| View previous topic :: View next topic |
| Author |
Message |
Neruthes
n00b
Joined: 15 Feb 2021
Posts: 8
|
 Posted: Mon Sep 13, 2021 5:26 pm Post subject: Problem with gentoo-kernel-bin initramfs on encrypted root |
 |
|
This might be a bug from the upstream or a configuration mistake.
The hardware is MacBook Pro 11,1 edition 2015.
I have this disk layout:
| Code: |
/dev/sda1 vfat /efi
/dev/sda2 apfs Mac OS X
/dev/sda3 ext4 /boot
/dev/sda4 luks
- /dev/mapper/root ext4 /
|
This installation has gentoo-kernel-bin as the only kernel package.
By following <https://wiki.gentoo.org/wiki/Dm-crypt_full_disk_encryption>, I configured `rd.luks.uuid=<MyUUID>` in `/etc/default/grub`. I checked the contents with lsinitrd and there was no visible mistake (dm-crypt module, cryptsetup bin, etc).
However, when the machine boots to the initramfs, it failed to show the passphrase prompt, and the dracut emergency shell was given.
Later I installed genkernel and let genkernel create the initramfs for gentoo-kernel-bin, with `crypt_root=UUID=<MyUUID>`, avoiding `emerge --config gentoo-kernel-bin`. The system boots normally. What a surprise!
Should I be reporting this as a bug in bugzilla? If yes, to gentoo-kernel-bin or else? |
|
| Back to top |
|
 |
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3879
|
| Posted: Tue Sep 14, 2021 2:39 pm Post subject: |
|
|
I dont know why people keep complaining that they cant boot into their encrypted systems with dracut.
I just rsynced a plain Gentoo into a VM which had encrypted partition mounted on /mnt.
I used a lvm on luks scheme.
So i can confirm that it always works flawlessly.
my
linux-line
| Code: |
GRUB_CMDLINE_LINUX="cryptdevice=PARTUUID=a7150d01-5386-455a-b4fb-98b9330189b6:luks root=/dev/genmat/root rootfstype=ext4"
GRUB_PRELOAD_MODULES="part_msdos part_gpt luks lvm"
|
my crypttab
| Code: |
luks PARTUUID=a7150d01-5386-455a-b4fb-98b9330189b6
|
my fstab
| Code: |
# UUID=097f4488-0464-45ea-b135-4633d6980f1e
/dev/mapper/genmat-root / ext4 rw,relatime 0 1
# UUID=6ea73ec3-561d-4afa-9301-8c3b579b20d0
/dev/vda2 /boot ext4 rw,relatime 0 2
# UUID=22D6-5B89
/dev/vda1 /boot/efi vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 2
|
My /boot
| Code: |
System.map-5.13.16-gentoo-dist config-5.13.16-gentoo-dist efi grub initramfs-5.13.16-gentoo-dist.img lost+found vmlinuz-5.13.16-gentoo-dist
|
dmcrypt and lvm enabled @ boot
my grub
| Code: |
U I
+ + device-mapper : Enable support for device-mapper from sys-fs/lvm2
- - doc : Add extra documentation (API, Javadoc, etc). It is recommended to enable per package instead of globally
- - efiemu : Build and install the efiemu runtimes
+ + fonts : Build and install fonts for the gfxterm module
- - grub_platforms_coreboot : Coreboot platform support
- - grub_platforms_efi-32 : EFI 32 bit platform support (Old MACs)
+ + grub_platforms_efi-64 : EFI 64 bit platform support
- - grub_platforms_emu : Emulation platform support
- - grub_platforms_ieee1275 : IEEE1275 platform support
- - grub_platforms_loongson : MIPS loongson platform support
- - grub_platforms_multiboot : Multiboot platform support
- - grub_platforms_pc : PC platform support
- - grub_platforms_qemu : QEMU platform support
- - grub_platforms_qemu-mips : QEMU MIPS platform support
- - grub_platforms_uboot : U-Boot platform support
- - grub_platforms_xen : XEN (pvgrub2) platform support
- - grub_platforms_xen-32 : Build 32-bit XEN (pvgrub2) platform support on amd64
- - grub_platforms_xen-pvh : XEN (pvhgrub2) platform support
- - libzfs : Enable support for sys-fs/zfs
+ + mount : Build and install the grub-mount utility
+ + nls : Add Native Language Support (using gettext - GNU locale utilities)
+ + sdl : Add support for Simple Direct Layer (media library)
+ + themes : Build and install GRUB themes (starfield)
+ + truetype : Build and install grub-mkfont conversion utility
|
my lsblk
| Code: |
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
loop0 7:0 0 566.5M 1 loop /run/archiso/sfs/airootfs
sr0 11:0 1 690.3M 0 rom /run/archiso/bootmnt
vda 254:0 0 40G 0 disk
├─vda1 254:1 0 200M 0 part
├─vda2 254:2 0 1G 0 part /mnt/boot
└─vda3 254:3 0 38.8G 0 part
└─luks 252:0 0 38.8G 0 crypt
└─genmat-root 252:1 0 38.8G 0 lvm /mnt
|
dmcrypt and lvm enabled @ boot
It BOOTS just fine asking the passwd and what not.
If you try to reproduce these there is no change you will not be able to boot.
The problem comes from kernels missing config and misconfigured luks and/or lvm.
Please use a crypttab i think dracut reads it when creating initrd.
cryptdevice=(PART)UUID=xxxxxxxxxx:name root=/dev/vg/lv
is enough
no need to mess with
rd.luks.UUID etc.
So No please dont report any bug.Rather please look at your own configs.
I forgot to mention that i am using dracut.
_________________
|
|
| Back to top |
|
|
Zucca
Moderator
Joined: 14 Jun 2007
Posts: 3345
Location: Rasi, Finland
|
| Posted: Tue Sep 14, 2021 3:45 pm Post subject: |
|
|
| alamahant wrote: |
So No please dont report any bug.Rather please look at your own configs.
I forgot to mention that i am using dracut. |
If gentoo-kernel(-bin) is installed with USE=initramfs it pulls dracut and builds the initramfs using it. So it should just work. That said I once tried USE=initramfs with my setup. I think I had btrfs and OpenRC. Something went wrong and it failed to boot. Then I looked at dracut configs the first time in my life. I then decided it was easier for me to just script and build my own initramfs.
So like me, Neruthes probably had some dracut config to be adjusted. Debugging initramfs may be daunting to many. So many, like myself, just looked for an alternative. Yeah. The lazy way. :|
Neruthes, so don't report bug unless you can pinpoint where the problem is. Since alamahant has experience with gentoo-kernel and dracut and never encountered problems, I believe we just had something missing.
Since you are already using genkernel, (which creates surprisingly small initramfs images), I'd say stick with it.
One thing that always let me thinking... alamahant do you happen to know if dracut isn't compatible with OpenRC?
_________________
..: Zucca :..
Gentoo IRC channels reside on Libera.Chat.
--
| Quote: | | I am NaN! I am a man! |
|
|
| Back to top |
|
|
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3879
|
| Posted: Tue Sep 14, 2021 3:50 pm Post subject: |
|
|
Zucca
No it is very much compatible with openrc.
The above install I did on a VM IS an openrc Gentoo.
Dracut doesnt have any openrc module but it boots just fine.
Besides all my Gentoo systems use dracut for initrd.
_________________
|
|
| Back to top |
|
|
Neruthes
n00b
Joined: 15 Feb 2021
Posts: 8
|
| Posted: Sat Sep 18, 2021 5:54 pm Post subject: |
|
|
Thanks for all the information. Good to learn that.
It appears that the wiki article failed to mention those config requirements other than `rd.luks.uuid`. I will probably take time to edit.
I will stick with genkernel. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Kernel & Hardware
