View previous topic :: View next topic |
Author |
Message |
anemptygun n00b
Joined: 18 Aug 2014 Posts: 13
|
Posted: Sun Sep 21, 2014 12:43 am Post subject: device-mapper: remove ioctl error |
|
|
Hello all,
I have been trying for a while now to get a gentoo install with full disk encryption set up here. I have made it to the portion of setting up my initramfs and this is where I am stuck. I have been following some guides online and talking to people on IRC but to no avail yet. Im just dropping myself to a rescue shell when init starts. This is so I can run each command by hand, to make sure each command works properly. I am trying to use a two factor setup with a gpg key + passphrase. This is what my init will look like.
Code: | #!/bin/busybox sh
rescue_shell() {
echo "Something went wrong. Dropping you to a shell."
busybox --install -s
exec /bin/sh
}
#mount proc and sys filesystems
setsid cttyhack sh
mount -t proc none /proc
mount -t sysfs none /sys
mount -t devtmpfs none /dev
sleep 10
mount -o ro $(findfs UUID=<MY USB UUID>) /mnt/usb
echo 0 > /proc/sys/kernel/printk
clear
busybox --install -s
# decrypt
/bin/gpg --decrypt /mnt/usb/luks-key.gpg | /sbin/cryptsetup --key-file - luksOpen $(findfs UUID=<MY SSD UUID>) gentoo
/sbin/lvm vgscan --mknodes
/sbin/lvm lvchange -a ly vg/swap
/sbin/lvm lvchange -a ly vg/home
/sbin/lvm lvchange -a ly vg/root
#mount
mount /dev/mapper/vg1-root /mnt/root
mount /dev/mapper/vg1-home /mnt/home
#cleanup
umount /proc
umount /sys
umount /mnt/usb
# and we continue
exec switch_root /mnt/root /sbin/init |
When I get to the portion where cryptsetup has to decrypt the disk, i get this error (repeated 7 times)..
Code: | Failed to open temporary keystore device.
device-mapper: remove ioctl on temporary-cryptsetup-1270 failed: no such device or address |
Any ideas what I can do to resolve this? On the cryptsetup website I stumbled across this bug report but it doesnt seem to contain any useful info except that it could be an issue with udev. Help me gentoo'ers you're my only hope!
Background info:
Kernel enabled initramfs, devtmpfs, device-mapper support, various cipher supports,
Statically emerged gpg 1.4, cryptsetup, busybox, and lvm. |
|
Back to top |
|
|
Roman_Gruber Advocate
Joined: 03 Oct 2006 Posts: 3846 Location: Austro Bavaria
|
Posted: Sun Sep 21, 2014 9:15 am Post subject: |
|
|
The easy way for myself was to build an initramfs from genkernel. it works decent here with encryption.
You can do the other way around and make your own but why should you when genkernel give it to you for free? |
|
Back to top |
|
|
anemptygun n00b
Joined: 18 Aug 2014 Posts: 13
|
Posted: Mon Sep 22, 2014 3:02 am Post subject: |
|
|
Hey tw04l124,
Would I be able to use genkernel and have it automatically detect for my specific encryption setup? I was under the impression that it wouldn't, and that I would be better off skipping the attempt and try to go full a full manual setup from the get go. This would be great news if I could use this type of solution... |
|
Back to top |
|
|
anemptygun n00b
Joined: 18 Aug 2014 Posts: 13
|
Posted: Wed Sep 24, 2014 4:39 am Post subject: |
|
|
So I am trying to give genkernel a shot, and am issuing the command..
Code: |
genkernel --lvm --gpg --luks initramfs |
Everything seems to go ok with no error and it drops my file in /boot. I then run this command to update my grub config..
Code: | grub2-mkconfig -o /boot/grub/grub.cfg |
Everything still seems ok. Reboot and it complains about not being able to find the root directory. I feel like I'm missing some other configuration component.. Do I have to make additional changes to my /etc/fstab? Sorry for my ignorance, been trying to go through google to find guides on what specifically has to be set, but nothing is very clear to me. |
|
Back to top |
|
|
Roman_Gruber Advocate
Joined: 03 Oct 2006 Posts: 3846 Location: Austro Bavaria
|
Posted: Wed Sep 24, 2014 9:02 am Post subject: |
|
|
okay.
it is your job to add encryption to your kernel. mark them as build in!!
start from scratch, new name for your kernel
If you are unsure just add any encryption as build in in your kernel.
than fire up genkernel and let it only make the initramfs
bild the kernel
adjust grub with new kernel and new initramfs from genkerel.
this works for me on openrc. Please dont ask me on systemd, because i will never use it.
i can show you my grub conf if needed. but there are plenty of documents online.
grub needs some flags like lvm, luks and some others (for me)
it depends on your setup, what you did, lvm luks and whatever you did to encrypt. i can not guess your setup.
edit: it could be that some of your ebuilds needs static flags, busy box maybe have to be installed, lvm ... support as build in in your kernel. right grub command line. basically with this advise above and google you should be able to do it as i do it.
i run encryption for a long time on an old t9500 notebook cpu. |
|
Back to top |
|
|
Roman_Gruber Advocate
Joined: 03 Oct 2006 Posts: 3846 Location: Austro Bavaria
|
Posted: Wed Sep 24, 2014 9:19 am Post subject: |
|
|
Well i should be more specific.
First of all I never update my boot loader or my initramfs because it is not needed. IT is just needed to load the kernel and get the system up so openrc can go on. (I am not a specialist but I think in a greater point of view It may be correct).
Here is one entry of grub2 from linux-mint. as you can see my initramfs dates back to september of 2012, lol. Basically i tell grub that i need init system of linuxrc, a small 8mb ramdisk, the name of the lvm volume, to enforce lvm with dolvm, and thats it.
Code: | menuentry ' **** 3.10.30-gentoo_20_02_2014' --class gentoo --class gnu --class os {
linux /3.10.30-gentoo_20_02_2014 init=linuxrc ramdisk=8192 crypt_root=dev/mapper/vg_root_volume-lv_real_root realroot=/dev/mapper/lv_real_root dolvm
initrd /initramfs-genkernel-x86_64-3.5.3-gentoo_Sept_2012
}
|
I have no idea about genkernel invocation but it was something, plesae do not bug me that you can not use it, please check man genkernel.
it was something like
genkernel addlvm addluks build_initramfs_only take_this_kernel_config_file take_this_kernel_directory
I am sorry for not beeing more specific but man is your friend and there are howtos too. as encryption of root is widespread it is a bit difficult to give general statements.
one thing, i use unencrypted ext2 boot partition. you can boot from a pendrive too,
please report back what you did and where you are stuck.
edit: fstab depends on your setup? is it with lvm or not? and such, my etc/fstab uses the lvm_volume_name bc i use lvm |
|
Back to top |
|
|
anemptygun n00b
Joined: 18 Aug 2014 Posts: 13
|
Posted: Fri Sep 26, 2014 4:43 am Post subject: |
|
|
Thanks for the response
I have created my kernel with my necessary cipher support (Serpent), along with device mapper, crypt target, and initramfs support.
I am using OpenRC, not systemd.
I am using lvm, with unencrypted boot partition (internal drive), with my gpg luks key on usb drive (external). This is what my fstab looks like..
Code: | # <fs> <mountpoint> <type> <opts> <dump/pass>
# NOTE: If your BOOT partition is ReiserFS, add the notail option to opts.
/dev/boot /boot ext4 noauto,noatime 1 2
/dev/mapper/vg1-root / ext4 defaults,noatime,discard,errors=remount-ro 0 1
/dev/mapper/vg1-swap none swap defaults,noatime,discard 0 0
/dev/mapper/vg1-home /home ext4 noauto,noatime,discard 0 2 |
genkernel appears to create an initramfs without problem. Here is the output.
Code: | (chroot) livecd / # genkernel --lvm --gpg --luks --disklabel initramfs
* Gentoo Linux Genkernel; Version 3.4.49.2
* Running with options: --lvm --gpg --luks --disklabel initramfs
* Using genkernel.conf from /etc/genkernel.conf
* Sourcing arch-specific config.sh from /usr/share/genkernel/arch/x86_64/config.sh ..
* Sourcing arch-specific modules_load from /usr/share/genkernel/arch/x86_64/modules_load ..
* Linux Kernel 3.14.14-gentoo for x86_64...
* .. with config file /usr/share/genkernel/arch/x86_64/kernel-config
* busybox: >> Using cache
* initramfs: >> Initializing...
* >> Appending base_layout cpio data...
* >> Appending auxilary cpio data...
* >> Copying keymaps
* >> Appending busybox cpio data...
* >> Appending lvm cpio data...
* LVM: Adding support (compiling binaries)...
* lvm: >> Using cache
* >> Appending luks cpio data...
* Including LUKS support
* >> Appending gpg cpio data...
* >> Appending modules cpio data...
* >> Appending blkid cpio data...
* >> Appending modprobed cpio data...
* >> Appending linker cpio data...
* >> Finalizing cpio...
* >> Compressing cpio data (.xz)...
* WARNING... WARNING... WARNING...
* Additional kernel cmdline arguments that *may* be required to boot properly...
* add "dolvm" for lvm support
* With support for several ext* filesystems available, it may be needed to
* add "rootfstype=ext3" or "rootfstype=ext4" to the list of boot parameters.
* Do NOT report kernel bugs as genkernel bugs unless your bug
* is about the default genkernel configuration...
*
* Make sure you have the latest ~arch genkernel before reporting bugs. |
Here is an image of the error which I get whenever I reboot and try to start up the system.
Quote: | grub needs some flags like lvm, luks and some others (for me) |
I have a feeling this is where my problem is at. Which grub file do I need to edit?
Thanks for the help, this is all new to me |
|
Back to top |
|
|
Roman_Gruber Advocate
Joined: 03 Oct 2006 Posts: 3846 Location: Austro Bavaria
|
Posted: Fri Sep 26, 2014 7:20 am Post subject: |
|
|
as posted earlier
Quote: | linux /3.10.30-gentoo_20_02_2014 init=linuxrc ramdisk=8192 crypt_root=dev/mapper/vg_root_volume-lv_real_root realroot=/dev/mapper/lv_real_root dolvm |
I need the dolvm, realroot and crypt_root parameter. you better check an encryption howto.
you can edit grub on the fly when you boot the box, and therefore you can try around.
genkernel output what you posted
Quote: | * Additional kernel cmdline arguments that *may* be required to boot properly...
* add "dolvm" for lvm support |
you may post the section of your grub.cfg as I did so we can have a look together. please also provide if its grub 1 or 2.
i just saw that you use UUID. No idea about how to use that properly.
well one idea which I had.
boot a livecd and try to open your root manually to verify if you set it up correct.
something like vgchange -ay, and than cryptsetup luksopen /dev/mapper/encrypted unencryped_name_whatever_you_choose
mount /dev/mapper/encrypted unencryped_name_whatever_you_choose /mountpoint
ls /mountpoint to check if its your contents.
your screenshot indicates that the volume groups are not found which could basically means from bottom up. no support for your harddrive controller, no support for lvm, and so on. i wouldnt use these uuid things personally. try to use it as i did with the names.
i think your issue is caused by using UUID instead of human readable mount_points. there are several names for the same disk space, encrypted name, unencrypted name ... and using uuid i doubt the box know what you really want or do, just my personal opinion. |
|
Back to top |
|
|
anemptygun n00b
Joined: 18 Aug 2014 Posts: 13
|
Posted: Mon Sep 29, 2014 4:31 am Post subject: |
|
|
Hi tw04l124,
I have not set any special parameters for grub, so this must be where my issue is coming from..
I am using grub2. Here is the output from my /boot/grub/grub.cfg Sorry, it's is quite long, I wasn't sure if anything was safe to cut out..
Code: | #
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub2-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#
### BEGIN /etc/grub.d/00_header ###
insmod lvm
if [ -s $prefix/grubenv ]; then
load_env
fi
if [ "${next_entry}" ] ; then
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
else
set default="0"
fi
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
else
menuentry_id_option=""
fi
export menuentry_id_option
if [ "${prev_saved_entry}" ]; then
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
fi
}
function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}
if loadfont unicode ; then
set gfxmode=auto
load_video
insmod gfxterm
set locale_dir=$prefix/locale
set lang=en_US
insmod gettext
fi
terminal_output gfxterm
if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=10
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
set timeout=10
fi
### END /etc/grub.d/00_header ###
### BEGIN /etc/grub.d/10_linux ###
menuentry 'Gentoo GNU/Linux' --class gentoo --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-389328a1-4374-4406-bcd9-40d47bcf8d06' {
load_video
insmod gzio
insmod part_gpt
insmod ext2
set root='hd3,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd3,gpt2 --hint-efi=hd3,gpt2 --hint-baremetal=ahci3,gpt2 2d4e5e5b-5d69-4f1f-8b85-5ab0a05d0819
else
search --no-floppy --fs-uuid --set=root 2d4e5e5b-5d69-4f1f-8b85-5ab0a05d0819
fi
echo 'Loading Linux 3.14.14-gentoo ...'
linux /vmlinuz-3.14.14-gentoo root=UUID=389328a1-4374-4406-bcd9-40d47bcf8d06 ro
echo 'Loading initial ramdisk ...'
initrd /initramfs-genkernel-x86_64-3.14.14-gentoo
}
submenu 'Advanced options for Gentoo GNU/Linux' $menuentry_id_option 'gnulinux-advanced-389328a1-4374-4406-bcd9-40d47bcf8d06' {
menuentry 'Gentoo GNU/Linux, with Linux 3.14.14-gentoo' --class gentoo --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-3.14.14-gentoo-advanced-389328a1-4374-4406-bcd9-40d47bcf8d06' {
load_video
insmod gzio
insmod part_gpt
insmod ext2
set root='hd3,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd3,gpt2 --hint-efi=hd3,gpt2 --hint-baremetal=ahci3,gpt2 2d4e5e5b-5d69-4f1f-8b85-5ab0a05d0819
else
search --no-floppy --fs-uuid --set=root 2d4e5e5b-5d69-4f1f-8b85-5ab0a05d0819
fi
echo 'Loading Linux 3.14.14-gentoo ...'
linux /vmlinuz-3.14.14-gentoo root=UUID=389328a1-4374-4406-bcd9-40d47bcf8d06 ro
echo 'Loading initial ramdisk ...'
initrd /initramfs-genkernel-x86_64-3.14.14-gentoo
}
menuentry 'Gentoo GNU/Linux, with Linux 3.14.14-gentoo (recovery mode)' --class gentoo --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-3.14.14-gentoo-recovery-389328a1-4374-4406-bcd9-40d47bcf8d06' {
load_video
insmod gzio
insmod part_gpt
insmod ext2
set root='hd3,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd3,gpt2 --hint-efi=hd3,gpt2 --hint-baremetal=ahci3,gpt2 2d4e5e5b-5d69-4f1f-8b85-5ab0a05d0819
else
search --no-floppy --fs-uuid --set=root 2d4e5e5b-5d69-4f1f-8b85-5ab0a05d0819
fi
echo 'Loading Linux 3.14.14-gentoo ...'
linux /vmlinuz-3.14.14-gentoo root=UUID=389328a1-4374-4406-bcd9-40d47bcf8d06 ro single
echo 'Loading initial ramdisk ...'
initrd /initramfs-genkernel-x86_64-3.14.14-gentoo
}
}
### END /etc/grub.d/10_linux ###
### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###
### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###
### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###
### BEGIN /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; then
source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ### |
Quote: | boot a livecd and try to open your root manually to verify if you set it up correct. |
I am able to boot from the live cd and access my drive manually. I can mount and see the contents just fine. Also, I was careful to include my storage drivers in the kernel since in the past I have made that mistake
Quote: | i just saw that you use UUID. No idea about how to use that properly. |
The only reason I think I need to use UUID is that my gpg key is on a USB drive. It was my understanding that this can cause problems using drive names (e.g sda, sdx, etc) since they are dynamic.. |
|
Back to top |
|
|
Roman_Gruber Advocate
Joined: 03 Oct 2006 Posts: 3846 Location: Austro Bavaria
|
Posted: Mon Sep 29, 2014 11:50 am Post subject: |
|
|
Serious no offense, I suggest you try to write one grub entry yourself and forget about these update-grub scripts.
it is just a bootloader, add one entry, change it when you need it and thats it.
you have above my example. It is simple and works for myself. You can add it near the end and you should get one entry for it which works.
Most problems in the past in my expierence of grub was having entries and no one really knows what they do, therefore i wrote it myself and it worked. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|