You are not logged in.

#1 2024-09-02 15:58:58

terdon
Member
Registered: 2024-09-02
Posts: 4

Can only boot using fallback and not mounting encrypted home

Summary:

After trying and failing to change a grub setting (I think this isn't relevant to my current issue, but you can find all the details here), I can only boot using the fallback option.

Details

I am using Arch on a laptop, with an encrypted /home partition (don't ask, not my choice, work laptop). When trying to boot into my regular system, I just see a "looading Linux linux" message and then nothing happens. Removing "quiet" from the grub options makes no difference. It seems like it isn't finding my initial ramdisk for some reason. This is the grub entry that does NOT work:


menuentry 'Arch Linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-32133dd7-9a48-4b9d-b2e0-6e383e95631d' {
	load_video
	set gfxpayload=keep
	insmod gzio
	insmod part_gpt
	insmod ext2
	search --no-floppy --fs-uuid --set=root 32133dd7-9a48-4b9d-b2e0-6e383e95631d
	echo	'Loading Linux linux ...'
	linux	/vmlinuz-linux root=/dev/nvme0n1p5 rw ibt=off loglevel=3 quiet
}

When I choose one of the fallback options, specifically this one:

menuentry 'Arch Linux, with Linux linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-advanced-32133dd7-9a48-4b9d-b2e0-6e383e95631d' {
		load_video
		set gfxpayload=keep
		insmod gzio
		insmod part_gpt
		insmod ext2
		search --no-floppy --fs-uuid --set=root 32133dd7-9a48-4b9d-b2e0-6e383e95631d
		echo	'Loading Linux linux ...'
		linux	/boot/vmlinuz-linux root=UUID=32133dd7-9a48-4b9d-b2e0-6e383e95631d rw ibt=off loglevel=3 quiet
		echo	'Loading initial ramdisk ...'
		initrd	/boot/intel-ucode.img /boot/initramfs-linux.img
	}

I do boot, and then I am prompted to enter the disk decryption password, but after entering it (correctly), I am thrown to a rescue shell ("Enter root password for maintenance"). Now, in that rescue shell, if I mount my encrypted home with:

cryptsetup open /dev/nvme0n1p6 home

Which prompts me for the password again, and I enter the same thing as before, this time it works. So I mount with:

mount /dev/mapper/home /home

And then run `exit` (Ctrl+D) to exit the rescue shell and continue booting. It prompts me for the password yet again, but this time it works and I finally boot into a working GUI system.

How can I make this permanent? Ideally, I would like my first boot option to work as it used to before I started screwing with it. Alternatively, I can stick with the fallback, but I would need it to mount my encrypted disk without needing to drop into the rescue shell.

-------

Extra details.

  • mkinitcpio.conf

    $ sudo grep '^[^#]' /etc/mkinitcpio.conf
    MODULES=()
    BINARIES=()
    FILES=()
    HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt filesystems fsck)
  • /etc/crypttab

    $ sudo grep '^[^#]' /etc/crypttab
    home    /dev/nvme0n1p6

Please let me know if I can provide any more info.

Last edited by terdon (2024-09-02 16:04:33)

Offline

#2 2024-09-02 16:21:48

Scimmia
Fellow
Registered: 2012-09-01
Posts: 12,271

Re: Can only boot using fallback and not mounting encrypted home

Well you're not telling it to load the initramfs (no initrd line). What you're calling the fallback entry isn't, that's a normal entry loading the normal initramfs.

Get rid of the encrypt hook, you're not mounting anything encrypted in the initramfs.

Let's see the system log when you're doing all of this.

Offline

#3 2024-09-02 17:03:43

terdon
Member
Registered: 2024-09-02
Posts: 4

Re: Can only boot using fallback and not mounting encrypted home

Scimmia wrote:

Well you're not telling it to load the initramfs (no initrd line). What you're calling the fallback entry isn't, that's a normal entry loading the normal initramfs.

Yes, and this is a large part of where my confusion stems from. The fallback entry (I am calling it a fallback because grub-mkconfig is putting it under the "Advanced options for Arch Linux" and the main entry it generates doesn't have the initrd line) that works has the initrd. Is this needed? I know very little about this sort of thing and had a vague idea that systemd somehow replaced initrd, but I don't really know what I'm talking about here.

Should I just add the initrd line? But then why doesn't grub-mkconfig add it?

Get rid of the encrypt hook, you're not mounting anything encrypted in the initramfs.

Done. I edited /etc/mkinitcpio.conf to:

HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block filesystems fsck)

Then ran

$ sudo mkinitcpio -P
==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default'
==> Using default configuration file: '/etc/mkinitcpio.conf'
  -> -k /boot/vmlinuz-linux -g /boot/initramfs-linux.img
==> Starting build: '6.10.7-arch1-1'
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [autodetect]
  -> Running build hook: [microcode]
  -> Running build hook: [modconf]
  -> Running build hook: [kms]
  -> Running build hook: [keyboard]
==> WARNING: Possibly missing firmware for module: 'xhci_pci'
  -> Running build hook: [keymap]
  -> Running build hook: [consolefont]
==> WARNING: consolefont: no font found in configuration
  -> Running build hook: [block]
  -> Running build hook: [filesystems]
  -> Running build hook: [fsck]
==> Generating module dependencies
==> Creating zstd-compressed initcpio image: '/boot/initramfs-linux.img'
  -> Early uncompressed CPIO image generation successful
==> Initcpio image generation successful
==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'fallback'
==> Using default configuration file: '/etc/mkinitcpio.conf'
  -> -k /boot/vmlinuz-linux -g /boot/initramfs-linux-fallback.img -S autodetect
==> Starting build: '6.10.7-arch1-1'
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [microcode]
  -> Running build hook: [modconf]
  -> Running build hook: [kms]
==> WARNING: Possibly missing firmware for module: 'ast'
  -> Running build hook: [keyboard]
==> WARNING: Possibly missing firmware for module: 'xhci_pci'
  -> Running build hook: [keymap]
  -> Running build hook: [consolefont]
==> WARNING: consolefont: no font found in configuration
  -> Running build hook: [block]
==> WARNING: Possibly missing firmware for module: 'qla2xxx'
==> WARNING: Possibly missing firmware for module: 'qed'
==> WARNING: Possibly missing firmware for module: 'aic94xx'
==> WARNING: Possibly missing firmware for module: 'wd719x'
==> WARNING: Possibly missing firmware for module: 'bfa'
==> WARNING: Possibly missing firmware for module: 'qla1280'
  -> Running build hook: [filesystems]
  -> Running build hook: [fsck]
==> Generating module dependencies
==> Creating zstd-compressed initcpio image: '/boot/initramfs-linux-fallback.img'
  -> Early uncompressed CPIO image generation successful
==> Initcpio image generation successful

Let's see the system log when you're doing all of this.

Happy to. Can you clarify which one? Do you want a full journactl -xb after rebooting? Something else?

Offline

#4 2024-09-02 17:07:40

Scimmia
Fellow
Registered: 2012-09-01
Posts: 12,271

Re: Can only boot using fallback and not mounting encrypted home

Yes, the initrd line is obviously required. A fallback entry will load the fallback initramfs, a normal entry will load the normal initramfs

journalctl -b will be fine, don't use -x

Offline

#5 2024-09-02 17:28:19

terdon
Member
Registered: 2024-09-02
Posts: 4

Re: Can only boot using fallback and not mounting encrypted home

Thanks, Scimmia. You can see the output of journalctl -b here: https://pastebin.com/RAwSEpFP

The only obviously relevant thing to my ignorant eye is:

Sep 02 18:15:25 oregano systemd-cryptsetup[450]: Set cipher aes, mode xts-plain64, key size 512 bits for device /dev/nvme0n1p6.
Sep 02 18:15:25 oregano systemd-cryptsetup[450]: Device home already exists.
Sep 02 18:15:25 oregano systemd-cryptsetup[450]: Failed to activate with specified passphrase: File exists
Sep 02 18:15:25 oregano systemd[1]: systemd-cryptsetup@home.service: Main process exited, code=exited, status=1/FAILURE
Sep 02 18:15:25 oregano systemd[1]: systemd-cryptsetup@home.service: Failed with result 'exit-code'.
Sep 02 18:15:25 oregano systemd[1]: Failed to start Cryptography Setup for home.
Sep 02 18:15:25 oregano systemd[1]: Dependency failed for Local Encrypted Volumes.
Sep 02 18:15:25 oregano systemd[1]: cryptsetup.target: Job cryptsetup.target/start failed with result 'dependency'.
Sep 02 18:15:25 oregano systemd[1]: run-credentials-systemd\x2dcryptsetup\x40home.service.mount: Deactivated successfully.
Sep 02 18:15:25 oregano systemd[1]: Reached target Block Device Preparation for /dev/mapper/home.

Now, remember, this is the output after I:

1. Used what I am (incorrectly) calling the fallback option.
2. That booted me into a rescue shell after prompting for the password to mount the encrypted drive and despite getting the right password.
3. I decrypted and mounted manually as described in the main post.
4. Ctrl+D to continue
5. Entered password again.
6. Finally got to gdm, logged in and ran journalctl.

Offline

#6 2024-09-02 23:06:58

Scimmia
Fellow
Registered: 2012-09-01
Posts: 12,271

Re: Can only boot using fallback and not mounting encrypted home

It seems to be trying to mount /home before decryption. I wonder if fstab or systemd's GPT mount generator are causing a problem, could you post /etc/fstab and the output of fdisk -l /dev/nvme0n1?

Edit: unrelated, but turning off ibt hasn't been needed for quite a while now with current drivers, only 470 and older.

Last edited by Scimmia (2024-09-03 02:44:59)

Offline

#7 2024-09-14 14:34:25

terdon
Member
Registered: 2024-09-02
Posts: 4

Re: Can only boot using fallback and not mounting encrypted home

Sorry for the delay, I haven't had time to work on this for a while. My fstab:

$ grep '^[^#].' /etc/fstab
UUID=32133dd7-9a48-4b9d-b2e0-6e383e95631d	/         	ext4      	rw,relatime	0 1
UUID=26d1ccd8-4add-48b6-83db-9cce8f90cd98       /home     ext4  rw,relatime    0 2
UUID=ff3c9de1-417c-4c4d-8150-a89d222ae60b	none      	swap      	defaults  	0 0

and fdisk:

$ sudo fdisk -l /dev/nvme0n1
Disk /dev/nvme0n1: 953.87 GiB, 1024209543168 bytes, 2000409264 sectors
Disk model: SAMSUNG MZVLB1T0HBLR-000L7              
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 97ED36D9-B503-42C1-ACE5-3E2E49212F20

Device              Start        End    Sectors   Size Type
/dev/nvme0n1p1       2048     534527     532480   260M EFI System
/dev/nvme0n1p2     534528     567295      32768    16M Microsoft reserved
/dev/nvme0n1p3     567296  390625000  390057705   186G Microsoft basic data
/dev/nvme0n1p4 1998360576 2000408575    2048000  1000M Windows recovery environment
/dev/nvme0n1p5  390625280  509251583  118626304  56.6G Linux filesystem
/dev/nvme0n1p6  509253632 1935546367 1426292736 680.1G Linux filesystem
/dev/nvme0n1p7 1935546368 1998360575   62814208    30G Linux swap

Partition table entries are not in disk order.

Offline

Board footer

Powered by FluxBB