You are not logged in.

#1 2011-02-01 16:56:47

siriusb
Member
From: Hungary
Registered: 2010-01-01
Posts: 422

[SOLVED] grub2 + LUKS encrypted system without LVM

Since I plan to use GPT instead of MBR, I have to replace grub with grub2. So I did.

Some details in advance:
/boot is on a separate ext2 partition
/root and /home both are on a separate LUKS encrypted ext4 partition.

When installing grub2 it didn't recognize the encryption so I had to manually insert cryptdevice data.
I'd like to create a menu entry that is on the top of the grub menu with the correct information for a successful boot.
I created a file /etc/grub.d/1_custom_arch with the following:

#!/bin/sh -e
echo "Arch Linux with encryption to GRUB 2"
cat << EOF
menuentry "Arch Linux custom entry, with Linux vmlinuz26" --class archlinux --class gnu-linux --class gnu --class os {
    insmod ext2
    set root='(hd0,6)'
    search --no-floppy --fs-uuid --set 1111blablabla
    echo    Loading ARCH Linux vmlinuz26 ...
    linux    /vmlinuz26 root=/dev/mapper/cryptedroot cryptdevice=/dev/disk/by-uuid/22222something:cryptedroot ro quiet
    echo     Loading initial ramdisk ...
    initrd    /kernel26.img
}
EOF 

Is it viable? Is there a better way to achieve my goal?

Is it enough to remove execution permisson from 10_linux to exclude it from menu list?

Thank you.

Last edited by siriusb (2011-02-02 19:44:08)

Offline

#2 2011-02-01 17:13:14

skodabenz
Banned
From: Tamilnadu, India
Registered: 2010-04-11
Posts: 382

Re: [SOLVED] grub2 + LUKS encrypted system without LVM

siriusb wrote:

Since I plan to use GPT instead of MBR, I have to replace grub with grub2. So I did.

Some details in advance:
/boot is on a separate ext2 partition
/root and /home both are on a separate LUKS encrypted ext4 partition.

When installing grub2 it didn't recognize the encryption so I had to manually insert cryptdevice data.
I'd like to create a menu entry that is on the top of the grub menu with the correct information for a successful boot.
I created a file /etc/grub.d/1_custom_arch with the following:

#!/bin/sh -e
echo "Arch Linux with encryption to GRUB 2"
cat << EOF
menuentry "Arch Linux custom entry, with Linux vmlinuz26" --class archlinux --class gnu-linux --class gnu --class os {
    insmod ext2
    set root='(hd0,6)'
    search --no-floppy --fs-uuid --set 1111blablabla
    echo    Loading ARCH Linux vmlinuz26 ...
    linux    /vmlinuz26 root=/dev/mapper/cryptedroot cryptdevice=/dev/disk/by-uuid/22222something:cryptedroot ro quiet
    echo     Loading initial ramdisk ...
    initrd    /kernel26.img
}
EOF 

Is it viable? Is there a better way to achieve my goal?

It is indeed viable but i would suggest editing the grub.cfg directly instead of taking the long route of using this file along with grub-mkconfig to achieve the same.
I use a completely manually typed grub.cfg and have never used grub-mkconfig anytime.

Is it enough to remove execution permisson from 10_linux to exclude it from menu list?

Yes, removing exec permission from 10_linux will exclude the file from grub-mkconfig.

BTW can you use the new grub2 1.99~rc1 packages (grub2-bios - from testing repo) instead of grub2 1.98 (it is too old). Few changes in 1.99 are (hd0,6) becomes (hd0,gpt6) and 'search --no-floppy --fs-uuid --set XXXX' becomes 'search --no-floppy --fs-uuid --set=root XXXX'. Since you use use the search command, there is no need to use 'set root=' command because search will set the root correctly.

The final config which you can directly add to /boot/grub/grub.cfg for 1.99 should be something like -

menuentry "Arch Linux custom entry, with Linux vmlinuz26" --class archlinux --class gnu-linux --class gnu --class os {
    insmod ext2
    search --no-floppy --fs-uuid --set=root 1111blablabla
    linux    (${root})/vmlinuz26 root=/dev/mapper/cryptedroot cryptdevice=/dev/disk/by-uuid/22222something:cryptedroot ro quiet
    initrd    (${root})/kernel26.img
}

Or you can also use syslinux instead of grub2 if you want a simple (KISS) bootloader.

Last edited by skodabenz (2011-02-01 17:14:43)


My new forum user/nick name is "the.ridikulus.rat" .

Offline

#3 2011-02-01 17:57:42

siriusb
Member
From: Hungary
Registered: 2010-01-01
Posts: 422

Re: [SOLVED] grub2 + LUKS encrypted system without LVM

Thanks for your reply.
I think editing grub.cfg directly is against the concept of grub2. And if there is a kernel update, doesn't a grub-update take place automatically? Then it means your manually edited cfg will be overwritten.
Well, I can check 1.99 if you say it is stable enough.

Actually I want to boot from a sysrescd iso image and I know that grub2 supports it. Not sure the same applies to syslinux.

Offline

#4 2011-02-01 18:36:35

skodabenz
Banned
From: Tamilnadu, India
Registered: 2010-04-11
Posts: 382

Re: [SOLVED] grub2 + LUKS encrypted system without LVM

siriusb wrote:

Thanks for your reply.
I think editing grub.cfg directly is against the concept of grub2.

There is no such thing as for or against the concept of grub2. See http://www.gnu.org/software/grub/manual … -scripting . grub-mkconfig was introduced to enable easier config generation upon a kernel upgrade in distros where the kernel name actaully contains the kernel version (like ubuntu and fedora - not archlinux). And grub-mkconfig was a concept actually introduced for the sake of ubuntu and its derivatives (maybe also debian and its spinoffs).

And if there is a kernel update, doesn't a grub-update take place automatically? Then it means your manually edited cfg will be overwritten.

Not in archlinux. Firstly the kernel file and initramfs file paths remain same upon upgrade ( /boot/{vmlinuz26,kernel26.img} ) . Secondly no such instruction is added in kernel26's post_install script to overwrite config file. You have to remember that archlinux does not force anybody to use any one bootloader as default (not even grub-legacy) so including grub-mkconfig in kernel26 post_install script is meaningless.

Even in case of upgrading the grub2 packages, /boot/grub/grub.cfg is overwritten since the new grub.cfg file will be installed as /boot/grub/grub.cfg.pacnew .

Well, I can check 1.99 if you say it is stable enough.

I can't say grub2 itself is stable (overall) but it is definitely more stable than 1.98 release. It solves many boot problems which plagued 1.98 version (due to introduction of revamped relocator in 1.99) and includes few enhancements such as a conversion utility from grub-legacy's config file to grub2's config etc. Full 1.99~rc1 ChangeLog at http://bazaar.launchpad.net/~vcs-import … /3072/NEWS .

Actually I want to boot from a sysrescd iso image and I know that grub2 supports it. Not sure the same applies to syslinux.

Do you mean loopback option in grub2? In that case syslinux supports memdisk (not similar to loopback but achieves the same). In any case it is easier to fallback to grub2 incase of boot problems that in case of syslinux. At least thats my opinion. I just mentioned syslinux because few people prefer simple bootloader for which grub2 doesn't fit the description.


My new forum user/nick name is "the.ridikulus.rat" .

Offline

#5 2011-02-01 18:52:13

siriusb
Member
From: Hungary
Registered: 2010-01-01
Posts: 422

Re: [SOLVED] grub2 + LUKS encrypted system without LVM

Thanks for clarifying things. As you noticed I read through the ubuntu guide (too), and that guide doesn't apply here. Actuallly I am quite happy that I can edit grub.cfg directly smile

At the moment I am backing up everything to a new HDD and after rsync is done I'll create GPT and restore my system to my old winchester. I am very curious whether I will be able to install grub2 porperly using GUID and all those encrypted partitions. big_smile Hope I'll finish berfore midnight...
OMG all these fancy things in one step smile So I won't familiarize myself with syslinux right now, but nevertheless will in future. I like the KISS principle, too. But I am not the linux guru who can do all these things in a moment. Not a guru at all, just an avarage user. I have to read a lot beforehand.

Offline

#6 2011-02-02 03:25:18

skodabenz
Banned
From: Tamilnadu, India
Registered: 2010-04-11
Posts: 382

Re: [SOLVED] grub2 + LUKS encrypted system without LVM

siriusb wrote:

Thanks for clarifying things. As you noticed I read through the ubuntu guide (too), and that guide doesn't apply here. Actuallly I am quite happy that I can edit grub.cfg directly smile

At the moment I am backing up everything to a new HDD and after rsync is done I'll create GPT and restore my system to my old winchester. I am very curious whether I will be able to install grub2 porperly using GUID and all those encrypted partitions. big_smile Hope I'll finish berfore midnight...

http://wiki.archlinux.org/index.php/GRUB2 and https://wiki.archlinux.org/index.php/GU … tion_Table will clarify your doubt. Don't know about encypted partitions though. I don't use any kind of encryption to be able answer your questions.

OMG all these fancy things in one step smile So I won't familiarize myself with syslinux right now, but nevertheless will in future. I like the KISS principle, too. But I am not the linux guru who can do all these things in a moment. Not a guru at all, just an avarage user. I have to read a lot beforehand.

Always archwiki and google are you friends.

Last edited by skodabenz (2011-02-02 03:27:15)


My new forum user/nick name is "the.ridikulus.rat" .

Offline

#7 2011-02-02 15:02:31

siriusb
Member
From: Hungary
Registered: 2010-01-01
Posts: 422

Re: [SOLVED] grub2 + LUKS encrypted system without LVM

skodabenz
Could you explain some things for me, please?

Here is a part of my newly generated grub.cfg with grub2 1.99

insmod part_gpt
insmod ext2
set root='(hd0,gpt6)'
search --no-floppy --fs-uuid --set=root UUIDboot
if loadfont /grub/unicode.pf2 ; then
  set gfxmode=640x480
  load_video
  insmod gfxterm
fi
terminal_output gfxterm
insmod part_gpt
insmod ext2
set root='(hd0,gpt6)'
search --no-floppy --fs-uuid --set=root UUIDboot
set locale_dir=($root)/grub/locale
set lang=en_US
insmod gettext
set timeout=5

insmod part_gpt and insmod ext2 are there because I use GPT and boot partition is ext2 I think. But why are there 2 rows for boot partition (set root='(hd0,gpt6)' and
search --no-floppy --fs-uuid --set=root UUIDboot
)?
And why this section is repeated later?

insmod part_gpt
insmod ext2
set root='(hd0,gpt6)'
search --no-floppy --fs-uuid --set=root UUIDboot

What is

insmod gettext

?
Another section, a menuentry:

menuentry 'Arch Linux, with Linux vmlinuz26' --class archlinux --class gnu-linux --class gnu --class os {
    load_video
    insmod part_gpt
    insmod ext2
    set root='(hd0,gpt6)'
    search --no-floppy --fs-uuid --set=root UUIDboot
    echo    'Loading Linux vmlinuz26 ...'
    linux    /vmlinuz26 root=/dev/mapper/cryptedroot ro  quiet
    echo    'Loading initial ramdisk ...'
    initrd    /kernel26.img
}

Why are insmod part_gpt, insmod ext2, set root, search repetead inside the entry? Do I really need them?

Offline

#8 2011-02-02 19:30:34

skodabenz
Banned
From: Tamilnadu, India
Registered: 2010-04-11
Posts: 382

Re: [SOLVED] grub2 + LUKS encrypted system without LVM

siriusb wrote:

skodabenz
Could you explain some things for me, please?

insmod part_gpt and insmod ext2 are there because I use GPT and boot partition is ext2 I think. But why are there 2 rows for boot partition (set root='(hd0,gpt6)' and
search --no-floppy --fs-uuid --set=root UUIDboot
)?
And why this section is repeated later?

Actually 'set root=(hd0,gpt6)' sets the root variable in kernel and then grub2 add the search command. In case the search command does not return any value, grub2 can fallback to earlier value to the 'root' variable.

What is

insmod gettext

?

Internationalization, for native language support (NLS)

Why are insmod part_gpt, insmod ext2, set root, search repeated inside the entry? Do I really need them?

I guess you don't need them since they are already outside the menuentries, but grub-mkconfig is designed that way. I don't use grub-mkconfig generated grub.cfg but instead use my own manually typed grub.cfg .


My new forum user/nick name is "the.ridikulus.rat" .

Offline

#9 2011-02-02 19:43:24

siriusb
Member
From: Hungary
Registered: 2010-01-01
Posts: 422

Re: [SOLVED] grub2 + LUKS encrypted system without LVM

Then I can skip set root command. In this way if the order of the hard drives changes, grub will still find the kernel. Great. I like it.
And I can override the root variable in a menu entry as I did with sysrescd iso image. I really like gub2. (Using 1.99 rc1 as you suggested.)

I'll do more cleaning up in grub.cfg.

Thanks for all your help I really appreciate it.

Offline

Board footer

Powered by FluxBB