Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
LUKS+LVM: full disk encryption and GRUB2 problems
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
UX.MAN
n00b
n00b


Joined: 09 Mar 2013
Posts: 72

PostPosted: Tue Nov 03, 2015 6:03 pm    Post subject: LUKS+LVM: full disk encryption and GRUB2 problems Reply with quote

I have a BIOS system in which I'm trying to install Gentoo on a fully (almost) encypted block device. This is the layout:

sda 8:0 0 149.1G 0 disk
`-sda1 8:1 0 149.1G 0 part
`-enc 253:0 0 149G 0 crypt
|-vg0-boot 253:1 0 500M 0 lvm /boot
|-vg0-swap 253:2 0 4G 0 lvm [SWAP]
|-vg0-root 253:3 0 25G 0 lvm /
`-vg0-home 253:4 0 119.6G 0 lvm /home

Up to here, conceptually and practically, everything went very well. When it comes to installing GRUB, I'm getting an error message stating that grub2-install cannot find the disk. You may find the full log here.
You can find /etc/default/grub config here.
Back to top
View user's profile Send private message
Roman_Gruber
Advocate
Advocate


Joined: 03 Oct 2006
Posts: 3806
Location: Austro Bavaria

PostPosted: Tue Nov 03, 2015 6:52 pm    Post subject: Reply with quote

lvm boot will probalby not work with luks.

i used to use mbr => ext2 boot => intiramfs + kernel + all stuff build in => lvm container => luks container => ext4 root

realroot, dolvm, and some other grub2 / kernel flags are required to boot. sometimes even adapting / hacking the initramfs

Although some guides claim that grub2 can wori with lvm, i highly doubt it. the bootloader needs an ordianry partition to load from, which is ext2 for example, primary parititon and the best when it is clsoe to the start of the disc.

on my mbr boxes i always used hte old msdos partition tables, no gpt partition tables.
Back to top
View user's profile Send private message
UX.MAN
n00b
n00b


Joined: 09 Mar 2013
Posts: 72

PostPosted: Tue Nov 03, 2015 7:16 pm    Post subject: Reply with quote

Current versions of GRUB2 are capable of decrypting LUKS and doing LVM on a MBR partition table. I also have a system with the same layout where I have installed ArchLinux, and their scripts are able to install GRUB2 and decrypt LUKS.
Back to top
View user's profile Send private message
davidm
Guru
Guru


Joined: 26 Apr 2009
Posts: 557
Location: US

PostPosted: Tue Nov 03, 2015 7:48 pm    Post subject: Reply with quote

When I last did LVM on LUKS I just used an unencrypted /boot. For your case though with an encrypted boot I believe you still need more than what you have:

Code:

GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=/dev/sda1:enc dolvm"


It might possibly require something more like:
Code:

GRUB_CMDLINE_LINUX="crypt_root=/dev/sda1 dolvm cryptdevice=/dev/vg0/root:enc real_root=/dev/vg0/root rootfstype=ext4"


On the Arch wiki:

Quote:

If a LVM contains the encrypted root, the LVM gets activated first and the volume group containing the logical volume of the encrypted root serves as device. It is then followed by the respective volume group to be mapped to root. The parameter follows the form of cryptdevice=/dev/vgname/lvname:dmname


https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#cryptdevice

Play around a bit with the cryptdevice setting and you'll probably get it.
Back to top
View user's profile Send private message
UX.MAN
n00b
n00b


Joined: 09 Mar 2013
Posts: 72

PostPosted: Tue Nov 03, 2015 10:19 pm    Post subject: Reply with quote

So, this is how the config line looks like now:

Code:
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda1:enc dolvm real_root=/dev/vg0/root"


But I'm still getting the same error message when I run grub2-install /dev/sda:

Code:
grub2-install: error: disk `lvmid/dvETfb-JM9w-AqKq-qn7X-kjIF-AvTg-0L7h1j/0rFi2E-k3Zx-97ra-sRkd-9ZS7-FFcF-Ic1gwa' not found.


I have no clue where this UUID came from.
Back to top
View user's profile Send private message
Roman_Gruber
Advocate
Advocate


Joined: 03 Oct 2006
Posts: 3806
Location: Austro Bavaria

PostPosted: Wed Nov 04, 2015 8:07 am    Post subject: Reply with quote

output of blkid, when you boot up a livecd, thanks.

probalby this is the uiid of one of your lvm chunks

how was you initramfs created?
Back to top
View user's profile Send private message
UX.MAN
n00b
n00b


Joined: 09 Mar 2013
Posts: 72

PostPosted: Wed Nov 04, 2015 11:37 am    Post subject: Reply with quote

It seems it is not one of my disks' UUID:

Code:
# blkid
/dev/loop0: TYPE="squashfs"
/dev/sda1: UUID="3795b6af-35e8-45e0-b2a9-6657c868d9e3" TYPE="crypto_LUKS" PARTUUID="0ac5e90f-01"
/dev/sdc1: LABEL="SYSRESC" UUID="CBCD-948D" TYPE="vfat" PARTUUID="000a62c1-01"
/dev/mapper/enc: UUID="JDbKvB-JmjF-uoVI-rT3K-7tWa-P2pe-9BLpWk" TYPE="LVM2_member"
/dev/mapper/vg0-boot: LABEL="boot" UUID="62382c11-fe46-4540-8e43-0ed00b3980b2" TYPE="ext4"
/dev/mapper/vg0-swap: UUID="cf3971fe-565d-4a26-aaea-61caf0e969cf" TYPE="swap"
/dev/mapper/vg0-root: LABEL="root" UUID="86cec2b1-544c-4966-8aee-2f39aab61cd0" TYPE="ext4"
/dev/mapper/vg0-home: LABEL="home" UUID="7b9103ac-46e6-419b-ae87-f1b4f4b2d2ac" TYPE="ext4"
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum