Arch Linux

whitekey

Member

Registered: 2024-08-06

Posts: 1

system won't boot after installing with encrypted /boot partition

Hi there,

I recently tried to do a fresh vanilla Arch install with LVM on LUKS + encrypted /boot, by following those instructions:

https://wiki.archlinux.org/title/Dm-cry … ion_(GRUB)
https://wiki.archlinux.org/title/GRUB#Encrypted_/boot

After finishing the installation, exiting the chroot environment and rebooting, the system starts up at first, but never successfully makes it.

It's always the same: grub successfully asks me to enter the password for my boot partition, as it should, and the kernel + initramfs is loaded. then I need to enter the password for the LUKS partition containing the LVM, which also works. so far so good, but after this the system always fails at the point where the filesystems are mounted. I get the two errors, 1st that my /boot partition cant be mounted and 2nd that it cant be checked by fsck. It always halts and enters rescue mode.

here for more info and clarification is the output of lsblk:
as you can see i have 3 main partitions, /boot /efi and the cryptlvm containing the rest of my filesystem.
I do not have /boot under root, I have it as a completely separate partition outside the LVM

NAME       MAJ:MIN RM   SIZE      TYPE  MOUNTPOINTS
nvme0n1            259:0    0    465.8G    disk 
|-nvme0n1p1    259:1    0    1G    part 
| `-cryptboot    254:4    0    1022M    crypt /boot
|-nvme0n1p2    259:2    0    1G    part    /efi
`-nvme0n1p3    259:3    0    463.8G    part 
  `-cryptlvm    254:0    0    463.8G    crypt
    |-vg0-swap    254:1    0    32G    lvm    [SWAP]
    |-vg0-root    254:2    0    48G    lvm    /
    `-vg0-home    254:3    0    383.8G    lvm    /home

and my fstab:

# Static information about the filesystems.
# See fstab(5) for details.

# <file system> <dir> <type> <options> <dump> <pass>
# /dev/mapper/vg0-root
UUID=07a82551-6d81-405e-9909-eb22b0d6e5d9    /             ext4          rw,relatime    0 1

# /dev/mapper/cryptboot
UUID=e5bfc397-d04e-41a8-ba7c-49588bfaf993    /boot         ext4          rw,relatime    0 2

# /dev/nvme0n1p2
UUID=2AC5-78BF          /efi          vfat          rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro    0 2

# /dev/mapper/vg0-home
UUID=64356d6e-9ec9-4fed-93d9-578997b0b0c9    /home         ext4          rw,relatime    0 2

# /dev/mapper/vg0-swap
UUID=9d205505-3f80-423e-816f-5d0cb62e4d79    none          swap          defaults      0 0

I am pretty sure i followed the Arch wiki very closely, so i do not understand why that produces a non bootable system. i also couldn't find much about anyone having this error in relation to an encrypted /boot layout, well there is generally not a lot of information about that out there, but I hope its just a small mistake on my side!

And I've tried to isolate this error, but no success. This persists on multiple different and independent computers with very minimal installations (basically everything as here, but the encrypted /boot layout)

Thanks in advance!!!

Scimmia

Fellow

Registered: 2012-09-01

Posts: 12,169

Re: system won't boot after installing with encrypted /boot partition

I would guess you didn't set up crypttab? You still need to open the container in the actual system, grub accessing it doens't persist.