Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] Automatic luksOpen does not work with systemd / lvm
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
rubik-wuerfel
n00b
n00b


Joined: 29 Sep 2004
Posts: 53
Location: Goettingen, Germany

PostPosted: Sat Sep 12, 2015 11:36 pm    Post subject: [solved] Automatic luksOpen does not work with systemd / lvm Reply with quote

I am currently trying to install Gentoo on a machine, with disk encryption. The encryption works, the system is running, but on boot, it fails to decrypt the disk itself: I need to get into the shell, do the
Code:
cryptsetup luksOpen
lvm vgchange --activate y
manually and only then I can have the system continue the boot process. Otherwise it complains that it cannot find /dev/mapper/gentoo--vg-root.

I followed mostly the official installation handbook, but used some parts of Sakaki's install guide.

I have the following setup:

Code:
 /dev/sda5 (UUID 7d7de8...)
-> LUKS (/dev/mapper/gentoo)
-> LVM (volume group: gentoo-vg)
-> root partition (/dev/mapper/gentoo--vg-root)


I chose systemd as init environment, GRUB2 is the boot loader.

The relevant lines from /boot/grub/grub.cfg are, as far as I can see:
Code:

echo    'Loading Linux x86_64-4.0.5-gentoo ...'
linux   /kernel-genkernel-x86_64-4.0.5-gentoo root=/dev/mapper/gentoo--vg-root ro init=/usr/lib/systemd/systemd dolvm
echo    'Loading initial ramdisk ...'
initrd  /initramfs-genkernel-x86_64-4.0.5-gentoo


I configured and compiled the kernel manually, the initramfs is created using genkernel:
Code:
genkernel --luks --lvm --udev --busybox --install initramfs


Strangely, no matter whether I put the relevant lines into /etc/crypttab:
Code:
gentoo    UUID=7d7de8d9-9ba6-4459-81d7-50e382331763   none   luks,discard

or /etc/conf.d/dmcrypt:
Code:
target='gentoo'
source='/dev/disk/by-uuid/7d7de8d9-9ba6-4459-81d7-50e382331763'

I can find no reference to the encrypted disk in the initramfs file (grep'ing the decompressed initramfs folder structure for the uuid).

Is there a guide somewhere how to get the initramfs to know about the encrypted partition? So far I could only find websites talking about /etc/conf.d/dmcrypt (I understand that is only relevant for OpenRC, c.f bug #429966), and the general impression seems to be that creating entries in /etc/crypttab should be sufficient for systemd.

Any idea?


Last edited by rubik-wuerfel on Tue Sep 15, 2015 8:35 pm; edited 1 time in total
Back to top
View user's profile Send private message
alinefr
Tux's lil' helper
Tux's lil' helper


Joined: 05 Jul 2009
Posts: 112
Location: São Paulo, Brasil

PostPosted: Sun Sep 13, 2015 3:09 am    Post subject: Re: Automatic luksOpen does not work with systemd / lvm / lu Reply with quote

rubik-wuerfel wrote:

I have the following setup:

Code:
 /dev/sda5 (UUID 7d7de8...)
-> LUKS (/dev/mapper/gentoo)
-> LVM (volume group: gentoo-vg)
-> root partition (/dev/mapper/gentoo--vg-root)


I chose systemd as init environment, GRUB2 is the boot loader.

The relevant lines from /boot/grub/grub.cfg are, as far as I can see:
Code:

echo    'Loading Linux x86_64-4.0.5-gentoo ...'
linux   /kernel-genkernel-x86_64-4.0.5-gentoo root=/dev/mapper/gentoo--vg-root ro init=/usr/lib/systemd/systemd dolvm
echo    'Loading initial ramdisk ...'
initrd  /initramfs-genkernel-x86_64-4.0.5-gentoo



I'm not a systemd user, only a lvm/luks user, but it seems like you are missing crypt_root=/dev/sda5 as kernel argument.
crypt_root also accepts UUID, like this: crypt_root=UUID=424325...
Back to top
View user's profile Send private message
rubik-wuerfel
n00b
n00b


Joined: 29 Sep 2004
Posts: 53
Location: Goettingen, Germany

PostPosted: Sun Sep 13, 2015 8:30 am    Post subject: Reply with quote

Thanks for the hint. Yes, adding crypt_root and real_root to /etc/default/grub:
Code:
# Enable LUKS
GRUB_CMDLINE_LINUX+=" crypt_root=UUID=7d7de8d9-9ba6-4459-81d7-50e382331763"
GRUB_CMDLINE_LINUX+=" real_root=/dev/mapper/gentoo--vg-root"

(note the spaces at the beginning of the strings!) made it work more or less. "More or less", because:

  • I thought that was exactly what the /etc/crypttab entries are for.
  • As long as there are remaining entries in /etc/crypttab, systemd-cryptsetup.service tries to decrypt the device again, but as it seems after switching from the initramfs to the "real" system.

So, is there a way to pull systemd-cryptsetup over to the initramfs? I use genkernel for initramfs creation, with options as given in my original post.
Back to top
View user's profile Send private message
alinefr
Tux's lil' helper
Tux's lil' helper


Joined: 05 Jul 2009
Posts: 112
Location: São Paulo, Brasil

PostPosted: Sun Sep 13, 2015 6:56 pm    Post subject: Reply with quote

You don't need /etc/crypttab. This is for when you need to decrypt any partition except 'root (/)'. In your use case scenario decryption occurs only in initramfs.

Also, you don't need any init script for decryption. So you should also remove the systemd-cryptsetup.service. The initramfs generated by 'genkernel --luks --lvm' should have everything you need.
Back to top
View user's profile Send private message
alinefr
Tux's lil' helper
Tux's lil' helper


Joined: 05 Jul 2009
Posts: 112
Location: São Paulo, Brasil

PostPosted: Sun Sep 13, 2015 6:59 pm    Post subject: Reply with quote

Also, you could just leave the kernel argument as root=

Code:

  real_root=<...>
           Legacy kernel parameter from kernel-2.4 initrd. Does the same as root=, which should be used in its place.


Have a look in man genkernel.
Back to top
View user's profile Send private message
rubik-wuerfel
n00b
n00b


Joined: 29 Sep 2004
Posts: 53
Location: Goettingen, Germany

PostPosted: Sun Sep 13, 2015 10:26 pm    Post subject: Reply with quote

alinefr wrote:
You don't need /etc/crypttab. This is for when you need to decrypt any partition except 'root (/)'.

[...]

Also, you could just leave the kernel argument as root=


Thanks for these hints! Actually /etc/crypttab and the corresponding systemd service will come in handy for my next steps, adding a second encrypted disk. The first (and so far only) disk is an SSD where I put mainly "everything not /home", now I will add home directories and some shared data (video data etc.) on a larger HDD, whose decryption can wait until systemd takes care of it.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum