Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Problem with booting from encrypted root on Dracut
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
gentooUs3r
n00b
n00b


Joined: 05 Jul 2015
Posts: 4

PostPosted: Sun Jul 05, 2015 12:45 pm    Post subject: Problem with booting from encrypted root on Dracut Reply with quote

Hello,

I'm a gentoo user for a few years now, but this is the first time I need help on forum :)

I'm preparing new gentoo installation on my new PC, on SSD, that will use systemd, dracut and rEFInd. I've prepared encrypted partition (luks) without lvm, because I didn't want a swap partition. I've succesfully prepared system files, installed Dracut, generated image and installed rEFInd.
Problem occurs in initramfs, I receive warning from dracut:
Code:
Could not boot.
/dev/disk/by-uuid/<UUID of my decrypted root partition> does not exist


My rEFInd kernel commandline:
Code:
ro rd.luks.uuid=<UUID of encrypted root> rd.luks.key=<path to keyfile>:<UUID of device with key>:/dev/sda2<which is encrypted root> root=<UUID of decrypted root> rootfstype=ext4 rootflags=rw,realtime,data=ordered

Just before warnings dracut says that he found key, so there is a problem with decrypting root. I've also tried changing UUID to device path and that did not help.

After dracut failing boot I can mount root in dracut shell by command:

Code:
cryptsetup --key-file <path to keyfile> luksOpen /dev/sda2 ssd_gentoo


And after typing:

Code:
ln -s /dev/mapper/ssd_gentoo /dev/root
exit


System is properly booting.

What do I wrong? Should I use lvm to create one volume group with one partition inside to let dracut find decrypt root? Maybe crypttab would help? Maybe kernel commandline should be changed?

Thanks a lot for reading and helping :)
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2970
Location: Germany

PostPosted: Sun Jul 05, 2015 12:51 pm    Post subject: Re: Problem with booting from encrypted root on Dracut Reply with quote

gentooUs3r wrote:
I've also tried changing UUID to device path and that did not help.


Did the error message change?

If you changed all UUID to /dev/sdx2 [and updated initramfs fstab crypttab dmcrypt config or whatever] and it still complains about /dev/disk/by-uuid/ then that must be defined somewhere else and you should get out the grep hammer to find where.

In particular in the initramfs shell, try

Code:

cat /proc/cmdline # to verify the kernel parameters are what you expect
mkdir -p /mnt/initramfs
mount --bind / /mnt/initramfs
grep -ir <UUID> /mnt/initramfs


And see if this finds the culprit that is looking for the UUID in the first place.

Depending on the flavour of initramfs it may be normal for there to not be any /dev/disk/by-uuid/ stuff and uuid work through busybox findfs UUID=thething instead. Not sure how dracut does it.
Back to top
View user's profile Send private message
gentooUs3r
n00b
n00b


Joined: 05 Jul 2015
Posts: 4

PostPosted: Sat Jul 11, 2015 10:41 pm    Post subject: Reply with quote

Thanks for your answer, no, the error is different.

If I replace the uuid with the path to decrypted partition (in eg. to /dev/mapper/luks-<uuid> or /dev/mapper/ssd_gentoo - but I do not really know what name will be used, normally, if you use lvm it will be /dev/mapper/group-partname, this time name should be defined in cryptsetup luksOpen command, as I presented in first post) I get the error that device does not exist, without uuid, just /dev/mapper/xxx. So its not hardcoded anywhere else.

I've also noticed that when encrypted partition is defined by uuid(rd.luks.uuid=) journalctl prints following error even earlier than error from 1st post.

Code:
dracut-initqueue: Failed to start systemd-cryptsetup@luks\x2d111111111\x2d1111\x2d1111\x2d1111\x2d111111111111<insted of those "ones" there is a correct UUID of encrypted device>.service: Unit systemd-cryptsetup@luks\x2d<correct uuid as before>.service failed to load: No such file or directory.


In case when that partition is defined by /dev/sda2 (rd.luks=) the only error is about not founding decrypted root (root= parameter, as in 1st post).

So it looks like initramfs just doesn't run command:

Code:
cryptsetup --key-file <path to key> luksOpen /dev/sda2 <mapper name>


and I don't know why (I have very similar configuration on previous gentoo system installation, running same hardware, but with lvm and it works ok with both uuids and dev mappings).
After that, when I list /dev/mapper/ in initramfs shell, there is only "control" file there, no decrypted devices.

Do you have any idea how to enforce him to decrypt that partition? Thanks for your time!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum