Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] grub will not work with luks + lvm (encrypted boot)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
SumDog
n00b
n00b


Joined: 16 Dec 2005
Posts: 17
Location: Chicago, USA

PostPosted: Tue Oct 04, 2016 5:01 am    Post subject: [solved] grub will not work with luks + lvm (encrypted boot) Reply with quote

So I've installed grub + luks + raid + lvm on two other systems before and in both cases, I used an unencrypted /boot. I thought on this new machine, I'd attempt encrypt everything including my boot files. I've read several guides that talk about how Grub2 supports luks natively and can prompt for your encryption passwords. You can then keep a key file in your initrd so you don't get asked for your password twice.

So here is my setup:

Code:

  nvme0n1p1 - ESP partition (EFI/*, vfat, unencrypted)
  nvme0n1p2 - LUKS Volume (mapped by my initrd to /dev/mapper/enc_root)
    -enc_root = an LVM named "lvol"
       /dev/mapper/lvol-root (or /dev/lvol/root) - ext4 : / (no separate boot partition. It's all in one)
       /dev/mapper/lvol-swap (or /dev/lvol/swap) - swap


I could only get Grub to install using the following:

Code:
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id="Funtoo Linux [GRUB]" --recheck --boot-directory=/boot/efi/EFI


..which I realize is wrong (it puts a useless grub directory on my ESP partition), but that's the only way I could get grub to even install anything in the EFI directory.

So I can boot my machine from Grub recovery using the following:

Code:

insmod luks
insmod lvm
cryptomount (hd1,gpt2)
set root=(lvm/lvol-root)
configfile (lvm/lvol-root)/boot/grub/grub.cfg


My system boots up fine; my initrd bootstrapping works correctly. However when I try to install grub from my booted system, I get the following:

Code:

UB) 2.02~beta3
jasmine cassius # grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id="Funtoo Linux [GRUB]"
Installing for x86_64-efi platform.
File descriptor 3 (/dev/nvme0n1p1) leaked on vgs invocation. Parent PID 4686: grub-install
File descriptor 3 (/dev/nvme0n1p1) leaked on vgs invocation. Parent PID 4686: grub-install
File descriptor 4 (pipe:[5916]) leaked on vgs invocation. Parent PID 4686: grub-install
  Volume group "enc_root" not found
  Cannot process volume group enc_root
File descriptor 3 (/dev/nvme0n1p1) leaked on vgs invocation. Parent PID 4686: grub-install
File descriptor 3 (/dev/nvme0n1p1) leaked on vgs invocation. Parent PID 4686: grub-install
File descriptor 4 (pipe:[5930]) leaked on vgs invocation. Parent PID 4686: grub-install
  Volume group "enc_root" not found
  Cannot process volume group enc_root
grub-install: error: disk `lvm/lvol-root' not found.


And here is
Code:
/etc/default/grub


Code:

GRUB_PRELOAD_MODULES="luks cryptodisk lvm"
GRUB_CMDLINE_LINUX="luks lvm enc_root=/dev/nvme0n1p2 root=/dev/lvol/root rootfstype=ext4"
GRUB_ENABLE_CRYPTODISK=y


*The luks, lvm and enc_root parameters are for https://bitbucket.org/piotrkarbowski/better-initramfs

Why is grub having trouble mapping my LVM? Why does it think my enc_root is an lvm?


Last edited by SumDog on Tue Oct 04, 2016 2:40 pm; edited 1 time in total
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2970
Location: Germany

PostPosted: Tue Oct 04, 2016 9:20 am    Post subject: Reply with quote

What useflags did you build grub with, you might have to add device-mapper or such things. I think we had another thread about that recently and that was it ...
Back to top
View user's profile Send private message
SumDog
n00b
n00b


Joined: 16 Dec 2005
Posts: 17
Location: Chicago, USA

PostPosted: Tue Oct 04, 2016 2:39 pm    Post subject: Reply with quote

frostschutz wrote:
you might have to add device-mapper


That was totally it! I had decided to do a fresh install and try Funtoo this time. If I had used my old Gentoo image, I would have totally avoided this.

Oh well, now I'll remember. :-P

Thanks
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum