| View previous topic :: View next topic |
| Author |
Message |
rfx
Apprentice
Joined: 19 Apr 2023
Posts: 163
Location: de-by
|
 Posted: Sun Apr 20, 2025 6:01 pm Post subject: [solved] No Passphrase, no boot with luks |
 |
|
Hi!
I try to get a second Gentoo running, everything is similar to my mainsystem. Differences are only in LUKS-encryption.
I had much fun in the last three weeks with this, read Wikis and watched Videos before asking here.
The installation is mostly similar to my mainsystem, so it should run, without luks gentoo is running good on the external ssd. I use hardened Plasma Profile, openrc, all stable, i made some time ago a kernelconfig from gentoo-kernel with some drivers and filesystems deactivated, i also tried a new gentoo-kernel and gentoo-kernel-bin but this not helped.
Here is what i did:
| Code: | mkfs.fat -F 32 /dev/sdb1
cryptsetup -v -y -c aes-xts-plain64 -s 512 -h sha512 -i 5000 --use-random luksFormat /dev/sdb2
cryptsetup luksOpen /dev/sdb2 root
mkfs.btrfs -f -L rootfs /dev/mapper/root
mount LABEL=rootfs /mnt/gentoo |
Then install the normal stuff like allways.
Before creating Initramfs i call dracut:
| Code: | mkdir /etc/dracut.conf.d/ && nano /etc/dracut.conf.d/crypt
add_dracutmodules+=" btrfs crypt dm rootfs-block " |
| Code: | lsblk -o name,uuid
NAME UUID
sdb
├─sdb1 533D-07A8
└─sdb2 f0c7a8e0-4f24-49f1-b77d-1fe657c81f8f
└─root 1d9f2f0a-212f-4313-99cb-9a358242bbd2 |
I tried different things in fstab, this minimalstic i use at the moment
| Code: | # <fs> <mountpoint> <type> <opts> <dump/pass>
UUID=533D-07A8 /boot vfat noauto,noatime 0 1
LABEL=rootfs / btrfs defaults 0 0 |
And i edited /etc/default/grub before running "grub-mkconfig -o /boot/grub/grub.cfg"
| Code: | | GRUB_CMDLINE_LINUX_DEFAULT="root=1d9f2f0a-212f-4313-99cb-9a358242bbd2 rd.luks.uuid=f0c7a8e0-4f24-49f1-b77d-1fe657c81f8f rootfstype=btrfs" |
Also i installed grub with --removable to get grub not in conflict with grub from my mainsystem.
Target is to have a second Gentoo on external SSD for testing purposes which is secured by Luks with Passphrase.
I can boot, it loads initramfs from my boot (sdb1) but no Passphrase appears. Dracut gives this Error:
| Code: |
dracut Warning: dracut: FATAL: Don't know how to handle 'root=1d9f2f0a-212f-4313-99cb-9a358242bbd2'
dracut Warning: dracut: Refusing to continue
dracut Warning: crypto LUKS UUID f0c7a8e0-4f24-49f1-b77d-1fe657c81f8f not found
|
Please help me find my error. I don't see what should be wrong
Last edited by rfx on Mon Apr 21, 2025 7:35 am; edited 1 time in total |
|
| Back to top |
|
 |
zen_desu
Apprentice
Joined: 25 Oct 2024
Posts: 277
|
| Posted: Sun Apr 20, 2025 6:12 pm Post subject: |
|
|
All of that config looks right to me, on your setup ugrd should be a drop in replacement and will require no config. Would you be able to test that to see if it behaves differently?
When you tried gentoo-kernel-bin, did you ensure it was installed properly and being used by your bootloader?
_________________
µgRD dev
Wiki writer |
|
| Back to top |
|
|
rfx
Apprentice
Joined: 19 Apr 2023
Posts: 163
Location: de-by
|
| Posted: Sun Apr 20, 2025 7:03 pm Post subject: |
|
|
I've now tested with ugrd.
The creation of the initramfs looks correct to me:
| Code: |
(chroot) gentoo / # ugrd --kver 6.12.21-gentoo-hardened /boot/initramfs-6.12.21-gentoo-hardened.img
INFO | Processing module: ugrd.base.base
INFO | Processing module: ugrd.base.core
INFO | Adding library path: /usr/lib64
INFO | Processing module: ugrd.fs.mounts
INFO | Processing module: ugrd.base.cmdline
INFO | Processing module: ugrd.base.banner
INFO | Processing module: ugrd.kmod.kmod
INFO | Processing module: ugrd.fs.cpio
INFO | Processing module: ugrd.base.checks
INFO | Importing argument 'kernel_version' with value: 6.12.21-gentoo-hardened
INFO | Importing argument 'out_file' with value: /boot/initramfs-6.12.21-gentoo-hardened.img
INFO | Resolved relative output path: /boot/initramfs-6.12.21-gentoo-hardened.img
INFO | Resolved out_dir to: /boot
INFO | Loading config file: /etc/ugrd/config.toml
INFO | Processing module: ugrd.kmod.standard_mask
INFO | Processing module: ugrd.kmod.nosound
INFO | Processing module: ugrd.kmod.novideo
INFO | Processing module: ugrd.kmod.nonetwork
INFO | Resolved relative output path: /boot/initramfs-6.12.21-gentoo-hardened.img
INFO | Resolved out_dir to: /boot
INFO | -- | Running ugrd v1.29.0
INFO | -- | Running build tasks
INFO | Detected init at: /usr/bin/init
INFO | Source path for libgcc_s: /usr/lib/gcc/x86_64-pc-linux-gnu/14/libgcc_s.so.1
INFO | Found virtual block devices: dm-0
INFO | Auto-enabling kernel modules for device: dm_mod
INFO | Autodetected mount type: btrfs
INFO | [root] Autodetected mount source: uuid=1d9f2f0a-212f-4313-99cb-9a358242bbd2
INFO | [mounts] Updating mount: root
INFO | Auto-enabling module: btrfs
INFO | Processing module: ugrd.fs.btrfs
INFO | [/] Detected virtual block device: /dev/mapper/root
INFO | Autodetected LUKS mount, enabling the cryptsetup module: root
INFO | Processing module: ugrd.crypto.cryptsetup
INFO | [root] LUKS volume uuid: f0c7a8e0-4f24-49f1-b77d-1fe657c81f8f
INFO | [ugrd.crypto.cryptsetup:root] No retries specified, using default: 5
INFO | [root] Configuring cryptsetup for LUKS mount (root) on: dm-0
root:
uuid: f0c7a8e0-4f24-49f1-b77d-1fe657c81f8f
retries: 5
INFO | Auto-enabling kernel modules for device: sd_mod
INFO | [root] Autodetected device mapper container: sdb2
WARNING | [get_kernel_version] Kernel version is already set, skipping.
INFO | Autodetected kernel modules: dm_mod, sd_mod, snd_pci_acp6x, ccp, xhci_hcd, ahci, snd_sof_amd_rembrandt, nvme, snd_sof_amd_acp63, snd_sof_amd_renoir, snd_pci_acp5x, snd_sof_amd_vangogh, snd_sof_amd_acp70, piix4_smbus, mt7921e, snd_pci_ps, snd_acp_pci, amd_sfh, pcie_mp2_amd, pcieport
INFO | Build directory does not exist, skipping cleaning: /tmp/initramfs_build
INFO | Detected cryptsetup backend: openssl
ERROR | [ccp] Firmware file does not exist: /lib/firmware/amd/amd_sev_fam19h_model1xh.sbin
ERROR | [ccp] Firmware file does not exist: /lib/firmware/amd/amd_sev_fam19h_model0xh.sbin
ERROR | [ccp] Firmware file does not exist: /lib/firmware/amd/amd_sev_fam17h_model3xh.sbin
ERROR | [ccp] Firmware file does not exist: /lib/firmware/amd/amd_sev_fam17h_model0xh.sbin
WARNING | [piix4_smbus] Failed to process autodetected kernel module dependencies: [piix4_smbus] Modinfo returned no output.
WARNING | [pcie_mp2_amd] Failed to process autodetected kernel module dependencies: [pcie_mp2_amd] Modinfo returned no output.
WARNING | [pcieport] Failed to process autodetected kernel module dependencies: [pcieport] Modinfo returned no output.
INFO | [deploy_nodes] Skipping real device node creation with mknod, as make_nodes is not specified.
INFO | Regenerating kernel module metadata files.
INFO | -- | Generating init functions
INFO | Init kernel modules: crc32c, dm_crypt, nvme, amd_sfh
INFO | Included kernel modules: nvme_core, snd_amd_sdw_acpi, nvme_auth, snd_acp_legacy_common
WARNING | Ignored kernel modules: r8169, amdgpu, sp5100_tco, k10temp, snd_rpl_pci_acp6x, snd_hda_intel, snd_pci_acp3x, snd_rn_pci_acp3x, i2c_piix4, snd_pci_acp6x, snd_sof_amd_rembrandt, snd_sof_amd_acp63, snd_sof_amd_renoir, snd_pci_acp5x, snd_sof_amd_vangogh, snd_sof_amd_acp70, piix4_smbus, mt7921e, snd_pci_ps, snd_acp_pci, pcie_mp2_amd, pcieport
INFO | Wrote file: /tmp/initramfs_build/etc/profile
INFO | Included functions: check_var, setvar, readvar, prompt_user, retry, edebug, einfo, ewarn, eerror, rd_fail, rd_restart, _find_init, mount_root, parse_cmdline_bool, parse_cmdline_str, get_crypt_dev, mount_base, export_exports, parse_cmdline, print_banner, load_modules, mount_fstab, crypt_init, mount_cmdline_root, do_switch_root
INFO | Wrote file: /tmp/initramfs_build/init
INFO | -- | Packing build
INFO | [XZ] Compressing the CPIO data, original size: 28.80 MiB
INFO | Wrote 7.90 MiB to: /boot/initramfs-6.12.21-gentoo-hardened.img
INFO | -- | Running checks
|
After that, I installed gentoo-kernel-bin again and ran grub-mkconfig -o /boot/grub/grub.cfg. Everything seems to have worked and both kernels are found by grub.
Please excuse me, I don't know how to read and export an error log here, so I'll make it easy for myself and post a picture of the error:
https://ibb.co/QvCKDSFb
To explain:
nvme0n1p1 is boot and nvme0n1p2 is root of my main system. sda1-4 are partitions of an internal SATA SSD from Windows 11.
I don't see anything about sdb in the block devices; this is the external SSD on which my new learning system will be created. This also matches with the error message "Failed to resolve device source for cryptsetup mount: root."
Without luks, the external SSD worked perfectly for a test with Gentoo, even with the same kernel.config
Last edited by rfx on Mon Apr 21, 2025 7:35 am; edited 1 time in total |
|
| Back to top |
|
|
zen_desu
Apprentice
Joined: 25 Oct 2024
Posts: 277
|
| Posted: Sun Apr 20, 2025 7:31 pm Post subject: |
|
|
That error message comes from it being unable to find a device with the uuid for your rootfs (f0c7a8e0-4f24-49f1-b77d-1fe657c81f8f).
-- It could just be that the script runs too fast and checks before the device initializes after modules are loaded. Does it work if you restart and try again? It may be that the device is coming up after it looks for the root uuid. I see it sees the root device later. --
My bad, I see it doesn't see your root device when it fails. Can you try using the 9999 version, or adding the USB module if it's a USB based rootfs?
On older versions this can be fixed by adding the `ugrd.kmod.usb` module, adding usb kmods to `kmod_init`, or enabling `kmod_autodetect_lsmod = true` to include kmods currently in use.
The current stable version doesn't have this fix, sorry for that; the 9999 and 1.31.2 should work fine: https://github.com/desultory/ugrd/commit/bcd3b48d4dbd9798873e072122f5f6e702f19407
_________________
µgRD dev
Wiki writer |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1680
Location: Richmond Hill, Canada
|
| Posted: Sun Apr 20, 2025 8:25 pm Post subject: Re: No Passphrase, no boot with luks |
|
|
| rfx wrote: |
I can boot, it loads initramfs from my boot (sdb1) but no Passphrase appears. Dracut gives this Error:
| Code: |
dracut Warning: dracut: FATAL: Don't know how to handle 'root=1d9f2f0a-212f-4313-99cb-9a358242bbd2'
dracut Warning: dracut: Refusing to continue
dracut Warning: crypto LUKS UUID f0c7a8e0-4f24-49f1-b77d-1fe657c81f8f not found
|
Please help me find my error. I don't see what should be wrong |
Can this 'root=1d9f2f0a-212f-4313-99cb-9a358242bbd2'' work? I am under impression your need the word 'uuid' as in 'root=uuid=1d9f2f0a-212f-4313-99cb-9a358242bbd2' |
|
| Back to top |
|
|
zen_desu
Apprentice
Joined: 25 Oct 2024
Posts: 277
|
| Posted: Sun Apr 20, 2025 8:50 pm Post subject: Re: No Passphrase, no boot with luks |
|
|
| pingtoo wrote: | | rfx wrote: |
I can boot, it loads initramfs from my boot (sdb1) but no Passphrase appears. Dracut gives this Error:
| Code: |
dracut Warning: dracut: FATAL: Don't know how to handle 'root=1d9f2f0a-212f-4313-99cb-9a358242bbd2'
dracut Warning: dracut: Refusing to continue
dracut Warning: crypto LUKS UUID f0c7a8e0-4f24-49f1-b77d-1fe657c81f8f not found
|
Please help me find my error. I don't see what should be wrong |
Can this 'root=1d9f2f0a-212f-4313-99cb-9a358242bbd2'' work? I am under impression your need the word 'uuid' as in 'root=uuid=1d9f2f0a-212f-4313-99cb-9a358242bbd2' |
Same as (older) ugrd, I think dracut is not seeing the device which the LUKS volume is on, possibly because it's USB based.
_________________
µgRD dev
Wiki writer |
|
| Back to top |
|
|
rfx
Apprentice
Joined: 19 Apr 2023
Posts: 163
Location: de-by
|
| Posted: Mon Apr 21, 2025 7:34 am Post subject: |
|
|
A simple upgrade from sys-kernel/ugrd-1.29-r1 to 1.31.2 solved my problem, which I've been struggling for three weeks now.
Thank you very much for your time and help. The new test system is now booting. <3
Happy Easter! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Installing Gentoo
