Difficulty with booting Grub+Luks1+BTRFS - Updated

randomxusr · 2022-01-21 00:54:40

I'm attempting to install Arch on both a VM and my Asus Laptop

I've followed the installation guide and and having issues getting grub installed and correctly configured

The errors I'm running into at boot are that grub errors out and states it cannot find the Device with the UUID of the BTRFS partition which suggests to me that the grub.cfg is broken.
I also get an error about unknown file system and have attempted to insmod luks with no success

I'd like to focus on the VM for the moment, as I've installed another OS on the laptop.

I was able to pac strap without issues.

Here's my disk layout and mount points, and noting that Grub is where the issue is, and I'll try to provide relevant info.

for the VM

/dev/sda

/dev/sda1 formatted with vfat and 512mb space
Folder structure is /EFI/GRUB

/dev/sda2 formatting with a LUKS2 container
This is contains my root partition including /boot

I've verified I'm booting to EFI with the ls /sys/firmware/efi/efivars

The cryptsetup command I'm using is-

cryptsetup –verbose –-cipher aes-xts-plain64 -–key-size 512 –-hash sha512 -–iter-time 5000 --pbkdf pbkdf2 --use-random luksFormat /dev/sda2

## I'm told that pbkdf2 is currently the only supported Key derivation function

So far so good.

my grub.cfg on the VM is I believe the menu entry as well as the search arr incorrect, but I'm not sure how to fix.

#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
insmod part_gpt
insmod part_msdos
if [ -s $prefix/grubenv ]; then
load_env
fi
if [ "${next_entry}" ] ; then
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
else
set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
else
menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi

function savedefault {
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
fi
}

function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}

if [ x$feature_default_font_path = xy ] ; then
font=unicode
else
insmod btrfs
search --no-floppy --fs-uuid --set=root 367d1807-aa61-4b35-87a7-6baac677218a
font="/@usr/share/grub/unicode.pf2"
fi

if loadfont $font ; then
set gfxmode=auto
load_video
insmod gfxterm
set locale_dir=$prefix/locale
set lang=en_US
insmod gettext
fi
terminal_input console
terminal_output gfxterm
if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
set timeout=5
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/10_linux ###
menuentry 'Arch Linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-367d1807-aa61-4b35-87a7-6baac677218a' {
load_video
set gfxpayload=keep
insmod gzio
insmod btrfs
search --no-floppy --fs-uuid --set=root 367d1807-aa61-4b35-87a7-6baac677218a
echo 'Loading Linux linux ...'
linux /@boot/vmlinuz-linux root=UUID=367d1807-aa61-4b35-87a7-6baac677218a rw rootflags=subvol=@ loglevel=3 quiet cryptdevice=UUID=063cdec2-af54-4429-b67a-c5ee359175b9:cryptroot root=/dev/mapper/cryptroot
echo 'Loading initial ramdisk ...'
initrd /@boot/amd-ucode.img /@boot/initramfs-linux.img
}
submenu 'Advanced options for Arch Linux' $menuentry_id_option 'gnulinux-advanced-367d1807-aa61-4b35-87a7-6baac677218a' {
menuentry 'Arch Linux, with Linux linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-advanced-367d1807-aa61-4b35-87a7-6baac677218a' {
load_video
set gfxpayload=keep
insmod gzio
insmod btrfs
search --no-floppy --fs-uuid --set=root 367d1807-aa61-4b35-87a7-6baac677218a
echo 'Loading Linux linux ...'
linux /@boot/vmlinuz-linux root=UUID=367d1807-aa61-4b35-87a7-6baac677218a rw rootflags=subvol=@ loglevel=3 quiet cryptdevice=UUID=063cdec2-af54-4429-b67a-c5ee359175b9:cryptroot root=/dev/mapper/cryptroot
echo 'Loading initial ramdisk ...'
initrd /@boot/amd-ucode.img /@boot/initramfs-linux.img
}
menuentry 'Arch Linux, with Linux linux (fallback initramfs)' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-fallback-367d1807-aa61-4b35-87a7-6baac677218a' {
load_video
set gfxpayload=keep
insmod gzio
insmod btrfs
search --no-floppy --fs-uuid --set=root 367d1807-aa61-4b35-87a7-6baac677218a
echo 'Loading Linux linux ...'
linux /@boot/vmlinuz-linux root=UUID=367d1807-aa61-4b35-87a7-6baac677218a rw rootflags=subvol=@ loglevel=3 quiet cryptdevice=UUID=063cdec2-af54-4429-b67a-c5ee359175b9:cryptroot root=/dev/mapper/cryptroot
echo 'Loading initial ramdisk ...'
initrd /@boot/amd-ucode.img /@boot/initramfs-linux-fallback.img
}
}

### END /etc/grub.d/10_linux ###

### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###

### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###

### BEGIN /etc/grub.d/30_uefi-firmware ###
menuentry 'UEFI Firmware Settings' $menuentry_id_option 'uefi-firmware' {
fwsetup
}
### END /etc/grub.d/30_uefi-firmware ###

### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###

### BEGIN /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; then
source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
source $prefix/custom.cfg
fi
### END /etc/grub.d/41_custom ###

### BEGIN /etc/grub.d/41_snapshots-btrfs ###
### END /etc/grub.d/41_snapshots-btrfs ###

my /etc/default/grub has
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet cryptdevice=UUID=063cdec2-af54-4429-b67a-c5ee359175b9:cryptroot root=/dev/mapper/cryptroot"

GRUB_ENABLE_CRYPTODISK=y

###
I should note that on the laptop, I've also tried following the Grub Encrypted boot section of the Grub Wiki page on https://wiki.archlinux.org/title/GRUB#Encrypted_/boot

This did not seem to resolve the issues with grub

Last edited by randomxusr (2022-01-25 07:59:17)

nick_0189 · 2022-01-22 06:15:13

Hello,

I have a note from the last time I installed something with BTRFS saying to add "MODULES=(btrfs)" to /etc/mkinitcpio.conf. Did you try that?

Could you post the output of

blkid

after "chrooting" into your root partition from the live media?

Also, are you using subvolumes with BTRFS?

I did an install recently similar to yours and the GRUB LUKS2 support confused me as well. It seems like people have different ideas of what "LUKS2 support" means. From what I have seen, GRUB only supports LUKS2 with an unencrypted boot partition and pbkdf2 encryption algorithm (as the wiki says, limited support).

If you want an encrypted boot partition (boot being the partition containing the kernel and ramdisk images), I believe you might have to stick with LUKS1. (I could not get it to work otherwise). Luckily, to test this theory, you don't have to reinstall or reformat anything because cryptsetup has a --convert flag (more information in the manual) that can be used to convert a LUKS2 partition to a LUKS1 partition so long as the LUKS2 partition isn't currently using any LUKS2 specific features.

If you're determined and have some time, apparently the 'grub-git' version of GRUB from the AUR has slightly better LUKS2 support, or there's a 'grub-improved-luks2-git' that supposedly has patches for even the Argon2 algorithm.

I don't think there's anything wrong with the grub.cfg file, or that's not the first place I'd look at least since it has never given me trouble before. You could try regenerating it though, that couldn't hurt.

I'm going to actually open up a VM and see what happens when I try to install a BTRFS system similar to yours if I have time this weekend since I couldn't get it working quite right earlier and you're right that the documentation appears to imply that GRUB has full LUKS2 support (encrypted boot included) sans Argon2.

randomxusr · 2022-01-24 00:53:31

Thank you for the suggestions.

I was attempting to follow the Grub Wiki for the #encrypted boot section that discusses how to configure Grub for encrypted boot. The link url is https://wiki.archlinux.org/title/GRUB#Encrypted_/boot

There's a spot under there that discusses booting from an encrypted boot partition, which I'm fighting with.

Are you able to make sense of the instructions for creating the grub-pre.cfg, and grub-mkimage? Is it correct that initramfs.img needs to be on the un-encrypted/ESP partition? Do grub and initramfs need to have the modules on the un-encrypted ESP? that's where I've placed the modules.

When I attempt to boot, I'm getting no such device crypto0, unknown file system, unknown command "normal" and no such device for crypto0 and also for the UUID of the Linux partition. I'm thinking the error for the btrfs partition makes sense, because I haven't been able to unlock the crypt container.

Thanks in advance for the assistance.

-PS
I'll post the out and .conf files tomorrow, but I'm thinking the instructions for encrypted boot are not so helpful.

Strike0 · 2022-01-24 16:35:42

randomxusr wrote:

Is it correct that initramfs.img needs to be on the un-encrypted/ESP partition? Do grub and initramfs need to have the modules on the un-encrypted ESP? that's where I've placed the modules.

No. The initramfs goes to /boot. Grub installs its own EFI boot image with crypto mods to the ESP, this prompts you to unlock the encrypted /boot and from there it loads the initramfs, which unlocks/spins up the system. Grub itself only supports LUKS1. So, it won't work as you describe your setup (with /boot on a LUKS2 blockdevice). I have not checked the wiki again, but last time I did the instructions mentioned all this.

P.S. Please edit your first post with BBS code tags for the system code/config

randomxusr · 2022-01-25 07:56:59

Edit: I am using LUKS1 now, however, I'm having a slightly different issue.

I'd added to my kernel command line in the /etc/default/grub file and I'm able to unlock the drive, however, I'm getting a message about unlocking the /dev/mapper/cryptroot container being mounted, but /sbin/init does not exist.

I've confirmed that the symlink for /sbin/init to /usr/lib/systemd/system exists, but for testing and added init=/usr/lib/systemd/systemd to my kernel command line and the error message now references /usr/lib/systemd/systemd instead of /sbin/init/

I suspect that my btrfs subvolumes aren't being loaded and I need to specify this in either /etc/default/grub, or /etc/fstab, although the latter appears correct to myself.

I'm adding some paste links for my config files and a few troubleshooting commands, in the hopes that someone might help identify my current issue.

lsblk -f output http://sprunge.us/LLTBJs

blkid output http://sprunge.us/DAPCGx

journalctl -p 3 xb http://sprunge.us/fqmQ9g (Not sure whether any of the errors are related, except maybe the systemd gpt auto generator?)

http://sprunge.us/vGA515 is my grub default
http://sprunge.us/BIhuF4 is grub.cfg
http://sprunge.us/e3LwNQ is mkinitcpio.conf
http://sprung.us/tL1mta is fstab

Thanks in advance for any assistance.

Last edited by randomxusr (2022-01-25 09:09:42)

Strike0 · 2022-01-25 08:31:07

My suggestion is you start with the non-systemd mkinitcpio hooks first, following the dm-crypt wiki you reference. The non-systemd init has a dedicated btrfs hook.
Your sprunged mkinitcpio.conf is not available.

randomxusr · 2022-01-25 09:11:19

Thank You.

My mkinitcpio.conf should be working with the updated Link.

I made the changes to the Hooks you suggested; following the wiki, with the same behavior.

Strike0 · 2022-01-25 09:36:12

randomxusr wrote:

My mkinitcpio.conf should be working with the updated Link.
I made the changes to the Hooks you suggested; following the wiki, with the same behavior.

Yes, it is available now, but you're mixing old and new config now with the sprunge links.
You leave open what changes you did when changing the init. E.g. your default grub config still references systemd.init.

frostschutz · 2022-01-25 09:50:44

Looks like you split off /usr and /etc so you have to make sure they are mounted... there is a usr hook to mount /usr (and you even have it in your mkinitcpio.conf) but it depends on /etc so... it might not work for you. The usr hook looks for new_root/etc/fstab and doesn't do anything at all if not present.

If you don't have strong reasons to split off etc usr I'd just merge them all back into / otherwise write a custom hook to make sure these are mounted properly...

Last edited by frostschutz (2022-01-25 09:51:55)

randomxusr · 2022-01-25 13:33:40

frostschutz wrote:

Looks like you split off /usr and /etc so you have to make sure they are mounted... there is a usr hook to mount /usr (and you even have it in your mkinitcpio.conf) but it depends on /etc so... it might not work for you. The usr hook looks for new_root/etc/fstab and doesn't do anything at all if not present.
If you don't have strong reasons to split off etc usr I'd just merge them all back into / otherwise write a custom hook to make sure these are mounted properly...

Lesson learned here. Note to self, don't create separate /usr.

I removed the /usr subvolume. The only reason I created the separate /usr is that some of the yt vids were creating multiple subvolumes, and I thought, 'hey what a good idea" until it wasn't.

I'm trying to get past repeating steps for the boot process to understanding how it all works, and I have a couple of things to figure out yet.

After killing off the /usr subvolume; I can get to a login. I'm prompted to setup locale and password etc, and thinking that maybe due to the other subvolumes, etc, home, boot, and var. I'll have to read a bit more to understand the effect of subvolumes on the system, but I'm thinking I can figure out a working system at the moment.

btw, I remove the line for the @usr subvol from etc/fstab and removed the kernel command for pointing at /usr/lib/systemd/systemd since that was resolved by killing the subvol for usr and the symlink for /sbin/init is happy now that I don't have to mount or specify an init outside of the wiki instructions.

Fun times.

squeaks · 2022-02-03 10:01:31

For correctness, grub 2.06 supports luks2 with pbkdf2 keys, but not the default argon2i. I have a working Arch setup with lusk2 encrypted /boot with pbkdf2, and luks2 encrypted root with argon2i. The filesystem is btrfs on luks2.

I referenced grub-git aur for my setup. I have the standard arch repository version of grub which is version 2.06 or newer.

Last edited by squeaks (2022-02-03 21:08:41)

Arch Linux

#1 2022-01-21 00:54:40

Difficulty with booting Grub+Luks1+BTRFS - Updated

#2 2022-01-22 06:15:13

Re: Difficulty with booting Grub+Luks1+BTRFS - Updated

#3 2022-01-24 00:53:31

Re: Difficulty with booting Grub+Luks1+BTRFS - Updated

#4 2022-01-24 16:35:42

Re: Difficulty with booting Grub+Luks1+BTRFS - Updated

#5 2022-01-25 07:56:59

Re: Difficulty with booting Grub+Luks1+BTRFS - Updated

#6 2022-01-25 08:31:07

Re: Difficulty with booting Grub+Luks1+BTRFS - Updated

#7 2022-01-25 09:11:19

Re: Difficulty with booting Grub+Luks1+BTRFS - Updated

#8 2022-01-25 09:36:12

Re: Difficulty with booting Grub+Luks1+BTRFS - Updated

#9 2022-01-25 09:50:44

Re: Difficulty with booting Grub+Luks1+BTRFS - Updated

#10 2022-01-25 13:33:40

Re: Difficulty with booting Grub+Luks1+BTRFS - Updated

#11 2022-02-03 10:01:31

Re: Difficulty with booting Grub+Luks1+BTRFS - Updated

Board footer