Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Having EFI problems on new install with full encrypted root
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
mikegpitt
Advocate
Advocate


Joined: 22 May 2004
Posts: 3221

PostPosted: Mon Jul 25, 2016 4:43 pm    Post subject: Having EFI problems on new install with full encrypted root Reply with quote

I've been having problems installing Gentoo on my new machine, a New Dell XPS 13 Developer Edition. I want to fully encrypt the root partition (including /boot and swap). I've attempted the installation 4 times now: the first two times using the legacy MBR BIOS boot and the second two times using EFI, and can't boot the installation.

When I attempted the MBR partition scheme, when the machine tried to boot into Gentoo I would receive an error saying the cryptodisk could not be found. I figured that maybe since the machine is new and has one of these /dev/nvme0n1 type SSD drives, I would bite the bullet and try the EFI installation. After I failed the first time, I figured I just made a mistake in the setup, but after the second attempt with an EFI installation I'm really scratching my head.

When I boot with the EFI partition (mounted at /boot/efi and formatted vfat and not encrypted) the machine does not see it at all. I needed to install with the Arch Linux bootable USB, which has EFI support, so as a test I copied the files from the bootable USB's EFI partition, just to make sure the machine could detect the EFI partition on the disk. And, it does! When I have the Arch files in place, I get the option to boot off the SSD with EFI. I thought maybe I needed a menu option added, so I copied over the Gentoo grubx64.efi file, added an EFI menu option for it, and tried to boot it. I get these 0x0 errors with grub 2 not being able to open the disk, and again a cryptodisk error.

I'm extremely confused at this point, and may throw in the towel and make /boot non-encrypted -- but I figured I'd ask for tips first. Maybe I'm just forgetting a step. Tips & help is appreciated! :)

Here's some system information:

Code:
# parted -a optimal /dev/nvme0n1
GNU Parted 3.2
Using /dev/nvme0n1
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) p                                                               
Model: Unknown (unknown)
Disk /dev/nvme0n1: 512GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:

Number  Start   End     Size    File system  Name  Flags
 1      1049kB  3146kB  2097kB               grub  bios_grub
 2      3146kB  540MB   537MB   fat32        boot  boot, esp
 3      540MB   512GB   512GB                lvm


/dev/nvme0n1p3 is fully encrypted with LUKS and houses three LVM partitions:
Code:
/dev/vg1/boot
/dev/vg1/swap
/dev/vg1/root


I'm using Grub 2 to load the system, and have compiled with the devicemapper USE flag. I'm using genkernel for now to compile the kernel, since I don't have time to manually configure one at the moment. I compiled genkernel with the cryptsetup USE flag, and am using gentoo-sources 4.6.4, as I need the 4.6 branch for wifi drivers.

I ran genkernel like so:
Code:
genkernel --no-mrproper --luks --lvm --busybox --menuconfig --no-zfs --no-btrfs --real-root=/dev/vg1/root all


I added these two lines to /etc/default/grub:
Code:
GRUB_ENABLE_CRYPTODISK=y
GRUB_CMDLINE_LINUX="udev dolvm crypt_root=/dev/nvme0n1p3 real_root=/dev/vg1/root cryptdevice=/dev/nvme0n1p3:vg1-boot"


I emerged and ran the Grub install as so:
Code:
echo GRUB_PLATFORMS="efi-64" >> /etc/portage/make.conf
emerge sys-boot/grub:2
grub2-install --target=x86_64-efi --efi-directory=/boot/efi
grub2-mkconfig -o /boot/grub/grub.cfg


Just so you can see how the partitions are laid out, this is how I mount everything from the Arch Live USB:
Code:
cryptsetup luksOpen /dev/nvme0n1p3 gentoo_enc

vgscan
vgchange -a y

mount /dev/vg1/root /mnt/gentoo
mount /dev/vg1/boot /mnt/gentoo/boot
mount -t proc proc /mnt/gentoo/proc
mount --rbind /sys /mnt/gentoo/sys
mount --rbind /dev /mnt/gentoo/dev
mount --rbind /run /mnt/gentoo/run
mount /dev/nvme0n1p2 /mnt/gentoo/boot/efi

I needed to add the mount bind to /run, as I would get LVM warnings from Grub 2 otherwise.
Back to top
View user's profile Send private message
mikegpitt
Advocate
Advocate


Joined: 22 May 2004
Posts: 3221

PostPosted: Mon Jul 25, 2016 5:37 pm    Post subject: Reply with quote

I just read a few posts that mention that Grub doesn't yet support NVME disks. This may be core to my issue.
Back to top
View user's profile Send private message
mikegpitt
Advocate
Advocate


Joined: 22 May 2004
Posts: 3221

PostPosted: Tue Jul 26, 2016 9:48 pm    Post subject: Reply with quote

I may have solved my issue with grub-9999 and some messing with the system BIOS. Will post more details when I'm sure everything is working properly.
Back to top
View user's profile Send private message
mikegpitt
Advocate
Advocate


Joined: 22 May 2004
Posts: 3221

PostPosted: Mon Aug 08, 2016 8:46 pm    Post subject: Reply with quote

As promised, I'm posting a few more details here how I got things working. I'm hoping to post a full guide at some point how I installed/configured Gentoo on the Dell XPS 13 Developer Edition, the 9350 2016 model.

My problem with grub2 did revolve around the drive being an NVME type. Installing grub-2.02_beta3-r1, which is ~arch solved the grub boot problem for me.

I used an EFI install. To make the machine see the EFI partition, which I created at /boot/efi, I needed to select the *.efi file in the BIOS (also disabling 'secure boot' which I don't want/need).

To select the EFI file in the BIOS, browse to: Settings > Boot Sequence > UEFI > Add Boot Option > Browse to *.efi File Name > Type Boot Option Name: Gentoo Linux

After that the machine should boot right up. If you change the *.efi file at any point, like if you update your kernel, you will need to re-select it in the BIOS.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum