You are not logged in.
I am trying to install an Arch system with UEFI, LUKS2, BTRFS and systemd-boot.
Unfortunately it always hangs after reboot and does not find the mapper to the encrypted partition.
Can this be something related to the wrong order or hooks?
The customized and stripped down install script for installation:
parted -s /dev/nvme0n1 \
mklabel gpt \
mkpart ESP fat32 1MiB 513MiB \
set 1 esp on \
mkpart CRYPTROOT 513MiB 100% \
mkfs.fat -F 32 /dev/disk/by-partlabel/ESP
echo -n "1234" | cryptsetup luksFormat /dev/disk/by-partlabel/CRYPTROOT -d - &>/dev/null
echo -n "1234" | cryptsetup open /dev/disk/by-partlabel/CRYPTROOT cryptroot -d -
mkfs.btrfs /dev/mapper/cryptroot
mount -o subvol=@ /dev/mapper/cryptroot /mnt
mkdir -p /mnt/boot
mount /dev/disk/by-partlabel/ESP /mnt/boot/
pacstrap /mnt base linux intel-ucode linux-firmware linux-headers btrfs-progs efibootmgr sudo
genfstab -U /mnt >> /mnt/etc/fstab
cat > /mnt/etc/mkinitcpio.conf <<EOF
HOOKS=(base systemd autodetect keyboard sd-vconsole modconf kms block sd-encrypt filesystems fsck)
EOF
arch-chroot /mnt /bin/bash -e <<EOF
mkinitcpio -P &>/dev/null
bootctl --path=/boot install
touch /boot/loader/entries/arch.conf
echo "title Arch Linux" >> /boot/loader/entries/arch.conf
echo "linux /vmlinuz-linux" >> /boot/loader/entries/arch.conf
echo "initrd /intel-ucode.img" >> /boot/loader/entries/arch.conf
echo "initrd /initramfs-linux.img" >> /boot/loader/entries/arch.conf
echo "options cryptdevice=UUID=$(blkid -s UUID -o value /dev/nvme0n1p2):cryptroot:allow-discards root=/dev/mapper/cryptroot rootflags=subvol=@ rd.luks.options=discard rw mem_sleep_default=deep" >> /boot/loader/entries/arch.conf
touch /boot/loader/loader.conf
echo "default arch" >> /boot/loader/loader.conf
EOF
I am unsure about these two lines in particular:
mount -o subvol=@ /dev/mapper/cryptroot /mnt
HOOKS=(base systemd autodetect keyboard sd-vconsole modconf kms block sd-encrypt filesystems fsck)
echo "options cryptdevice=UUID=$(blkid -s UUID -o value /dev/nvme0n1p2):cryptroot:allow-discards root=/dev/mapper/cryptroot rootflags=subvol=@ rd.luks.options=discard rw mem_sleep_default=deep" >> /boot/loader/entries/arch.conf
I am glad about any help!
Last edited by rosaLux161 (2022-12-09 15:56:04)
Offline
Since you use some systemd hooks you might also use sd-encrypt instead of encrypt.
My HOOKS-line looks like this:
HOOKS=(base systemd autodetect keyboard sd-vconsole modconf block sd-encrypt filesystems fsck)
Offline
Including base is intended to ensure a rescue shell is available. You may also want to include kms, especially if you're leaving the MODULES empty.
What does it hang on?
Last edited by cfr (2022-12-09 15:30:02)
CLI Paste | How To Ask Questions
Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L
Offline
Since you use some systemd hooks you might also use sd-encrypt instead of encrypt.
My HOOKS-line looks like this:
HOOKS=(base systemd autodetect keyboard sd-vconsole modconf block sd-encrypt filesystems fsck)
Including base is intended to ensure a rescue shell is available. You may also want to include kms, especially if you're leaving the MODULES empty.
What does it hang on?
Thanks, I updated my hooks line accordingly (also in my first post) and also checked https://wiki.archlinux.org/title/mkinitcpio. But it still has the same problem.
It freezes at
A start job is running for /dev/mapper/cryptroot
Last edited by rosaLux161 (2022-12-09 15:59:22)
Offline
What's actually the content of /boot/loader/entries/arch.conf? Is blkid giving you the result you think?
Last edited by cfr (2022-12-09 16:54:06)
CLI Paste | How To Ask Questions
Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L
Offline
What's actually the content of /boot/loader/entries/arch.conf? Is blkid giving you the result you think?
Yes the command substitution work. It's the UUID of /dev/nvme0n1p2, the Luks container:
linux /vmlinuz-linux
initrd /intel-ucode.img
initrd /initramfs-linux.img
options cryptdevice=UUID=b17b06.........:cryptroot:allow-discards root=/dev/mapper/cryptroot rootflags=subvol=@ rd.luks.options=discard rw mem_sleep_default=deep
blkid /dev/nvme0n1p2
blkid /dev/nvme0n1p2 UUID="b17b06........." .... PARTUUID="ea532...."
Offline
sd-encrypt hook needs different kernel parameters.
Offline
As raynman said, sd-encrypt hook means you need to use rd.luks.name not cryptdevice in your bootloader conf file.
So in your case, i think this should work:
options rd.luks.name=b17b06.........=cryptroot root=/dev/mapper/cryptroot rootflags=subvol=@ rd.luks.options=discard rw mem_sleep_default=deep
Make sure you're also using the correct UUID, check with blkid command and look for the partition that's TYPE="crypto_LUKS"
$20 Free Credit Hetzner - https://hetzner.cloud/?ref=fuVilhv403fA
Offline
As raynman said, sd-encrypt hook means you need to use rd.luks.name not cryptdevice in your bootloader conf file.
So in your case, i think this should work:options rd.luks.name=b17b06.........=cryptroot root=/dev/mapper/cryptroot rootflags=subvol=@ rd.luks.options=discard rw mem_sleep_default=deep
Make sure you're also using the correct UUID, check with blkid command and look for the partition that's TYPE="crypto_LUKS"
Thanks, it works with changing the bootloader options!
Offline
Unfortunately it always hangs after reboot and does not find the mapper to the encrypted partition.
Did you solve the issue? I see you did.
I had same problem -- for me the solution was to use LUKS1. Apparently grub doesn't work well with LUKS2.
Offline