Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[Resolved]Can't get to work LUKS+LVM+USBKEY. Initramfs fail.
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
Nullbodu
n00b
n00b


Joined: 20 Aug 2016
Posts: 11

PostPosted: Sat Aug 27, 2016 1:46 am    Post subject: [Resolved]Can't get to work LUKS+LVM+USBKEY. Initramfs fail. Reply with quote

Hello,

Objective: fulldisk encryption with LVM support including encrypted /boot on a usb drive.
Seems I've set everything up except initramfs generated by
Code:
# genkernel --install --disklabel --lvm --luks --btrfs --e2fsprogs initramfs


First, here's my lsblk
Code:
NAME             MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                8:0    0 223.6G  0 disk 
└─sda1             8:1    0 201.2G  0 part 
  └─root         252:1    0 201.2G  0 crypt
    ├─vg1-root   252:2    0    70G  0 lvm   /
    └─vg1-home   252:3    0 124.7G  0 lvm   /home
sdb                8:16   0 931.5G  0 disk 
├─sdb1             8:17   0 838.4G  0 part 
│ └─data         252:4    0 838.4G  0 crypt
│   ├─vg2-swap   252:5    0    25G  0 lvm   [SWAP]
│   ├─vg2-backup 252:6    0   200G  0 lvm   /media/backup
│   └─vg2-data   252:7    0 582.7G  0 lvm   /media/data
├─sdb2             8:18   0   200M  0 part 
└─sdb3             8:19   0    93G  0 part 
sdc                8:32   1   7.6G  0 disk 
├─sdc1             8:33   1   145M  0 part  /boot/efi
├─sdc2             8:34   1   200M  0 part 
│ └─boot         252:0    0   198M  0 crypt /boot
├─sdc3             8:35   1    50M  0 part  /boot/grub
└─sdc4             8:36   1   7.2G  0 part 
sdd                8:48   1  14.7G  0 disk 
├─sdd1             8:49   1   2.1G  0 part 
├─sdd2             8:50   1    17M  0 part 
└─sdd3             8:51   1    32M  0 part 
loop0              7:0    0     2G  1 loop 


/boot is a usb stick encrypted by a passphrase. /dev/sda1 is encrypted by a keyfile. I keep initramds, the kernel, and the keyfile for /dev/sda1 on /boot. /dev/sdc3 is unecrypted. I need that for grub config (so that I can grub-mkconfig -o /boot/grub/grub.cfg).

Here's the menuentry from /boot/grub/grub.cfg:

Code:
### BEGIN /etc/grub.d/10_linux ###
menuentry 'Gentoo GNU/Linux, with Linux x86_64-4.4.6-gentoo'{
   insmod gzio
   insmod part_gpt
   insmod cryptodisk
   insmod luks
   insmod gcry_serpent
   insmod gcry_serpent
   insmod gcry_sha512
   insmod ext2
   cryptomount -u uuid_of_/dev/sdc2
   set root='cryptouuid/uuid_of_/dev/sdc2'
   echo   'Loading Linux x86_64-4.4.6-gentoo ...'
   linux   /kernel-genkernel-x86_64-4.4.6-gentoo ro crypt_root=/dev/disk/by-partuuid/part_uuid_of_/dev/sda1 dolvm real_root=/dev/mapper/vg1-root dobtrfs rootfstype=btrfs root_keydev=/dev/disk/by-partuuid/part_uuid_of_/dev/sdc2 root_key=keyname.key
   echo   'Loading initial ramdisk ...'
   initrd   /initramfs-genkernel-x86_64-4.4.6-gentoo
}
### END /etc/grub.d/10_linux ###


Grub works well - it prompts to enter the passphrase, I enter the passphrase, it opens the container, it loads the kernel and initramfs.
The kernel has all crypto, lvm and filesystem support compiled built-in.

During boot I get errors:
Code:
The LUKS device /dev/disk/by-partuuid/blablabla does not contain a LUKS header

or (if I specify directly /dev/sda1 instead of /dev/disk/by_partuuid/blabla)
Code:
Mounting of device /dev/sda1 failed

And here's the thing - if I drop to shell, manually unlock all disks and activate lvm vgs - I can continue booting...



Really wanna make everything work... I hope you can help me,
Thanks!
Back to top
View user's profile Send private message
Nullbodu
n00b
n00b


Joined: 20 Aug 2016
Posts: 11

PostPosted: Sun Aug 28, 2016 9:23 pm    Post subject: Reply with quote

As a solution, I encrypted my key with gpg, moved it to a non encrypted partition on my usb drive, then rebuilt initramfs with these settings
Code:
# genkernel --install --gpg --btrfs --luks --lvm --disklabel --e2fsprogs initramfs

and added this string as my kernel parameter:
Code:
linux   /kernel-genkernel-x86_64-4.4.6-gentoo ro root_keydev=UUID=uuid_of_non_encrypted_partition_of_usbdrive root_key=mykeyname.key.gpg crypt_root=/dev/disk/by-partuuid/part_uuid_of_/dev/sda1 dolvm real_root=/dev/mapper/vg1-root dobtrfs rootfstype=btrfs
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum