Having EFI problems on new install with full encrypted root

[mikegpitt]

I've been having problems installing Gentoo on my new machine, a New Dell XPS 13 Developer Edition. I want to fully encrypt the root partition (including /boot and swap). I've attempted the installation 4 times now: the first two times using the legacy MBR BIOS boot and the second two times using EFI, and can't boot the installation.

When I attempted the MBR partition scheme, when the machine tried to boot into Gentoo I would receive an error saying the cryptodisk could not be found. I figured that maybe since the machine is new and has one of these /dev/nvme0n1 type SSD drives, I would bite the bullet and try the EFI installation. After I failed the first time, I figured I just made a mistake in the setup, but after the second attempt with an EFI installation I'm really scratching my head.

When I boot with the EFI partition (mounted at /boot/efi and formatted vfat and not encrypted) the machine does not see it at all. I needed to install with the Arch Linux bootable USB, which has EFI support, so as a test I copied the files from the bootable USB's EFI partition, just to make sure the machine could detect the EFI partition on the disk. And, it does! When I have the Arch files in place, I get the option to boot off the SSD with EFI. I thought maybe I needed a menu option added, so I copied over the Gentoo grubx64.efi file, added an EFI menu option for it, and tried to boot it. I get these 0x0 errors with grub 2 not being able to open the disk, and again a cryptodisk error.

I'm extremely confused at this point, and may throw in the towel and make /boot non-encrypted -- but I figured I'd ask for tips first. Maybe I'm just forgetting a step. Tips & help is appreciated!

Here's some system information:

Code: Select all

# parted -a optimal /dev/nvme0n1
GNU Parted 3.2
Using /dev/nvme0n1
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) p                                                                
Model: Unknown (unknown)
Disk /dev/nvme0n1: 512GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags: 

Number  Start   End     Size    File system  Name  Flags
 1      1049kB  3146kB  2097kB               grub  bios_grub
 2      3146kB  540MB   537MB   fat32        boot  boot, esp
 3      540MB   512GB   512GB                lvm

/dev/nvme0n1p3 is fully encrypted with LUKS and houses three LVM partitions:

Code: Select all

/dev/vg1/boot
/dev/vg1/swap
/dev/vg1/root

I'm using Grub 2 to load the system, and have compiled with the devicemapper USE flag. I'm using genkernel for now to compile the kernel, since I don't have time to manually configure one at the moment. I compiled genkernel with the cryptsetup USE flag, and am using gentoo-sources 4.6.4, as I need the 4.6 branch for wifi drivers.

I ran genkernel like so:

Code: Select all

genkernel --no-mrproper --luks --lvm --busybox --menuconfig --no-zfs --no-btrfs --real-root=/dev/vg1/root all

I added these two lines to /etc/default/grub:

Code: Select all

GRUB_ENABLE_CRYPTODISK=y
GRUB_CMDLINE_LINUX="udev dolvm crypt_root=/dev/nvme0n1p3 real_root=/dev/vg1/root cryptdevice=/dev/nvme0n1p3:vg1-boot"

I emerged and ran the Grub install as so:

Code: Select all

echo GRUB_PLATFORMS="efi-64" >> /etc/portage/make.conf
emerge sys-boot/grub:2
grub2-install --target=x86_64-efi --efi-directory=/boot/efi
grub2-mkconfig -o /boot/grub/grub.cfg

Just so you can see how the partitions are laid out, this is how I mount everything from the Arch Live USB:

Code: Select all

cryptsetup luksOpen /dev/nvme0n1p3 gentoo_enc

vgscan
vgchange -a y

mount /dev/vg1/root /mnt/gentoo
mount /dev/vg1/boot /mnt/gentoo/boot
mount -t proc proc /mnt/gentoo/proc
mount --rbind /sys /mnt/gentoo/sys
mount --rbind /dev /mnt/gentoo/dev
mount --rbind /run /mnt/gentoo/run
mount /dev/nvme0n1p2 /mnt/gentoo/boot/efi

I needed to add the mount bind to /run, as I would get LVM warnings from Grub 2 otherwise.

[mikegpitt]

I just read a few posts that mention that Grub doesn't yet support NVME disks. This may be core to my issue.

[mikegpitt]

I may have solved my issue with grub-9999 and some messing with the system BIOS. Will post more details when I'm sure everything is working properly.

[mikegpitt]

As promised, I'm posting a few more details here how I got things working. I'm hoping to post a full guide at some point how I installed/configured Gentoo on the Dell XPS 13 Developer Edition, the 9350 2016 model.

My problem with grub2 did revolve around the drive being an NVME type. Installing grub-2.02_beta3-r1, which is ~arch solved the grub boot problem for me.

I used an EFI install. To make the machine see the EFI partition, which I created at /boot/efi, I needed to select the *.efi file in the BIOS (also disabling 'secure boot' which I don't want/need).

To select the EFI file in the BIOS, browse to: Settings > Boot Sequence > UEFI > Add Boot Option > Browse to *.efi File Name > Type Boot Option Name: Gentoo Linux

After that the machine should boot right up. If you change the *.efi file at any point, like if you update your kernel, you will need to re-select it in the BIOS.