Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Booting Gentoo on LVM inside LUKS with gpg encrypted keyfile
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
cytadela8
n00b
n00b


Joined: 08 Feb 2015
Posts: 3

PostPosted: Sun Feb 08, 2015 5:52 pm    Post subject: Booting Gentoo on LVM inside LUKS with gpg encrypted keyfile Reply with quote

I'm trying to install Gentoo on LVM logical volume inside LUKS container encrypted with key file encrypted by GPG with passphrase. Everything was going smoothly until I tried to boot. I'm building the kernel and initramfs with genkernel:
Code:
genkernel --lvm --luks --install --menuconfig --busybox all

and booting it with GRUB2. So after I start the kernel I get the information that my key file gets found, but in the next line I get “Failed to open LUKS device...” and than comes a kernel panic. Any idea what to do?

Kernel config - http://pastebin.com/YR7TfaVm

GRUB2 menuentry:
Code:
menuentry 'Gentoo'{
root='hd1,gpt1'
linux /kernel-genkernel-x86_64-3.17.7-gentoo initrd=/dev/ram0 crypt_root=/dev/disk/by-partuuid/PARTUUID_OF_LUKS_CONTAINTER_PARTION dolvm real_root=/dev/mapper/vg1-root rootfstype=ext4 real_init=/usr/lib/systemd/systemd root_keydev=/dev/disk/by-partuuid/PARTUUID_OF_MY_PENDRIVE_WITH_KEY root_key=luks-key.gpg
initrd /initramfs-genkernel-x86_64-3.17.7-gentoo
echo "initing..."
}
Back to top
View user's profile Send private message
Roman_Gruber
Advocate
Advocate


Joined: 03 Oct 2006
Posts: 3806
Location: Austro Bavaria

PostPosted: Sun Feb 08, 2015 7:19 pm    Post subject: Reply with quote

try an initramfs with mdev

build in the disc controller, and encryption with ""Y"" and never with "m" or "n" in the kernel config.

boot up a livecd and try to open the device manually! can you do that?

try using genkernel-next

please be more specific about the error message of your kernel panic. most hints are there
Back to top
View user's profile Send private message
cytadela8
n00b
n00b


Joined: 08 Feb 2015
Posts: 3

PostPosted: Sun Feb 08, 2015 10:52 pm    Post subject: Reply with quote

I will double check tomorrow, but as far as I was checking today all kernel features needed to open the LUKS container, use LVM and mount ext4 are set to Y.

I definitely can open the container manually, because i have rootfs encrypted and I was building of course the kernel after chrooting into it.

I'm using genkernel-next actually (emerge --search genkernel show that i have installed only the "genkernel-next" and the "genkernel" package is masked)

link to the photo with kernel panic (is there any way to save a kernel panic, if it happens in initramfs?): http://postimg.org/image/z0ds1ozyl/
Back to top
View user's profile Send private message
Roman_Gruber
Advocate
Advocate


Joined: 03 Oct 2006
Posts: 3806
Location: Austro Bavaria

PostPosted: Mon Feb 09, 2015 7:46 am    Post subject: Reply with quote

Please use a stable kernel release from kernel.org => 3.10 has long term support therefore => genkernel 3.10.X should solve it probably.

in the old days all uneven numbers were unstable kernels and all even were stable.
3.17 => 17 is uneven
3.10 is even

off topic. stick to long term support from kernel.org to safe you hassles ...

Your error message just indicates thats most probably the kernels fault. I havent seen such in ages wiht my 3.10 branch
Back to top
View user's profile Send private message
cytadela8
n00b
n00b


Joined: 08 Feb 2015
Posts: 3

PostPosted: Mon Feb 09, 2015 1:19 pm    Post subject: Reply with quote

Thanks, this solved the kernel panic :)

Now i have another one :P.

I get this same message as previously ("Failed to open LUKS device...") and then follow same error referencing to inability to find gpg-agent.

I tried to decrypt the luks-key.gpg file manually from shell inside initramfs. I got "error running /usr/bin/gpg-agent": probably not installed" and in /usr/bin/ there is only "gpg", "gpg-agent" isn't there. So to solve it I think I should make genkerenl to put gpg-agent there. Any idea how? (except doing it manually)

(I tried using find with phrase "*gpg*", so there isn't any gpg-agent file anywhere in initramfs for sure)

P.S. I found and resolved another problem in the meantime, i added --gpg to genkernel options.
Back to top
View user's profile Send private message
Roman_Gruber
Advocate
Advocate


Joined: 03 Oct 2006
Posts: 3806
Location: Austro Bavaria

PostPosted: Mon Feb 09, 2015 6:00 pm    Post subject: Reply with quote

you need to have everything as binary in the kernel build in or in the initramfs. thats the summary. usually you need a few more flags for genkernel or you need a self written initramfs
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum