Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Kernel panic after moving from initramfs to grub cryptodisk.
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
sedros
n00b
n00b


Joined: 20 Jul 2016
Posts: 3

PostPosted: Mon Jan 30, 2017 9:12 pm    Post subject: Kernel panic after moving from initramfs to grub cryptodisk. Reply with quote

Hi,
My problem started a few days ago when I decided to update my kernel to 4.9.5. When I tried to update grub it informed me that I need to enable GRUB_ENABLE_CRYPTODISK=y to make it decrypt my encrypted drive so I decided that disabling initramfs would simplify my configuration and decided to go for it. I did some tests on VirtualBox and it worked well so I continued with my physical box. When I boot my PC using kernel without initramfs I get kernel panic (not syncing (0,0) type). Funny thing is that if I use exactly the same kernel only with old initramfs enabled it boots normally - I do that using grub command line to boot the system.

I use an SSD drive with gpt and a bios_grub partition as sda1, old /boot as /dev/sda2 (unencrypted), and rootfs as /dev/sda3 (this one is encrypted and no I want to use this as a boot partition).


Did you have a similar issue and would be able to help me with this?
Back to top
View user's profile Send private message
Roman_Gruber
Advocate
Advocate


Joined: 03 Oct 2006
Posts: 3806
Location: Austro Bavaria

PostPosted: Mon Jan 30, 2017 10:29 pm    Post subject: Reply with quote

Quote:
disabling initramfs


nope

--

think as a computer, step by step.

AFAIK luks needs an initramfs. there may be some fancy features of your bootloader, but I stick to the easiest way, and proven way.

You do not need to recreate the initramfs, you can just reuse it. My initramfs is as old as my purchase of this notebook. My installation was moved to this hardware (this gentoo installation is very very old). My kernel is up to date. My microcode is the previous release (I do not think that really matters!)

--

Quote:
Funny thing is that if I use exactly the same kernel only with old initramfs enabled it boots normally


does what it should do.

I do the same for a long time period

--

Quote:
and rootfs as /dev/sda3 (this one is encrypted and no I want to use this as a boot partition).


I recommend that you start reading about how a box boots, how luks works, about init, about kernel mechanics, abuot bootloaders. that should give you enough insights
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2970
Location: Germany

PostPosted: Mon Jan 30, 2017 11:24 pm    Post subject: Reply with quote

If you allow grub to decrypt your luks partition, that merely means giving grub access to encrypted boot partition with encrypted bootloader config, kernels, and initramfs.

It does not mean the device will magically appear unencrypted to the kernel. Once grub loaded the kernel, grub is gone and all it knew about decryption is gone with it as well...

The same is true for filesystems, just because grub can load stuff from an XFS partition, does not mean your kernel will magically be able too if you do not enable the appropriate kernel option.

Thus you still need initramfs, cryptsetup, to give the kernel some means to get the passphrase. If the initramfs is encrypted anyway you could bake the key directly into it so you won't have to enter it twice.

IMHO there is not much point to encrypting /boot - by itself it does not improve security, unless you can also prevent tampering with the bootloader. Which secure boot doesn't really do.
Back to top
View user's profile Send private message
sedros
n00b
n00b


Joined: 20 Jul 2016
Posts: 3

PostPosted: Tue Jan 31, 2017 2:04 pm    Post subject: Reply with quote

Thank you for help, guys. It seems that I had wrong flags on my partitions so grub asked my to enable GRUB_ENABLE_CRYPTODISK=y before issuing grub-install /dev/sda. That led me to a wrong conclusion that initramfs is not longer required. Thanks!
Back to top
View user's profile Send private message
Roman_Gruber
Advocate
Advocate


Joined: 03 Oct 2006
Posts: 3806
Location: Austro Bavaria

PostPosted: Tue Jan 31, 2017 3:45 pm    Post subject: Reply with quote

You do not need to update your bootloader. I still use my bootloader from sysrescuecd, an earlier beta version

You may need to reinstall grub when you swap discs, but thats an uefi limitation (i have to deal with that regularly)

You do not need to update your iniramfs usually ...

I manipulate the boot entries by hand. I handle the boot partitoin myself also, e.g removing older files, updating newer files and such
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum