View previous topic :: View next topic |
Author |
Message |
vcmota Guru
Joined: 19 Jun 2017 Posts: 367
|
Posted: Mon May 31, 2021 5:44 am Post subject: [SOLVED] Failed to find LUKS device |
|
|
Hi everybody.
I am stuck for hours now with a novel install. Just after reboot the systems starts loading gentoo but just after fails with a long message which starts with "Failed to find LUKS device...". First of all let me clarify: this is not my first gentoo install,I have installed gentoo in multiple machines along the last 4 to 5 years using always full disk encryption. But some things are new:
[1. ] This is my first machine with solely SSD disks, all others had mechanical disks;
[2. ] For the first time I am using EFI instead of legacy boot. This doesn`t seems to be the cause of the problem since the booting starts and the kernel is found;
[3. ] I had to use an Ubuntu-Mate live disk to install gentoo since the gentoo minimal install iso woundn`t find my SSD disks (tried multiple times, eventually gave up). This is the first time I do that;
[4. ] I have never needed to employ a proper fstab file, but after a few trials I started to use it, but without solving the issue
Except for those differences I have followed the handbook strictly. For instance, this is my partition scheme:
Code: |
Disco /dev/nvme0n1: 476,94 GiB, 512110190592 bytes, 1000215216 setores
Modelo de disco: IM2P33F3A NVMe ADATA 512GB
Unidades: setor de 1 * 512 = 512 bytes
Tamanho de setor (lógico/físico): 512 bytes / 512 bytes
Tamanho E/S (mínimo/ótimo): 512 bytes / 512 bytes
Tipo de rótulo do disco: gpt
Identificador do disco: EE371963-AFCB-C04D-B3D3-9E3E5F26E840
Dispositivo Início Fim Setores Tamanho Tipo
/dev/nvme0n1p1 2048 1050623 1048576 512M Sistema EFI
/dev/nvme0n1p2 1050624 1000215182 999164559 476,4G Linux sistema de arquivos
|
That is the output of blkid:
Code: |
(chroot) ubuntu-mate / # blkid
/dev/loop0: TYPE="squashfs"
/dev/loop1: TYPE="squashfs"
/dev/loop2: TYPE="squashfs"
/dev/loop3: TYPE="squashfs"
/dev/loop4: TYPE="squashfs"
/dev/nvme0n1p1: UUID="7059-8DF5" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="1f20445c-17d0-7844-82c8-da67ab36f8be"
/dev/nvme0n1p2: UUID="9c4d9bcb-3248-4214-9bbb-851df8ff6a1f" TYPE="crypto_LUKS" PARTUUID="82b8e83a-9053-d14b-b435-f7b5ff78ac38"
/dev/sda1: BLOCK_SIZE="2048" UUID="2021-02-09-19-16-22-00" LABEL="Ubuntu-MATE 20.04.2.0 LTS amd64" TYPE="iso9660" PTUUID="11281076" PTTYPE="dos" PARTUUID="11281076-01"
/dev/sda2: SEC_TYPE="msdos" UUID="54C5-9C6C" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="11281076-02"
/dev/sda3: LABEL="writable" UUID="ddf7228f-bfbc-4c61-a3ef-5e0d8ee46e29" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="11281076-03"
/dev/mapper/luks: UUID="4wJvUG-cQYe-286D-NZ42-SFJj-vY96-EdvCmI" TYPE="LVM2_member"
/dev/mapper/vg0-lvol0: UUID="197701d0-7900-4d03-9e5d-d721408ffc8a" TYPE="swap"
/dev/mapper/vg0-lvol1: UUID="7cec39f4-ed22-460c-b5d6-49394c70ea23" BLOCK_SIZE="4096" TYPE="ext4"
(chroot) ubuntu-mate / #
|
This is my fstab:
Code: |
(chroot) ubuntu-mate / # cat /etc/fstab
# /etc/fstab: static file system information.
#
# noatime turns off atimes for increased performance (atimes normally aren't
# needed); notail increases performance of ReiserFS (at the expense of storage
# efficiency). It's safe to drop the noatime options if you want and to
# switch between notail / tail freely.
#
# The root filesystem should have a pass number of either 0 or 1.
# All other filesystems should have a pass number of 0 or greater than 1.
#
# See the manpage fstab(5) for more information.
#
# <fs> <mountpoint> <type> <opts> <dump/pass>
# NOTE: If your BOOT partition is ReiserFS, add the notail option to opts.
#
# NOTE: Even though we list ext4 as the type here, it will work with ext2/ext3
# filesystems. This just tells the kernel to use the ext4 driver.
#
# NOTE: You can use full paths to devices like /dev/sda3, but it is often
# more reliable to use filesystem labels or UUIDs. See your filesystem
# documentation for details on setting a label. To obtain the UUID, use
# the blkid(8) command.
#LABEL=boot /boot ext4 noauto,noatime 1 2
#UUID=58e72203-57d1-4497-81ad-97655bd56494 / ext4 noatime 0 1
#LABEL=swap none swap sw 0 0
#/dev/cdrom /mnt/cdrom auto noauto,ro 0 0
UUID=7059-8DF5 /boot vfat noauto,noatime 1 2
UUID=7cec39f4-ed22-460c-b5d6-49394c70ea23 / ext4 defaults 0 1
(chroot) ubuntu-mate / #
|
Those are the adaptations that have to be made in grub (the last line below):
Code: |
(chroot) ubuntu-mate / # grep "GRUB" /etc/default/grub
GRUB_DISTRIBUTOR="Gentoo"
#GRUB_DEFAULT=0
#GRUB_TIMEOUT=5
#GRUB_TIMEOUT_STYLE=menu
#GRUB_CMDLINE_LINUX=""
# GRUB_CMDLINE_LINUX="net.ifnames=0"
# GRUB_CMDLINE_LINUX="init=/usr/lib/systemd/systemd"
#GRUB_CMDLINE_LINUX_DEFAULT=""
#GRUB_TERMINAL=console
# You can see them in real GRUB with the command `vbeinfo'.
#GRUB_GFXMODE=640x480
# 'GRUB_GFXMODE', 'WIDTHxHEIGHT'['xDEPTH'] to set a particular
#GRUB_GFXPAYLOAD_LINUX=
#GRUB_THEME="/boot/grub/themes/starfield/theme.txt"
#GRUB_BACKGROUND="/boot/grub/mybackground.png"
# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to kernel
#GRUB_DISABLE_LINUX_UUID=true
#GRUB_DISABLE_RECOVERY=true
#GRUB_DISABLE_SUBMENU=y
#GRUB_INIT_TUNE="60 800 1"
#GRUB_CMDLINE_LINUX_DEFAULT="intel_pstate=disable"
GRUB_CMDLINE_LINUX="crypt_root=UUID=9c4d9bcb-3248-4214-9bbb-851df8ff6a1f dolvm"
(chroot) ubuntu-mate / #
|
And, as far as I can tell, I have enabled all options regarding LUKS in my kernel, as can be seen here. The kernel and the initramfs have both being compiled with the options "--lvm --luks" enabled, just after installing cryptsetup.
I just dont want to have to start it all over again and without being sure of succeeding, so please, any ideas are welcome.
Thank you all for your attention.
Last edited by vcmota on Fri Jul 23, 2021 2:48 am; edited 1 time in total |
|
Back to top |
|
|
alamahant Advocate
Joined: 23 Mar 2019 Posts: 3879
|
Posted: Mon May 31, 2021 9:07 am Post subject: |
|
|
Plz enable dmcrypt service
Code: |
rc-update add dmcrypt boot
|
In /etc/default/grub
please edit like this:
Code: |
GRUB_CMDLINE_LINUX="crypt_root=UUID=9c4d9bcb-3248-4214-9bbb-851df8ff6a1f:luks real_root=/dev/mapper/vg0-lvol1 dolvm"
GRUB_PRELOAD_MODULES-"part_gpt part_msdos luks lvm" #### NOT REALLY NECESSARY BUT JUST IN CASE
|
Then also please consider an entry in /etc/crypttab
Is this an LVM ON LUKS setup? _________________
|
|
Back to top |
|
|
vcmota Guru
Joined: 19 Jun 2017 Posts: 367
|
Posted: Mon May 31, 2021 1:09 pm Post subject: |
|
|
Thank you alamahant for your reply. I tried everything you suggested and it didn`t work.
alamahant wrote: |
Then also please consider an entry in /etc/crypttab |
I am using openrc, so is that a use for /etc/crypttab?
alamahant wrote: |
Is this an LVM ON LUKS setup? |
Yes it is. In case you ask, I have already added lvm to default runlevel.
This seems to be either something that is missing on my kernel, which honestly I cant see what it is, or perhaps I inverted the order of some of the steps and just cant see now what it was. |
|
Back to top |
|
|
vcmota Guru
Joined: 19 Jun 2017 Posts: 367
|
Posted: Mon May 31, 2021 1:22 pm Post subject: |
|
|
One thing I have noted is that in my old computer, where I also have full disk encryption, the output of blkid is a bit different:
Code: |
/dev/sda2: UUID="66a733fe-0f07-4ae7-b0f6-ca5e6bb31829" BLOCK_SIZE="1024" TYPE="ext2" PARTLABEL="boot" PARTUUID="aa736e2d-2876-4947-83ca-72a97926081b"
/dev/sda3: UUID="3fc8262d-0175-49d8-b050-a365c75fc19f" TYPE="crypto_LUKS" PARTLABEL="lvm" PARTUUID="e6d2ee44-4aaa-4069-865d-0d9e0d4f047a"
/dev/mapper/root: UUID="Tlsfma-6HVX-lqVm-6JsH-aVrJ-LN8Y-UG3gBN" TYPE="LVM2_member"
/dev/mapper/vg0-lvol0: UUID="ad282bec-4a30-43da-ae72-e611d5feb9e1" TYPE="swap"
/dev/mapper/vg0-lvol1: UUID="daee6e13-8503-4b7b-bda9-c379d64c17ce" BLOCK_SIZE="4096" TYPE="ext4"
/dev/sda1: PARTLABEL="grub" PARTUUID="680a6621-36c1-457e-9fba-fc86449362d6"
~>
|
As you may see there is this PARTLABEL="lvm" entry in the /dev/sda3 in the root partition, while for my failing attempt that is absent:
Code: |
/dev/nvme0n1p1: UUID="7059-8DF5" TYPE="vfat" PARTUUID="1f20445c-17d0-7844-82c8-da67ab36f8be"
/dev/nvme0n1p2: UUID="9c4d9bcb-3248-4214-9bbb-851df8ff6a1f" TYPE="crypto_LUKS" PARTUUID="82b8e83a-9053-d14b-b435-f7b5ff78ac38"
|
This entry is also shown in the Full Disk Encryption... in the Gentoo wiki in the output of blkid. |
|
Back to top |
|
|
alamahant Advocate
Joined: 23 Mar 2019 Posts: 3879
|
Posted: Mon May 31, 2021 1:30 pm Post subject: |
|
|
Plz try with dracut and a binary kernel.
Or at least pastebin your .config... _________________
|
|
Back to top |
|
|
vcmota Guru
Joined: 19 Jun 2017 Posts: 367
|
Posted: Mon May 31, 2021 1:49 pm Post subject: |
|
|
alamahant wrote: | Plz try with dracut and a binary kernel.
|
You mean a precompiled kernel? I didn`t even knew this was possible with gentoo...
alamahant wrote: |
Or at least pastebin your .config... |
You can see my .config here.
Thank you for your reply! |
|
Back to top |
|
|
alamahant Advocate
Joined: 23 Mar 2019 Posts: 3879
|
Posted: Mon May 31, 2021 2:00 pm Post subject: |
|
|
You ARE missing some config
from my .config
Code: |
CONFIG_AMD_MEM_ENCRYPT=y
# CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT is not set
CONFIG_ARCH_HAS_MEM_ENCRYPT=y
CONFIG_BLK_INLINE_ENCRYPTION=y
CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK=y
CONFIG_FS_ENCRYPTION=y
CONFIG_FS_ENCRYPTION_ALGS=m
CONFIG_FS_ENCRYPTION_INLINE_CRYPT=y
CONFIG_ENCRYPTED_KEYS=m
|
_________________
|
|
Back to top |
|
|
vcmota Guru
Joined: 19 Jun 2017 Posts: 367
|
Posted: Mon May 31, 2021 3:32 pm Post subject: |
|
|
Thank you alamahant for your reply.
Something very dumb probably happened: I guess I selected many of those options but discarded them all together, because I found some obvious options not related to cryptography that were not set as well.
Lets see if this solves it, the kernel is now recompiling. |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21633
|
Posted: Mon May 31, 2021 4:20 pm Post subject: |
|
|
If you still need help, please provide the full error message. It looks to me like you truncated it just before the part that has the information we need in order to help you. |
|
Back to top |
|
|
vcmota Guru
Joined: 19 Jun 2017 Posts: 367
|
Posted: Mon May 31, 2021 5:20 pm Post subject: |
|
|
It did not work... Just in case there is still more kernel options missing the new .config is here
Hu wrote: | If you still need help, please provide the full error message. It looks to me like you truncated it just before the part that has the information we need in order to help you. |
Thank you Hu for your reply. I took a photo, the complete error message says:
Quote: |
Failed to find LUKS devices. If crypt_root kernel command-line argument is correct you are probably missing kernel support for your storage!
|
|
|
Back to top |
|
|
vcmota Guru
Joined: 19 Jun 2017 Posts: 367
|
Posted: Mon May 31, 2021 5:26 pm Post subject: |
|
|
alamahant wrote: | You ARE missing some config
from my .config
Code: |
CONFIG_AMD_MEM_ENCRYPT=y
# CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT is not set
CONFIG_ARCH_HAS_MEM_ENCRYPT=y
CONFIG_BLK_INLINE_ENCRYPTION=y
CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK=y
CONFIG_FS_ENCRYPTION=y
CONFIG_FS_ENCRYPTION_ALGS=m
CONFIG_FS_ENCRYPTION_INLINE_CRYPT=y
CONFIG_ENCRYPTED_KEYS=m
|
|
Even in my new config some of the above are still missing:
Code: |
# CONFIG_BLK_INLINE_ENCRYPTION is not set
|
but where can I find it? I couldn`t find it with / search within the make menuconfig graphic utility. Also, the option "CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK" is simply nonexistent in my .config. All the other I believe have been properly set. |
|
Back to top |
|
|
vcmota Guru
Joined: 19 Jun 2017 Posts: 367
|
Posted: Mon May 31, 2021 5:29 pm Post subject: |
|
|
I found them all and I em recompiling the kernel. |
|
Back to top |
|
|
alamahant Advocate
Joined: 23 Mar 2019 Posts: 3879
|
Posted: Mon May 31, 2021 5:57 pm Post subject: |
|
|
From the wiki
Quote: |
Kernel Configuration
To use dm-crypt there are a number of configuration entries that are necessary.
First of all, support for the device mapper infrastructure as well as the crypt target must be included:
KERNEL Enabling device mapper and crypt target
[*] Enable loadable module support
Device Drivers --->
[*] Multiple devices driver support (RAID and LVM) --->
<*> Device mapper support
<*> Crypt target support
Next, the Linux kernel needs to support the set of cryptographic APIs that the administrator wants to use for encryption. These can be found under the Cryptographic API section:
KERNEL Enabling cryptographic API functions
[*] Cryptographic API --->
<*> XTS support
<*> SHA224 and SHA256 digest algorithm
<*> AES cipher algorithms
<*> AES cipher algorithms (x86_64)
<*> User-space interface for hash algorithms
<*> User-space interface for symmetric key cipher algorithms
If the root file system will be encrypted as well, then an initial ram file system needs to be created in which the root filesystem is decrypted before it is mounted. Thus this requires initramfs support as well:
KERNEL Enabling initramfs support
General setup --->
[*] Initial RAM filesystem and RAM disk (initramfs/initrd) support
If using the tcrypt encryption option (TrueCrypt/tcplay/VeraCrypt compatibility mode), then the following items will also need to be added to the kernel. Otherwise, cryptsetup will return the following errors: "device-mapper: reload ioctl failed: Invalid argument" and "Kernel doesn't support TCRYPT compatible mapping".
KERNEL Enabling tcrypt (TrueCrypt/tcplay/VeraCrypt compatibility mode) support
Device Drivers --->
[*] Block Devices --->
<*> Loopback device support
File systems --->
<*> FUSE (Filesystem in Userspace) support
[*] Cryptographic API --->
<*> RIPEMD-160 digest algorithm
<*> SHA384 and SHA512 digest algorithms
<*> Whirlpool digest algorithms
<*> LRW support
<*> Serpent cipher algorithm
<*> Twofish cipher algorithm
|
from my .config
Code: |
grep -i crypt /usr/src/linux/.config
CONFIG_AMD_MEM_ENCRYPT=y
# CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT is not set
CONFIG_ARCH_HAS_MEM_ENCRYPT=y
CONFIG_BLK_INLINE_ENCRYPTION=y
CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK=y
CONFIG_TIPC_CRYPTO=y
CONFIG_LIB80211_CRYPT_WEP=m
CONFIG_LIB80211_CRYPT_CCMP=m
CONFIG_LIB80211_CRYPT_TKIP=m
CONFIG_BLK_DEV_CRYPTOLOOP=m
CONFIG_SCSI_UFS_CRYPTO=y
CONFIG_DM_CRYPT=m
CONFIG_CHELSIO_INLINE_CRYPTO=y
CONFIG_RT2X00_LIB_CRYPTO=y
CONFIG_MMC_CRYPTO=y
CONFIG_RTLLIB_CRYPTO_CCMP=m
CONFIG_RTLLIB_CRYPTO_TKIP=m
CONFIG_RTLLIB_CRYPTO_WEP=m
CONFIG_FS_ENCRYPTION=y
CONFIG_FS_ENCRYPTION_ALGS=m
CONFIG_FS_ENCRYPTION_INLINE_CRYPT=y
CONFIG_ECRYPT_FS=m
# CONFIG_ECRYPT_FS_MESSAGING is not set
CONFIG_ENCRYPTED_KEYS=m
CONFIG_CRYPTO=y
# Crypto core or helper
CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_ALGAPI2=y
CONFIG_CRYPTO_AEAD=m
CONFIG_CRYPTO_AEAD2=y
CONFIG_CRYPTO_SKCIPHER=y
CONFIG_CRYPTO_SKCIPHER2=y
CONFIG_CRYPTO_HASH=y
CONFIG_CRYPTO_HASH2=y
CONFIG_CRYPTO_RNG=y
CONFIG_CRYPTO_RNG2=y
CONFIG_CRYPTO_RNG_DEFAULT=m
CONFIG_CRYPTO_AKCIPHER2=y
CONFIG_CRYPTO_AKCIPHER=y
CONFIG_CRYPTO_KPP2=y
CONFIG_CRYPTO_KPP=y
CONFIG_CRYPTO_ACOMP2=y
CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MANAGER2=y
CONFIG_CRYPTO_USER=m
CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
CONFIG_CRYPTO_GF128MUL=m
CONFIG_CRYPTO_NULL=m
CONFIG_CRYPTO_NULL2=y
CONFIG_CRYPTO_PCRYPT=m
CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_AUTHENC=m
CONFIG_CRYPTO_TEST=m
CONFIG_CRYPTO_SIMD=m
CONFIG_CRYPTO_ENGINE=m
# Public-key cryptography
CONFIG_CRYPTO_RSA=y
CONFIG_CRYPTO_DH=y
CONFIG_CRYPTO_ECC=m
CONFIG_CRYPTO_ECDH=m
CONFIG_CRYPTO_ECRDSA=m
CONFIG_CRYPTO_SM2=m
CONFIG_CRYPTO_CURVE25519=m
CONFIG_CRYPTO_CURVE25519_X86=m
# Authenticated Encryption with Associated Data
CONFIG_CRYPTO_CCM=m
CONFIG_CRYPTO_GCM=m
CONFIG_CRYPTO_CHACHA20POLY1305=m
CONFIG_CRYPTO_AEGIS128=m
CONFIG_CRYPTO_AEGIS128_AESNI_SSE2=m
CONFIG_CRYPTO_SEQIV=m
CONFIG_CRYPTO_ECHAINIV=m
CONFIG_CRYPTO_CBC=m
CONFIG_CRYPTO_CFB=m
CONFIG_CRYPTO_CTR=y
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_ECB=m
CONFIG_CRYPTO_LRW=m
CONFIG_CRYPTO_OFB=m
CONFIG_CRYPTO_PCBC=m
CONFIG_CRYPTO_XTS=m
CONFIG_CRYPTO_KEYWRAP=m
CONFIG_CRYPTO_NHPOLY1305=m
CONFIG_CRYPTO_NHPOLY1305_SSE2=m
CONFIG_CRYPTO_NHPOLY1305_AVX2=m
CONFIG_CRYPTO_ADIANTUM=m
CONFIG_CRYPTO_ESSIV=m
CONFIG_CRYPTO_CMAC=m
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_VMAC=m
CONFIG_CRYPTO_CRC32C=m
CONFIG_CRYPTO_CRC32C_INTEL=m
CONFIG_CRYPTO_CRC32=m
CONFIG_CRYPTO_CRC32_PCLMUL=m
CONFIG_CRYPTO_XXHASH=m
CONFIG_CRYPTO_BLAKE2B=m
CONFIG_CRYPTO_BLAKE2S=m
CONFIG_CRYPTO_BLAKE2S_X86=m
CONFIG_CRYPTO_CRCT10DIF=y
CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m
CONFIG_CRYPTO_GHASH=m
CONFIG_CRYPTO_POLY1305=m
CONFIG_CRYPTO_POLY1305_X86_64=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_MICHAEL_MIC=m
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_SHA1_SSSE3=m
CONFIG_CRYPTO_SHA256_SSSE3=m
CONFIG_CRYPTO_SHA512_SSSE3=m
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_SHA512=y
CONFIG_CRYPTO_SHA3=m
CONFIG_CRYPTO_SM3=m
CONFIG_CRYPTO_STREEBOG=m
CONFIG_CRYPTO_WP512=m
CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_AES_TI=m
CONFIG_CRYPTO_AES_NI_INTEL=m
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_BLOWFISH_COMMON=m
CONFIG_CRYPTO_BLOWFISH_X86_64=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAMELLIA_X86_64=m
CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=m
CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m
CONFIG_CRYPTO_CAST_COMMON=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST5_AVX_X86_64=m
CONFIG_CRYPTO_CAST6=m
CONFIG_CRYPTO_CAST6_AVX_X86_64=m
CONFIG_CRYPTO_DES=m
CONFIG_CRYPTO_DES3_EDE_X86_64=m
CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_CHACHA20=m
CONFIG_CRYPTO_CHACHA20_X86_64=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m
CONFIG_CRYPTO_SERPENT_AVX_X86_64=m
CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
CONFIG_CRYPTO_SM4=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_TWOFISH_COMMON=m
CONFIG_CRYPTO_TWOFISH_X86_64=m
CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=m
CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m
CONFIG_CRYPTO_DEFLATE=m
CONFIG_CRYPTO_LZO=m
CONFIG_CRYPTO_842=m
CONFIG_CRYPTO_LZ4=y
CONFIG_CRYPTO_LZ4HC=m
CONFIG_CRYPTO_ZSTD=y
CONFIG_CRYPTO_ANSI_CPRNG=m
CONFIG_CRYPTO_DRBG_MENU=m
CONFIG_CRYPTO_DRBG_HMAC=y
CONFIG_CRYPTO_DRBG_HASH=y
CONFIG_CRYPTO_DRBG_CTR=y
CONFIG_CRYPTO_DRBG=m
CONFIG_CRYPTO_JITTERENTROPY=y
CONFIG_CRYPTO_USER_API=y
CONFIG_CRYPTO_USER_API_HASH=y
CONFIG_CRYPTO_USER_API_SKCIPHER=m
CONFIG_CRYPTO_USER_API_RNG=m
# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set
CONFIG_CRYPTO_USER_API_AEAD=m
# CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set
CONFIG_CRYPTO_STATS=y
CONFIG_CRYPTO_HASH_INFO=y
# Crypto library routines
CONFIG_CRYPTO_LIB_AES=y
CONFIG_CRYPTO_LIB_ARC4=m
CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S=m
CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=m
CONFIG_CRYPTO_LIB_BLAKE2S=m
CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA=m
CONFIG_CRYPTO_LIB_CHACHA_GENERIC=m
CONFIG_CRYPTO_LIB_CHACHA=m
CONFIG_CRYPTO_ARCH_HAVE_LIB_CURVE25519=m
CONFIG_CRYPTO_LIB_CURVE25519_GENERIC=m
CONFIG_CRYPTO_LIB_CURVE25519=m
CONFIG_CRYPTO_LIB_DES=m
CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11
CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305=m
CONFIG_CRYPTO_LIB_POLY1305_GENERIC=m
CONFIG_CRYPTO_LIB_POLY1305=m
CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m
CONFIG_CRYPTO_LIB_SHA256=y
CONFIG_CRYPTO_HW=y
CONFIG_CRYPTO_DEV_PADLOCK=m
CONFIG_CRYPTO_DEV_PADLOCK_AES=m
CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
CONFIG_CRYPTO_DEV_ATMEL_I2C=m
CONFIG_CRYPTO_DEV_ATMEL_ECC=m
CONFIG_CRYPTO_DEV_ATMEL_SHA204A=m
CONFIG_CRYPTO_DEV_CCP=y
CONFIG_CRYPTO_DEV_CCP_DD=m
CONFIG_CRYPTO_DEV_SP_CCP=y
CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
CONFIG_CRYPTO_DEV_SP_PSP=y
CONFIG_CRYPTO_DEV_CCP_DEBUGFS=y
CONFIG_CRYPTO_DEV_QAT=m
CONFIG_CRYPTO_DEV_QAT_DH895xCC=m
CONFIG_CRYPTO_DEV_QAT_C3XXX=m
CONFIG_CRYPTO_DEV_QAT_C62X=m
CONFIG_CRYPTO_DEV_QAT_4XXX=m
CONFIG_CRYPTO_DEV_QAT_DH895xCCVF=m
CONFIG_CRYPTO_DEV_QAT_C3XXXVF=m
CONFIG_CRYPTO_DEV_QAT_C62XVF=m
CONFIG_CRYPTO_DEV_NITROX=m
CONFIG_CRYPTO_DEV_NITROX_CNN55XX=m
CONFIG_CRYPTO_DEV_CHELSIO=m
CONFIG_CRYPTO_DEV_VIRTIO=m
CONFIG_CRYPTO_DEV_SAFEXCEL=m
CONFIG_CRYPTO_DEV_AMLOGIC_GXL=m
CONFIG_CRYPTO_DEV_AMLOGIC_GXL_DEBUG=y
CONFIG_ARCH_HAS_FORCE_DMA_UNENCRYPTED=y
|
Take your pick........
Or use a binary kernel.......
this might be a bit taboo but sometimes a lifesaver
_________________
|
|
Back to top |
|
|
vcmota Guru
Joined: 19 Jun 2017 Posts: 367
|
Posted: Mon May 31, 2021 6:45 pm Post subject: |
|
|
This is weird. I have been walking through the kernel GUI and I am pretty sure that many of the options that are said to be unset have been set. Well, I saved my changes and now I am compiling "manually", with make. |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54237 Location: 56N 3W
|
Posted: Mon May 31, 2021 6:56 pm Post subject: |
|
|
vcmota,
When startup fails you sould have the option to enter a shell, if its not automatic.
If that doesn't happen your initrd is probably not getting loaded.
You must have an initrd with the userspace tools to open your LUKS volume and start LVM before your root filesytem can be seen.
Once you get into the shell, you can look around and see what's missing and try the remaining steps by hand.
That will tell what went wrong.
It may not be your kernel.
How did you make your initrd? _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
vcmota Guru
Joined: 19 Jun 2017 Posts: 367
|
Posted: Mon May 31, 2021 7:11 pm Post subject: |
|
|
NeddySeagoon wrote: | vcmota,
When startup fails you sould have the option to enter a shell, if its not automatic.
If that doesn't happen your initrd is probably not getting loaded.
You must have an initrd with the userspace tools to open your LUKS volume and start LVM before your root filesytem can be seen.
Once you get into the shell, you can look around and see what's missing and try the remaining steps by hand.
That will tell what went wrong.
It may not be your kernel.
How did you make your initrd? |
Thank you NeedySeagoon for your reply. I do have the shell prompt after the error, but I never use it, whenever that happens I simply poweroff the computer "by hand", since neither poweroff, reboot nor shutdown commands seems to work on this shell.
Is there a way of posting a photo here? |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54237 Location: 56N 3W
|
Posted: Mon May 31, 2021 7:23 pm Post subject: |
|
|
vcmota,
Put your image onto a free image hosting site and post a link.
Its not possible to put an image into a post.
In the shell, what does show.
Hopefully mapper is there.
What does show?
What happens if you thry to unlock your LUKS container by hand?
If that works ... you have found the first problem. The LUKS container unlock failed for some reason.
I don't use LUKS, so I don't know the cqmmand.
Once your LUKS container is unlocked, should start your logical volumes.
They will now appear in /dev or /dev/mapper or both.
Once we know where it fails, we can stop guessing and poke at the problem. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
vcmota Guru
Joined: 19 Jun 2017 Posts: 367
|
Posted: Mon May 31, 2021 7:23 pm Post subject: |
|
|
NeddySeagoon wrote: | vcmota,
Once you get into the shell, you can look around and see what's missing and try the remaining steps by hand.
That will tell what went wrong.
|
That would be absolutely awesome. But which shell is this? Many bash shells commands do not work on it, and I simply poweroff the computer by hand whenever that happens.
NeddySeagoon wrote: | vcmota,
How did you make your initrd?
|
I dont know how to answer your question. Except for the disk encryption part, everywhere else I have followed the Gentoo Handbook for amd64 using hardened openrc stage3. Also, as a profile I choose hardened selinux, I believe it is the number 4. |
|
Back to top |
|
|
vcmota Guru
Joined: 19 Jun 2017 Posts: 367
|
Posted: Mon May 31, 2021 7:29 pm Post subject: |
|
|
NeddySeagoon wrote: | vcmota,
When startup fails you sould have the option to enter a shell, if its not automatic.
If that doesn't happen your initrd is probably not getting loaded.
You must have an initrd with the userspace tools to open your LUKS volume and start LVM before your root filesytem can be seen.
Once you get into the shell, you can look around and see what's missing and try the remaining steps by hand.
That will tell what went wrong.
It may not be your kernel.
How did you make your initrd? |
https://i.postimg.cc/fyrMg0vZ/20210531-134905.jpg |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54237 Location: 56N 3W
|
Posted: Mon May 31, 2021 7:29 pm Post subject: |
|
|
vcmota,
The shell is busybox. Its a simplified ash shell.
Wild guess, Everything is OK but you have a race condition, so it fails at the first attempt because something is not ready.
In the shell, run the command. That will run the the initrd init script again.
There may be lots of messages about things failing on the second attempt because the ran successfully the first time.
That's harmless.
The system may just boot.
-- edit --
From your screenshot, yoiu may need to run _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Last edited by NeddySeagoon on Mon May 31, 2021 7:34 pm; edited 1 time in total |
|
Back to top |
|
|
vcmota Guru
Joined: 19 Jun 2017 Posts: 367
|
Posted: Mon May 31, 2021 7:31 pm Post subject: |
|
|
I am waiting for the kernel to compile (for the tenth time today only), as soon as it finishes I will try. |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54237 Location: 56N 3W
|
Posted: Mon May 31, 2021 7:36 pm Post subject: |
|
|
vcmota,
What command did you use to run genkernel.
Genkernel will build your initrd too.
The genkernel command will tell us if you included all the bits you need. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
vcmota Guru
Joined: 19 Jun 2017 Posts: 367
|
Posted: Mon May 31, 2021 7:50 pm Post subject: |
|
|
I have been using lately the following:
Code: |
genkernel --luks --lvm --busybox all
|
followed by
Code: |
genkernel --luks --lvm --busybox --install initramfs
|
After that I run "make install" followed by "grub-mkconfig -o /boot/grub/grub.cfg".
But (out of despair and without a very good reason for it) right now I am running make && make modules_install instead of genkernel --luks --lvm --busybox all. |
|
Back to top |
|
|
vcmota Guru
Joined: 19 Jun 2017 Posts: 367
|
Posted: Mon May 31, 2021 8:26 pm Post subject: |
|
|
NeddySeagoon wrote: | vcmota,
Put your image onto a free image hosting site and post a link.
Its not possible to put an image into a post.
In the shell, what does show.
Hopefully mapper is there.
What does show?
What happens if you thry to unlock your LUKS container by hand?
If that works ... you have found the first problem. The LUKS container unlock failed for some reason.
I don't use LUKS, so I don't know the cqmmand.
Once your LUKS container is unlocked, should start your logical volumes.
They will now appear in /dev or /dev/mapper or both.
Once we know where it fails, we can stop guessing and poke at the problem. |
https://i.postimg.cc/Wz7tX79y/20210531-172113.jpg
Here you can see your answers NeddySeagoon. If I correctly understood the SSD disk is not ever recognized by the initialization, I mean, there should be a /dev/nvme0n1 device under /dev, right?
If this is so, it makes sense with the fact that the gentoo minimal installation iso did not recognized the SSD either, and that is why I am using an Ubuntu live USB.
Here are better photos:
https://postimg.cc/gallery/k46pLBW |
|
Back to top |
|
|
alamahant Advocate
Joined: 23 Mar 2019 Posts: 3879
|
Posted: Mon May 31, 2021 8:39 pm Post subject: |
|
|
Yes but your kernel also does not recognize it.It may have many many holes here and there....
Scary,isnt it?
God i love fully bloated kernels...
_________________
|
|
Back to top |
|
|
|