        legacy
zroot/boot/grub              96K       443G        96K        legacy
zroot/data                   192K      443G        96K        none 
zroot/data/home              96K       443G        96K        legacy
[rootfs ]# zpool status 
  pool: zroot
 state: ONLINE 
  scan: none requested 
config: 

        NAME                                                                          STATE     READ WRITE CKSUM
         zroot                                                                        ONLINE       0     0     0
           dm-uuid-CRYPT-LUKS2-12345abcde54321vwxyz-archcrypt1                        ONLINE       0     0     0
errors: No known data errors
[rootfs ]#

So the decryption works.
And the zpool zroot exists, and it can find it.  Is it a mounting problem?  Is it an fstab problem?
What am I missing here?

Last edited by teer (2020-09-29 14:06:59)

Offline

#5 2020-10-04 08:52:36

obtusescholar
Member
Registered: 2020-10-03
Posts: 4

Re: Cannot boot encrypted Arch: no password prompt/shell in initramfs

I don't know if this helps with your issue but is there a reason you have keymap with sd-encrypt?
https://wiki.archlinux.org/index.php/Dm … mkinitcpio

Offline

#6 2020-10-07 15:44:45

teer
Member
Registered: 2020-09-19
Posts: 4

Re: Cannot boot encrypted Arch: no password prompt/shell in initramfs

Update:
I got rid of the zroot/ROOT and zroot/ROOT/default pools because they do not do anything.  Not sure why they are there, to be quite honest.

But it did not solve anything
Output remains:

ERROR: device '' not found. Skipping fsck. 
no pools available to import 
ERROR: Failed to mount the real root device.
Bailing out, you are on your own. Good luck.

sh: can't access tty; job control turned off 
[rootfs ]# zfs list 
NAME                         USED      AVAIL       REFER      MOUNTPOINT 
zroot                        6.32G     443G        6.31G      legacy
zroot/boot                   192K      443G        96K        legacy
zroot/boot/grub              96K       443G        96K        legacy
zroot/data                   192K      443G        96K        none 
zroot/data/home              96K       443G        96K        legacy
[rootfs ]# zpool status 
  pool: zroot
 state: ONLINE 
  scan: none requested 
config: 

        NAME                                                                          STATE     READ WRITE CKSUM
         zroot                                                                        ONLINE       0     0     0
           dm-uuid-CRYPT-LUKS2-12345abcde54321vwxyz-archcrypt1                        ONLINE       0     0     0
errors: No known data errors
[rootfs ]#
obtusescholar wrote:

I don't know if this helps with your issue but is there a reason you have keymap with sd-encrypt?
https://wiki.archlinux.org/index.php/Dm … mkinitcpio

Could it be affecting ZFS?  In any event I am not using systemd, sd-encrypt or sd-lvm anymore
EDIT: I use keymap as per the instructions in https://wiki.archlinux.org/index.php/Dm … crypt_hook

Current mkinitcpio.conf

...
HOOKS=(base udev autodetect keyboard keymap  modconf block encrypt2 lvm2 zfs filesystems fsck)
...

What am I going to do?  I have never had a problem this difficult to solve, this is extremely frustrating and discouraging.
I have spent more hours than I care to divulge trying every tutorial, forum post, outdated guide, etc.
And the worst part is that I'm so close!  I can boot, I can decrypt the drive, I just need to import the damn zpool and I'm good to go.

Last edited by teer (2020-10-07 20:20:40)

Offline

Board footer

Powered by FluxBB