Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
gentoo + luks + lvm +efi
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
deathnote
n00b
n00b


Joined: 03 Feb 2018
Posts: 7

PostPosted: Sat Feb 03, 2018 10:18 am    Post subject: gentoo + luks + lvm +efi Reply with quote

Hi I need some tips for this:

I want to crypt my fs, I have a thinkpad x1 , with efi boot (lenovo).

I try since a few days but I got always a kernel panic....

I have two partiton on with efi and the last with luks on lvm. I create two lv one for swap and one for the rest as /

My question:

- do I need grub?
- do I need initramfs?

It's possible to crypt the fs with no grub and no initramfs? I want to have the possibility to boot my gentoo from efi but , no password asking...


How do that?
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1762

PostPosted: Sat Feb 03, 2018 10:58 am    Post subject: Reply with quote

Quote:
I want to crypt my fs,
I want to have the possibility to boot my gentoo from efi but , no password asking

Yes, it is possible. without grub, but you do need initramfs. I don't see how this setup is going to benefit anyone in any way though. What do you actually want?
Back to top
View user's profile Send private message
Gladdle
Apprentice
Apprentice


Joined: 27 Jul 2008
Posts: 268
Location: Cleebronn, Germany

PostPosted: Sat Feb 03, 2018 11:26 am    Post subject: Reply with quote

At the first one, USE THE HYBRID DVD! Its not possible to setup grub2 or another boot manager with UEFI with the Gentoo minimal Installation DVD. In some cases, the UEFI BIOS has to set to "UEFI only", but thats caused by your BIOS. 2 Months ago, i have installed Gentoo on a Thinkpad T520 with LUKS. I used this Video: https://www.youtube.com/watch?v=IzUf-wFEirQ - but he installed it in a virtual Machine so you have to make some minimal canches. If you have problems you can post them here.

You don't need grub2, you also can use another bootloader: https://wiki.gentoo.org/wiki/Bootloader

What do you mean without password asking? When i boot, i have to enter the LUKS password. Do you want to use a keyfile?

My partition setup for /dev/sda:
- sda1: A partition for the EFI boot file
- sda2: The /boot partition for the kernel
- sda3 The LUKS Partition with SWAP and /

"genkernel" is also depreaced, i used "genkernel-next". And i also used "genkernel --oldconfig --save-config --makeopts=-j5 --menuconfig --lvm --luks all initramfs" for the installation and some options in the /etc/genkernel.conf that it saved the .config file
_________________
Meine Gentoo Linux Konfiguration: Notebook (ACER Aspire 9920G)
Back to top
View user's profile Send private message
deathnote
n00b
n00b


Joined: 03 Feb 2018
Posts: 7

PostPosted: Sat Feb 03, 2018 1:11 pm    Post subject: Reply with quote

I juste want to havé the swap and root encrypted . No grub I want boot from efi but d'heure I confit thé initramfs i. Efi!?
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1762

PostPosted: Sat Feb 03, 2018 1:43 pm    Post subject: Reply with quote

Your translator broke half way down that sentence.
Anyway, THIS is a good starting point. Rescue CD seems to be the most common installation medium, though you can use any linux you have at hand. Gentoo minimal CD is _not_ the best choice due to limited hardware support.
Hopefully, after you walk over the basics, you will be able to see the limits and name your wants in a way we can actually understand.
Bear in mind that gentoo has a pretty steep learning curve, so you may want to start with another flavour of linux. E.g. Ubuntu is pretty good at on-boarding the newcomers. I followed this path, it works and is much smother than going directly out in the wilds.
Back to top
View user's profile Send private message
Tyrus
Tux's lil' helper
Tux's lil' helper


Joined: 03 Feb 2018
Posts: 143

PostPosted: Sat Feb 03, 2018 8:53 pm    Post subject: Reply with quote

@deathnote:
I use grub2. If you want to load directly from efi the gentoo-wiki has two helpful sites:
EFI System Partition and EFI stub kernel

Partiton setup could be:
- sda1: the /boot partition. Very important: you have to use FAT for the filesystem
- sda2: your LUKs crypted partition containing LVM with swap and /

Your kernel need a special setup. Consult the wiki I mentioned. Important the kernel needs ".efi" as suffix.

You need to open LUKS via the kernel so you need a special built-in kernel command line. I can only help with an example from my grub2-bootloader.
vmlinuz-4.9.76-gentoo-r1.efi root=/dev/mapper/GENTOO-ROOT ro dobtrfs dolvm crypt_root=UUID=d5a3428b-b21c-42b4-a4ce-0818c92bca9c real_root=/dev/mapper/GENTOO-ROOT root_keydev=UUID=E716-DA12 root_key=dmcrypt-2.key splash

/dev/mapper/GENTOO-ROOT is the name I created with LVM. Instead of the "GENTOO-ROOT" part use what you name the logical volume containing /.
root_keydev for an USB-Stick holding the keyfile to open LUKS.

And yes you need a initramfs.
Your can create it also with genkernel. Use "--luks" and "--lvm" when creating it.

Using grub2 is easier. Good luck. Maybe the post has some hints helping you.
Back to top
View user's profile Send private message
deathnote
n00b
n00b


Joined: 03 Feb 2018
Posts: 7

PostPosted: Sat Feb 03, 2018 10:49 pm    Post subject: Reply with quote

thanks for your replies, and sorry for my last message.... f****** iphone...

so I have followed your tips and now I have this:

lsblk:

Code:

sysresccd / # lsblk
NAME           MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
loop0            7:0    0 426.5M  1 loop
sda              8:0    1  14.3G  0 disk
`-sda1           8:1    1  14.3G  0 part
nvme0n1        259:0    0   477G  0 disk
|-nvme0n1p1    259:1    0   260M  0 part
|-nvme0n1p2    259:2    0   512M  0 part  /boot
`-nvme0n1p3    259:3    0 476.2G  0 part
  `-cryptroot  253:0    0 476.2G  0 crypt
    |-vg0-swap 253:1    0    16G  0 lvm   [SWAP]
    `-vg0-root 253:2    0 460.2G  0 lvm   /
sysresccd / #


/etc/fstab
Code:

# <fs>         <mountpoint>   <type>      <opts>            <dump/pass>
/dev/nvme0n1p2      /boot      ext2      noatime            1 2
/dev/mapper/vg0-root   /      ext4      defaults,noatime,discard   0 1
/dev/mapper/vg0-swap   none      swap      sw            0 0

tmpfs              /tmp            tmpfs      defaults,noatime,mode=1777      0 0
tmpfs              /var/tmp        tmpfs      defaults,noatime,mode=1777      0 0


so no I want to use the efi partition from lenovo ( nvme0n1p1 ).

I need to add some args to kernel but which one and where? I need to add initramfs, cryptroot, etc, no?

[Moderator edit: changed [quote] tags to [code] tags to preserve output layout. -Hu]
Back to top
View user's profile Send private message
Tyrus
Tux's lil' helper
Tux's lil' helper


Joined: 03 Feb 2018
Posts: 143

PostPosted: Sun Feb 04, 2018 2:46 am    Post subject: Reply with quote

You said /dev/nvme0n1p1 is your EFI partition. So that is what you need to mount at /boot. But I would use the UUID and not the devicename.
Because it is already there the question is what filesystem is used? The lowest common denominator basis is FAT (vfat) and the UEFI-BIOS should be able to work with it. Also Windows can use it.
It should contain a directory "EFI", if it is already there.

Another question is do you open LUKS with a keyfile? Is it on a different device? What path? I am using an USB-stick. But that is just an option.
Without a keyfile you need to enter a password during boot. But then you have to take care to load the correct keyboard-driver early for the initramfs.
Assuming you have a special device get the UUID for the partition keeping the keyfile.

You need to compile the kernel with the setup descriped in the "EFI Stub Kernel"-Wiki. For the "built-in kernel command line"-setup I am not sure. The initramfs will open LUKS. Get the UUID for "/dev/nvme0n1p3/cryptroot". Then I woud try for the "kernel command line"-parameter something like this:
Code:

root=/dev/mapper/vg0-root dolvm crypt_root=UUID=<UUID for /dev/nvme0n1p3/cryptroot> real_root=/dev/mapper/vg0-root root_keydev=UUID=<UUID for the device storing the keyfile> root_key=<location of the keyfile on the device>

"root_keydev" is only needed if your keyfile is on a different device.
The new kernel goes into "/boot/EFI/Gentoo/". I would also copy it into "/boot/EFI/Boot" as fallback. You should also add the suffix ".efi" for the kernelfile.

Next step is to create an initramfs. Using genkernel works for me but you need "--luks" and "--lvm" as options.
The "EFI Stub Kernel"-Wiki describes what to do with the new created initramfs.
It should go also in "/boot/EFI/Gentoo/" and you create a new boot entry with efibootmgr.

Never tried to boot gentoo via efi myself. I am using grub2. But that's what I would try in your situation.
Back to top
View user's profile Send private message
deathnote
n00b
n00b


Joined: 03 Feb 2018
Posts: 7

PostPosted: Sun Feb 04, 2018 12:18 pm    Post subject: Reply with quote

at this time, I try with grub. But can't boot ...

errors are:

- /run/lvm/lvmetad.oscket : connect failed: no such file or directory.

Device UUID=WBytov-MiWM-z0O8-NY9c-S5ZF-aCEp-LCIacf doesn't exist or acces denied

Could not find the root_-vg0-root in UUID=WBytov-MiWM-z0O8-NY9c-S5ZF-aCEp-LCIacf

my blkid:

Code:
sysresccd / # blkid
/dev/sda1: LABEL="SYSRESC" UUID="8D24-FB1B" TYPE="vfat" PARTUUID="0002e406-01"
/dev/loop0: TYPE="squashfs"
/dev/nvme0n1: PTUUID="8c34778c-d1b8-4db2-9a96-2046ac9591db" PTTYPE="gpt"
/dev/nvme0n1p1: LABEL="SYSTEM" UUID="C463-A602" TYPE="vfat" PARTLABEL="EFI system partition" PARTUUID="74017c83-c814-419d-8586-651de0e9d1f6"
/dev/nvme0n1p2: LABEL="boot" UUID="ed381bf7-8528-413b-b80a-8f4b193414d1" TYPE="ext2" PARTLABEL="boot" PARTUUID="f392a943-fbd3-4a5c-a31d-8207620adceb"
/dev/nvme0n1p3: UUID="561128b2-1b9e-496f-8e98-5e7e9905cefe" TYPE="crypto_LUKS" PARTUUID="a83c598f-1c64-405c-8c5b-f4ce7a057253"
/dev/mapper/cryptroot: UUID="WBytov-MiWM-z0O8-NY9c-S5ZF-aCEp-LCIacf" TYPE="LVM2_member"
/dev/mapper/vg0-swap: UUID="033204a3-a64d-47c5-ba5d-d2443e86db5d" TYPE="swap"
/dev/mapper/vg0-root: UUID="dd7dd068-00a6-4c5a-afa4-57f63a575a5a" TYPE="ext4"


Code:

# Append parameters to the linux kernel command line
GRUB_PRELOAD_MODULES=lvm
GRUB_ENABLE_CRYPTODISK=y
GRUB_DEVICE=/dev/ram0
GRUB_CMDLINE_LINUX="crypt_root=UUID=WBytov-MiWM-z0O8-NY9c-S5ZF-aCEp-LCIacf real_root=/dev/mapper/vg0-root rootfstype=ext4 resume=/dev/mapper/vg0-swap dolvm quiet splash"


any idea?
Back to top
View user's profile Send private message
Tyrus
Tux's lil' helper
Tux's lil' helper


Joined: 03 Feb 2018
Posts: 143

PostPosted: Sun Feb 04, 2018 3:06 pm    Post subject: Reply with quote

My /etc/default/grub says GRUB_ENABLE_CRYPTODISK=1. Not sure if the "y" works also.

You need to specify a grub-platform. Look in the gentoo-wiki for grub2.
Add GRUB_PLATFORMS="<your platform>" in /etc/portage/make.conf.
Then reemerge grub2 with "--newuse" -and "--deep".

You need to mount the EFI-Partition then at /boot because grub2 creates the needed entries for efi when you install grub2.
Then use the commands:
Code:

grub-install --efi-directory=/boot
grub-mkconfig -o /boot/grub/grub.cfg
Back to top
View user's profile Send private message
deathnote
n00b
n00b


Joined: 03 Feb 2018
Posts: 7

PostPosted: Sun Feb 04, 2018 3:16 pm    Post subject: Reply with quote

I think too my problem is a misstake with rootfs and crypt_root
Back to top
View user's profile Send private message
deathnote
n00b
n00b


Joined: 03 Feb 2018
Posts: 7

PostPosted: Sun Feb 04, 2018 3:39 pm    Post subject: Reply with quote

with this:

You need to mount the EFI-Partition then at /boot because grub2 creates the needed entries for efi when you install grub2.
Then use the commands:
Code:

grub-install --efi-directory=/boot
grub-mkconfig -o /boot/grub/grub.cfg


not able to boot .... I just have grub command line
Back to top
View user's profile Send private message
Tyrus
Tux's lil' helper
Tux's lil' helper


Joined: 03 Feb 2018
Posts: 143

PostPosted: Sun Feb 04, 2018 5:57 pm    Post subject: Reply with quote

What have you done so far?

You need to chroot into /. Then reemerge grub2 from there and so on. I assume you have installed gentoo already at /.
Then please list you /boot/EFI directory. There should be a directory gentoo and in that directory you find a grub*.efi entry.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum