Arch Linux

arxrzb

Member

Registered: 2024-10-18

Posts: 5

[SOLVED] GRUB error failed to mount on real root (encrypted drive)

Hello dear community,

I reinstalled Arch recently so I could encrypt my drive, but I have not managed to load properly into the system using Grub. I always end up with an error and in the emergency shell, see below.

I freshly installed Arch with one unencrypted EFI boot partition (nvme0n1p1), and two encrypted partitions, one root (nvme0n1p2) and one home (nvme0n1p3). For both of them I followed the luks encryption guide on the wiki.

In the error above it is looking for the UUID of dev/mapper/root, even though I put into the /etc/default/grub the command for booting encrypted drives with the UUID of nvme0n1p2:

After changing the file I ran grub-mkconfig to update the grub.cfg file. Yet no success. I hope you can help me

PS. Sorry for the photos, I am on the phone.

Last edited by arxrzb (2024-10-30 08:21:15)

Scimmia

Fellow

Registered: 2012-09-01

Posts: 12,079

Re: [SOLVED] GRUB error failed to mount on real root (encrypted drive)

That error isn't from GRUB, it's from the initramfs. How did you set up the HOOKS in mkinitcpio.conf?

That output doesn't match the kernel command line shown, though. Did you regenerate the grub config in the correct location?

Last edited by Scimmia (2024-10-18 14:18:49)

arxrzb

Member

Registered: 2024-10-18

Posts: 5

Re: [SOLVED] GRUB error failed to mount on real root (encrypted drive)

Thanks for the quick reply. I adjusted /etc/mkinitcpio.conf based on the wiki:

HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt filesystems fsck)

The grub.cfg is at /boot/grub/grub.cfg. Below an excerpt with the relevant lines (I assume):

Thanks!

frostschutz

Member

Registered: 2013-11-15

Posts: 1,471

Re: [SOLVED] GRUB error failed to mount on real root (encrypted drive)

you have two luks devices, one is the encrypted boot? the other the encrypted lvm/root?

you need the boot luks uuid for grub (if you are using grub enable cryptodisk, i.e. encrypted boot).

the kernel parameter needs the root/lvm luks uuid.

currently you seem to be using the same uuid in both instances which, should not be correct

arxrzb

Member

Registered: 2024-10-18

Posts: 5

Re: [SOLVED] GRUB error failed to mount on real root (encrypted drive)

Boot should not be encrypted, I have encrypted only root and home partitions.

frostschutz

Member

Registered: 2013-11-15

Posts: 1,471

Re: [SOLVED] GRUB error failed to mount on real root (encrypted drive)

okay... so no /boot partition and kernels are in rootfs /boot/...?

in the initramfs shell, try

cryptsetup --help (is cryptsetup available at all?)
cat /proc/partitions (are block devices detected?)
cat /proc/cmdline (are the boot parameters as expected?)
ls -l /dev/disk/by-uuid (list of known device uuids)

Last edited by frostschutz (2024-10-18 14:59:46)

arxrzb

Member

Registered: 2024-10-18

Posts: 5

Re: [SOLVED] GRUB error failed to mount on real root (encrypted drive)

Sorry, I didn’t understand your first question.

Yes, encrypt is in HOOKS.

For the rest, see the screenshot:

I can even mount the dev/mapper/root into new_root to get to the login screen of arch. However, when I reboot the error comes again. So I would have to unlock the drives and mount in order to login every time I boot, which is quite tedious.

live4thamuzik

Member

Registered: 2024-02-27

Posts: 31

Re: [SOLVED] GRUB error failed to mount on real root (encrypted drive)

Why not use LVM on /dev/nvme0n1p3 after cryptsetup?

Make a volume group with the physical volume being /dev/mapper/lvm which would contain two logical volumes, root & home.

This will effectively give you separate root and home partitions while keeping encryption. Unless you have a security reason why you need root and home encrypted separately. Of course you would need to install lvm2 and add a HOOK for it right after "encrypt" if you went this route.

Disk setup with fdisk (sizes and file systems are just examples)

g
n
(keep default)
(keep default)
+1G
t
1
n
2
(keep default)
+1G
n
3
(keep default)
(keep default)
t
3
44
w

LUKS & LVM (partitions sizes are just examples)

cryptsetup luksFormat /dev/nvme0n1p3
YES
$PASSWD
$PASSWD
cryptsetup open --type luks /dev/nvme01np3 lvm
pvcreate /dev/mapper/lvm
vgcreate volgroup0 /dev/mapper/lvm
lvcreate -L 100GB volgroup0 -n lv_root
lvcreate -l 100%FREE volgroup0 -n lv_home
modprobe dm_mod
vgscan
vgchange -ay
mkfs.ext4 /dev/volgroup0/lv_root
mount /dev/volgroup0/lv_root /mnt
mkdir /mnt/boot
mount /dev/nvme0n1p2 /mnt/boot
mkfs.ext4 /dev/volgroup0/lv_home
mkdir /mnt/home
mount /dev/volgroup0/lv_home /mnt/home
mkdir /mnt/etc

.... pacstrap ...genfstab ....chroot ... install pkgs.... add HOOKS....

GRUB

mkdir /boot/EFI
mount /dev/nvme0n1p1 /boot/EFI
grub-install --target=x86_64-efi --bootloader-id=grub_uefi --recheck
cp /usr/share/locale/en\@quot/LC_MESSAGES/grub.mo /boot/grub/locale/en.mo

From here you can point GRUB the the UUID of partition 3:VolumeGroup with a path to the root logical volume before running grub-mkconfig.

cryptearth

Member

Registered: 2024-02-03

Posts: 962

Re: [SOLVED] GRUB error failed to mount on real root (encrypted drive)

g
n
(keep default)
(keep default)
+1G
t
1
n
2
(keep default)
+1G
n
3
(keep default)
(keep default)
t
3
44
w

instead of just spamming key presses for interactive fdisk you should explain what they do:

g // create a new gpt - warning: this will wipe the disk!
n // create new partition
(keep default) // partition number - default= next available
(keep default) // start sector - default= next available
+1G // partition size 1gb
t // change type for freshly created partition
1 // set type to 1 (should be ESP)
n // new partition
2 // set index 2 (not required as we currently creating the second partition so default would be 2 anyway)
(keep default) // start sector - again: default is next available sector
+1G // partition size - 1gb again ?
// not setting any type for partition 2 at all - so "default" - which is usually "linux root"
n // new partition
3 // index 3 - again: not needed
(keep default) // start sector
(keep default) // end sector - when not given: rest of available free space
t // set type
3 // for partition 3
44 // set type to number 44 (home?)
w // write to disk

there're more errors:

mkdir /mnt/boot
mount /dev/nvme0n1p2 /mnt/boot

will fail because you not created any filesystem on p2 - also: not setting partition type but leaving it as linux root but then mount it as /boot can cause issues

mkdir /boot/EFI
mount /dev/nvme0n1p1 /boot/EFI

the esp mountpoint should NOT be named uppercase EFI but just lowercase efi - when you use a case-sensitive posix FS like ext4 this will make a difference - so the mountpoint should be /boot/efi or just /efi
also: will fail also due to no filesystem created on it

live4thamuzik

Member

Registered: 2024-02-27

Posts: 31

Re: [SOLVED] GRUB error failed to mount on real root (encrypted drive)

Sorry I was being rather lazy and assumed knowledge of fdisk commands - I added the correct partition types below as ESP and home were incorrect. Also added the missing commands that were needed to format partitions 1 and 2 which would have caused errors.

Disk setup with fdisk (sizes and file systems are just examples)

g // create a new gpt - warning: this will wipe the disk!
n // create new partition
(keep default) // partition number - default= next available
(keep default) // start sector - default= next available
+1G // partition size 1gb (sizing is just generous placeholders)
t // change type for freshly created partition
1 // set type to 1 (Type 1 is EFI)
n // new partition
2 // set index 2 (not required as we currently creating the second partition so default would be 2 anyway)
(keep default) // start sector - again: default is next available sector
+1G // partition size - 1gb again ? sizing is just generous placeholders)
// not setting any type for partition 2 at all - so "default" - which is usually "linux root"
n // new partition
3 // index 3 - again: not needed
(keep default) // start sector
(keep default) // end sector - when not given: rest of available free space
t // set type
3 // for partition 3
44 // set type to number 44 (Type 44 is LVM)
w // write to disk

LUKS & LVM (partitions sizes are just examples)

mkfs.fat -F32 /dev/nvme0n1p1 //format partition 1
mkfs.ext4 /dev/nvme0n1p2 //format partition 2
cryptsetup luksFormat /dev/nvme0n1p3  //encrypt partition3 using LUKS
YES // confirm you want to encrypt that partition
$PASSWD // set password
$PASSWD //confirm password
cryptsetup open --type luks /dev/nvme01np3 lvm //unlock encrypted partition and label it "lvm"
pvcreate /dev/mapper/lvm  // create physical volume /dev/mapper/lvm"
vgcreate volgroup0 /dev/mapper/lvm //create volume group "volgroup0" on /dev/mapper/lvm
lvcreate -L 100GB volgroup0 -n lv_root //create 100GB logical volume for root 
lvcreate -l 100%FREE volgroup0 -n lv_home //create logical volume for home using the remaining free space on partition 3
modprobe dm_mod //load kernel modules into memory
vgscan //scan for volume groups
vgchange -ay //mark the found volume group as active
mkfs.ext4 /dev/volgroup0/lv_root
mount /dev/volgroup0/lv_root /mnt
mkdir /mnt/boot 
mount /dev/nvme0n1p2 /mnt/boot
mkfs.ext4 /dev/volgroup0/lv_home
mkdir /mnt/home
mount /dev/volgroup0/lv_home /mnt/home
mkdir /mnt/etc

.... pacstrap ...genfstab ....chroot ... install pkgs.... add HOOKS....

GRUB

mkdir /boot/efi
mount /dev/nvme0n1p1 /boot/efi

From here you can point GRUB the the UUID of "/dev/nvme0n1p3:volgroup0" with a path to the root logical volume before running grub-mkconfig.

Strike0

Member

From: Germany

Registered: 2011-09-05

Posts: 1,481

Re: [SOLVED] GRUB error failed to mount on real root (encrypted drive)

Boot should not be encrypted, I have encrypted only root and home partitions.

You have GRUB_ENABLE_CRYPTODISK set, this results in grub trying to unlock a cryptodisk. You need to unset that and have your /boot mounted outside the root device, then reinstall grub.

arxrzb

Member

Registered: 2024-10-18

Posts: 5

Re: [SOLVED] GRUB error failed to mount on real root (encrypted drive)

Thank you guys for the suggestions. I tried again and „fixed“ the issue by reformatting the drive and only encrypting the root partition, and then after installing arch encrypting the second partition.

I don’t know what went wrong the first time, but I‘ll mark the topic as solved.