Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[RESOLVED] Question about LUKS + Grub
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
nulltheliteralnothing
n00b
n00b


Joined: 23 Feb 2024
Posts: 53
PostPosted: Sun Mar 17, 2024 1:34 am    Post subject: [RESOLVED] Question about LUKS + Grub Reply with quote
Hi Everyone,

I have setup LUKS on a Micros**t Surface Pro 3.

I wanted a Gentoo box in a tablet form.

Works pretty decently.

I wanted to encrypt the box as it is portable.

The boot sequence has me entering in the pass phrase twice.

Machine starts, GRUB requests the passphrase.

Initramfs starts, Initramfs requests the passphrase again.

Is this common?

It isn’t a big deal outside of the fact that I cannot use the device vertically.

*scenario 1*

If I take off the dedicated keyboard then an on-display keyboard will appear.

The on-display keyboard works for GRUB but not for the Initramfs request.

*scenario 2*

If I take off the dedicated keyboard and plug-in a USB keyboard then GRUB won’t work.

*scenario 3*

If I use the on-display keyboard and then plug in a USB keyboard then Initramfs throws an error saying the Initramfs needs to load first.

Last edited by nulltheliteralnothing on Sun Mar 17, 2024 4:04 pm; edited 1 time in total
Back to top
View user's profile Send private message
grknight
Retired Dev
Retired Dev


Joined: 20 Feb 2015
Posts: 1662
PostPosted: Sun Mar 17, 2024 1:57 am    Post subject: Re: Question about LUKS + Grub Reply with quote
nulltheliteralnothing wrote:
The boot sequence has me entering in the pass phrase twice.

Machine starts, GRUB requests the passphrase.

Initramfs starts, Initramfs requests the passphrase again.

Is this common?

This is required if you encrypt both the kernel and initramfs. First, grub needs decryption to read the kernel and initramfs. Then, grub starts the kernel and forgets everything. Finally, the kernel needs decryption of the rootfs via the initramfs.

If the kernel and initramfs are on a separate unencrypted partition, then password is only needed once.
Back to top
View user's profile Send private message
nulltheliteralnothing
n00b
n00b


Joined: 23 Feb 2024
Posts: 53
PostPosted: Sun Mar 17, 2024 2:24 am    Post subject: Re: Question about LUKS + Grub Reply with quote
grknight wrote:
nulltheliteralnothing wrote:
The boot sequence has me entering in the pass phrase twice.

Machine starts, GRUB requests the passphrase.

Initramfs starts, Initramfs requests the passphrase again.

Is this common?

This is required if you encrypt both the kernel and initramfs. First, grub needs decryption to read the kernel and initramfs. Then, grub starts the kernel and forgets everything. Finally, the kernel needs decryption of the rootfs via the initramfs.

If the kernel and initramfs are on a separate unencrypted partition, then password is only needed once.


It all made sense to me. I wanted to double check. Thanks.
Back to top
View user's profile Send private message
nulltheliteralnothing
n00b
n00b


Joined: 23 Feb 2024
Posts: 53
PostPosted: Sun Mar 17, 2024 2:06 pm    Post subject: Reply with quote
Is there any method of getting a USB keyboard running for the passphrase for the initramfs? Interestingly enough, when I plug in the USB keyboard and the initramfs passphrase is no longer requested, I see a lot of output about a USB device connecting before it tells me "initramfs" needs to be loaded first. I will work towards clarifying that information. I will also test a separate USB keyboard to see if it is just that model.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21637
PostPosted: Sun Mar 17, 2024 2:39 pm    Post subject: Reply with quote
Yes, a USB keyboard can be used to enter the passphrase. I remember using a USB keyboard in this way because of one unfortunate kernel upgrade when a kernel developer moved the Kconfig symbol for the keyboard I was using to a different name, causing the newer kernel not to support that keyboard. Once I figured out what had happened and enabled the appropriate new Kconfig symbol, the keyboard worked again. As with all early boot hardware support, you need the appropriate kernel support either built-in or you need to embed the module for it in the initramfs. Personally, I would choose built-in for any hardware that I expect to be supported for the entire time the system is up (keyboard, mouse (if desktop), primary network card, etc.). Reserve modules for things you might go an extended time without using.
Back to top
View user's profile Send private message
nulltheliteralnothing
n00b
n00b


Joined: 23 Feb 2024
Posts: 53
PostPosted: Sun Mar 17, 2024 4:03 pm    Post subject: Reply with quote
Weirdly, the mechanical keyboard seems to drop into "echo" showing the USB keyboard connecting to the system, but then immediately followed by an error. I am using the USB keyboard from my multimedia system and I didn't encounter any issues.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy