You are not logged in.

Pages: 1

#1 2024-03-30 15:47:43

VoronweTheSecond
Member
Registered: 2024-03-30
Posts: 3

[SOLVED] Installation with dm-encrypt and btrfs submodules

Hello, community

I was trying to install Arch Linux using dm-crypt for full disk encryption and btrfs with subvolumes instead of regular partitioning of the disk

I split the disk into two partitions: first for EFI and second for the main btrfs partition. The guide for dm-crypt using LUKS on a partition suggests using Linux root as the partition type

/dev/nvme0n1p1    2048    4196351   4194304     2G EFI System
/dev/nvme0n1p2 4196352 1000214527 996018176 474.9G Linux root (x86-64)

Add some encryption

cryptsetup luksFormat /dev/nvme0n1p2
cryptsetup open /dev/nvme0n1p2 root

Then I made a btrfs filesystem and configured my subvolumes 

mkfs.btrfs --label system /dev/mapper/root
mount LABEL=system /mnt

btrfs subvolume create /mnt/root
btrfs subvolume create /mnt/home
btrfs subvolume create /mnt/swap

umount -R /mnt

After that, I mount them with options to generate fstab

o_btrfs=compress=zstd,ssd,noatime,x-mount.mkdir

mount -o subvol=root,$o_btrfs LABEL=system /mnt
mount -o subvol=home,$o_btrfs LABEL=system /mnt/home
mkdir /mnt/swap
btrfs filesystem mkswapfile --size 8g --uuid clear /mnt/swap/swapfile
swapon /mnt/swap/swapfile

And prepared efi partition

mkfs.fat -F 32 /dev/nvme0n1p1
mount --mkdir /dev/nvme0n1p1 /mnt/efi

The next thing is to change /etc/mkinitcpio.conf by replacing the HOOKS variable with

HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt filesystems fsck)

Finally, I installed the base system and generated fstab

pacstrap -K /mnt base linux linux-firmware
genfstab -U /mnt >> /mnt/etc/fstab

I disabled /home to deal with it later 

cat /mnt/etc/fstab
# Static information about the filesystems.
# See fstab(5) for details.

# <file system> <dir> <type> <options> <dump> <pass>
# /dev/mapper/root LABEL=system
UUID=1c8d2f56-3686-4cb0-b844-1b9407af46ac       /               btrfs           rw,noatime,compress=zstd:3,ssd,space_cache=v2,subvolid=256,subvol=/root 0 0

# /dev/mapper/root LABEL=system
# UUID=1c8d2f56-3686-4cb0-b844-1b9407af46ac     /home           btrfs           rw,noatime,compress=zstd:3,ssd,space_cache=v2,subvolid=257,subvol=/home 0 0

# /dev/nvme0n1p1
UUID=9BEE-F1F8          /efi            vfat            rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro   0 2

/swap/swapfile          none            swap            defaults        0 0

I installed systemd-boot as a bootloader and configured the loader and entries like this:

cat /mnt/efi/loader/loader.conf
default  arch.conf
timeout  4
console-mode max
editor   no

cat /mnt/efi/loader/entries/arch.conf
title Arch Linux
linux /EFI/arch/vmlinuz-linux
initrd /EFI/arch/intel-ucode.img
initrd /EFI/arch/initramfs-linux.img
options cryptdevice=UUID=490b152e-45c9-41d6-8c2d-be7189546754:root root=/dev/mapper/root

I will also show an alternative config, which I found in some other tutorial 

cat /mnt/efi/loader/entries/arch_2.conf
title Arch Linux
linux /EFI/arch/vmlinuz-linux
initrd /EFI/arch/intel-ucode.img
initrd /EFI/arch/initramfs-linux.img
options luks.uuid=490b152e-45c9-41d6-8c2d-be7189546754 root=UUID=d8fff8fd-55fe-42a2-9020-14d9a821ae18 rw

The problem was that vmlinuz-linux, intel-ucode.img, and initramfs-linux.img happened to appear in /mnt/boot, so for now, I moved them manually into the corresponding directory 

ls /mnt/efi/EFI/arch
initramfs-linux.img  initramfs-linux-fallback.img  intel-ucode.img  vmlinuz-linux

The final partition state is

blkid
/dev/nvme0n1p1: UUID="9BEE-F1F8" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="a0590986-ffea-49a6-a81d-a62ddd6321fb"
/dev/nvme0n1p2: UUID="490b152e-45c9-41d6-8c2d-be7189546754" TYPE="crypto_LUKS" PARTUUID="689b8a09-2161-42c6-a567-fa521346240b"
/dev/loop0: BLOCK_SIZE="1048576" TYPE="squashfs"
/dev/mapper/root: LABEL="system" UUID="1c8d2f56-3686-4cb0-b844-1b9407af46ac" UUID_SUB="d8fff8fd-55fe-42a2-9020-14d9a821ae18" BLOCK_SIZE="4096" TYPE="btrfs"
/dev/sda2: SEC_TYPE="msdos" LABEL_FATBOOT="ARCHISO_EFI" LABEL="ARCHISO_EFI" UUID="F432-B7EC" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="8cc6f18c-02"
/dev/sda1: BLOCK_SIZE="2048" UUID="2024-03-01-15-06-37-00" LABEL="ARCH_202403" TYPE="iso9660" PARTUUID="8cc6f18c-01"

After reboot, I ended up in rootfs with the following message:

Waiting 10 seconds for device /dev/mapper/root ...
mounting '/dev/mapper/root' on real root
ERROR: Failed to mount '/dev/mapper/root' on real root
You are now being dropped into an emergency shell.
sh: can't access tty; job control turned off

For arch_2.conf:

Waiting 10 seconds for device /dev/disk/by-uuid/1c8d2f56-3686-4cb0-b844-1b9407af46ac ...
mounting 'UUID=1c8d2f56-3686-4cb0-b844-1b9407af46ac' on real root
ERROR: Failed to mount 'UUID=1c8d2f56-3686-4cb0-b844-1b9407af46ac' on real root
You are now being dropped into an emergency shell.
sh: can't access tty; job control turned off

Indeed, there are neither /dev/mapper/root nor partition with UUID 1c8d2f56-3686-4cb0-b844-1b9407af46ac

ls /dev/mapper
ls: /dev/mapper: No such file or directory

blkid
/dev/nvme0n1p1: UUID="9BEE-F1F8" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="a0590986-ffea-49a6-a81d-a62ddd6321fb"
/dev/nvme0n1p2: UUID="490b152e-45c9-41d6-8c2d-be7189546754" TYPE="crypto_LUKS" PARTUUID="689b8a09-2161-42c6-a567-fa521346240b"

I'll be glad to receive any help!

Last edited by VoronweTheSecond (2024-04-08 11:29:06)

Offline

#2 2024-04-08 11:27:12

VoronweTheSecond
Member
Registered: 2024-03-30
Posts: 3

Re: [SOLVED] Installation with dm-encrypt and btrfs submodules

I solved the problem but unfortunately, I don't understand what was wrong

I added debug kernel flags to entry options:

cat /mnt/efi/loader/entries/arch.conf
title Arch Linux
linux /EFI/arch/vmlinuz-linux
initrd /EFI/arch/intel-ucode.img
initrd /EFI/arch/initramfs-linux.img
options cryptdevice=UUID=490b152e-45c9-41d6-8c2d-be7189546754:root root=/dev/mapper/root debug rd.debug rd.shell

Added vfat module to mkinitcpio.conf just to mount an external flash drive and save logs there for further analysis 

MODULES=(vfat)

And uncommented home subvolume in fstab

After the regeneration of initramfs problem was solved

mkinitcpio -P

I tried to get the error back by undoing the changes above step by step but never succeeded

The one more important note is that I faced an error: /sbin/init does not exist
The problem is that I didn't point out which btrfs module should be mounted on the boot. Here is the final version of the entry(with TRIM support enabled as well):

cat /mnt/efi/loader/entries/arch.conf
title Arch Linux
linux /EFI/arch/vmlinuz-linux
initrd /EFI/arch/intel-ucode.img
initrd /EFI/arch/initramfs-linux.img
options cryptdevice=UUID=490b152e-45c9-41d6-8c2d-be7189546754:root:allow-discards root=/dev/mapper/root rootflags=subvol=root rd.luks.options=discard

Offline

#3 2024-04-26 11:45:24

VoronweTheSecond
Member
Registered: 2024-03-30
Posts: 3

Re: [SOLVED] Installation with dm-encrypt and btrfs submodules

I got to the bottom of this

There were no cryptsetup command in rootfs. Based on it, I quickly realized that the issue was in HOOKS inside /etc/mkinitcpio.conf
I was modifying /etc/mkinitcpio.conf instead of /mnt/etc/mkinitcpio.conf all this time!

Offline

Pages: 1

Board footer

Powered by FluxBB