Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Grub2 can't determine root device with full disk encryption.
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
vistav
n00b
n00b


Joined: 28 Mar 2020
Posts: 4

PostPosted: Sat Mar 28, 2020 9:53 pm    Post subject: Grub2 can't determine root device with full disk encryption. Reply with quote

I'm installing hardened Gentoo on a ThinkPad x200 with full disk encryption.
The x200 has Libreboot flashed with grub as a payload. I haven't followed a
single guide as there wasn't one for my purposes but I've followed most of the
steps from https://wiki.gentoo.org/wiki/Full_Disk_Encryption_From_Scratch_Simplified
and have gone through the handbook up to and including the "Configuring the
bootloader" section. I have a LUKS partition which has a lvm inside with a root
and swap partition.

This is outputted when I try to boot my machine:
Code:
>> Genkernel 4.0.5 (2020-03-26 23:48:27 UTC). Linux kernel 4.19.97-gentoo-gnu
>> Activating mdev ...
>> Loading modules ...
   :: Loading from virtio:
   :: Loading from hyperv:
   :: Loading from nvme:
   :: Loading from sata:
   :: Loading from scsi:
   :: Loading from pata:
   :: Loading from usb:
   :: Loading from firewire:
   :: Loading from waitscan:
   :: Loading from lvm:
   :: Loading from dmraid:
   :: Loading from mdadm:
   :: Loading from fs:
   :: Loading from crypto:
>> Determining root device (trying /dev/mapper/matrix-rootvol) ........
!! Block device /dev/mapper/matrix-rootvol is not a valid root device ...
!! Could not find the root block device in /dev/mapper/matrix-rootvol.
!! Please specify another value or:
!! - press Enter for the same
!! - type "shell" for a shell
!! - type "q" to skip ...
root block device(/dev/mapper/matrix-rootvol) ::

I don't know how to get the full boot logs. This is just the last visible section
that I copied manually.
Here is the output of grub-mkconfig:
Code:
(chroot) livecd / # grub-mkconfig -o /boot/grub/grub.cfg > /mnt/grub-mkconfig.log
Generating grub configuration file ...
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
Found linux image: /boot/vmlinuz-4.19.97-gentoo-gnu
Found initrd image: /boot/initramfs-4.19.97-gentoo-gnu.img
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
done

My fstab:
Code:
# /etc/fstab: static file system information.
#
# noatime turns off atimes for increased performance (atimes normally aren't
# needed); notail increases performance of ReiserFS (at the expense of storage
# efficiency).  It's safe to drop the noatime options if you want and to
# switch between notail / tail freely.
#
# The root filesystem should have a pass number of either 0 or 1.
# All other filesystems should have a pass number of 0 or greater than 1.
#
# See the manpage fstab(5) for more information.
#

# <fs>                  <mountpoint>    <type>          <opts>          <dump/pass>

# NOTE: If your BOOT partition is ReiserFS, add the notail option to opts.
#
# NOTE: Even though we list ext4 as the type here, it will work with ext2/ext3
#       filesystems.  This just tells the kernel to use the ext4 driver.
#
# NOTE: You can use full paths to devices like /dev/sda3, but it is often
#       more reliable to use filesystem labels or UUIDs. See your filesystem
#       documentation for details on setting a label. To obtain the UUID, use
#       the blkid(8) command.

#LABEL=boot             /boot           ext4            noauto,noatime  1 2
#UUID=58e72203-57d1-4497-81ad-97655bd56494              /               ext4            noatime         0 1
#LABEL=swap             none            swap            sw              0 0
#/dev/cdrom             /mnt/cdrom      auto            noauto,ro       0 0

# <fs>
/dev/mapper/matrix-rootvol      /               ext4    noatime                 0       1
/dev/mapper/matrix-swapvol      none            swap    sw                      0       0
# tmps
tmpfs                           /tmp            tmpfs   size=4Gb                0       0
tmpfs                           /run            tmpfs   size=100M               0       0
# shm
shm                             /dev/shm        tmpfs   nodev,nosuid,noexec     0       0

and the output of grub-install:
Code:
(chroot) livecd / # grub-install --boot-directory=/boot/ --modules=lvm luks crypto search_fs_uuid linux --recheck /dev/mapper/matrix-rootvol
Installing for i386-pc platform.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
  WARNING: Failed to connect to lvmetad. Falling back to device scanning.
grub-install: warning: File system `ext2 doesnt support embedding.
grub-install: warning: Embedding is not possible.  GRUB can only be installed in this setup by using blocklists.  However, blocklists are UNRELIABLE and their use is discouraged..
grub-install: error: will not proceed with blocklists.

I'm a little perplexed by this one as I don't have ext2 anywhere.
I want to rely only on the payload grub at the end. I only tried to install grub on my
hhd to see if it'll fix the problem and the output looked interesting so I included it here.

Any help will be greatly appreciated.
Back to top
View user's profile Send private message
fturco
Veteran
Veteran


Joined: 08 Dec 2010
Posts: 1038
Location: Italy

PostPosted: Sun Mar 29, 2020 8:59 am    Post subject: Reply with quote

If I were you I would use UUIDs in /etc/fstab instead of /dev/mapper devices.

Also, can I see the contents of /etc/default/grub and the output of the blkid command, please?
Back to top
View user's profile Send private message
vistav
n00b
n00b


Joined: 28 Mar 2020
Posts: 4

PostPosted: Sun Mar 29, 2020 11:10 am    Post subject: Reply with quote

Using UUIDs to mount things in lvm is not a good idea because snapshots have the same UUID iirc.

/etc/default/grub:
Code:
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
#
# To populate all changes in this file you need to regenerate your
# grub configuration file afterwards:
#     'grub-mkconfig -o /boot/grub/grub.cfg'
#
# See the grub info page for documentation on possible variables and
# their associated values.

GRUB_DISTRIBUTOR="Gentoo"

# Default menu entry
#GRUB_DEFAULT=0

# Boot the default entry this many seconds after the menu is displayed
#GRUB_TIMEOUT=5
#GRUB_TIMEOUT_STYLE=menu

# Append parameters to the linux kernel command line
#GRUB_CMDLINE_LINUX=""
#
# Examples:
#
# Boot with network interface renaming disabled
# GRUB_CMDLINE_LINUX="net.ifnames=0"
#
# Boot with systemd instead of sysvinit (openrc)
# GRUB_CMDLINE_LINUX="init=/usr/lib/systemd/systemd"

# Append parameters to the linux kernel command line for non-recovery entries
#GRUB_CMDLINE_LINUX_DEFAULT=""

# Uncomment to disable graphical terminal (grub-pc only)
#GRUB_TERMINAL=console

# The resolution used on graphical terminal.
# Note that you can use only modes which your graphic card supports via VBE.
# You can see them in real GRUB with the command `vbeinfo'.
#GRUB_GFXMODE=640x480

# Set to 'text' to force the Linux kernel to boot in normal text
# mode, 'keep' to preserve the graphics mode set using
# 'GRUB_GFXMODE', 'WIDTHxHEIGHT'['xDEPTH'] to set a particular
# graphics mode, or a sequence of these separated by commas or
# semicolons to try several modes in sequence.
#GRUB_GFXPAYLOAD_LINUX=

# Path to theme spec txt file.
# The starfield is by default provided with use truetype.
# NOTE: when enabling custom theme, ensure you have required font/etc.
#GRUB_THEME="/boot/grub/themes/starfield/theme.txt"

# Background image used on graphical terminal.
# Can be in various bitmap formats.
#GRUB_BACKGROUND="/boot/grub/mybackground.png"

# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to kernel
#GRUB_DISABLE_LINUX_UUID=true

# Uncomment to disable generation of recovery mode menu entries
#GRUB_DISABLE_RECOVERY=true

# Uncomment to disable generation of the submenu and put all choices on
# the top-level menu.
# Besides the visual affect of no sub menu, this makes navigation of the
# menu easier for a user who can't see the screen.
#GRUB_DISABLE_SUBMENU=y

# Uncomment to play a tone when the main menu is displayed.
# This is useful, for example, to allow users who can't see the screen
# to know when they can make a choice on the menu.
#GRUB_INIT_TUNE="60 800 1"
GRUB_ENABLE_CRYPTODISK=y


blkid output:
Code:
/dev/loop0: TYPE="squashfs"
/dev/sda1: UUID="redactedredactedredactedredactedreda" TYPE="crypto_LUKS" PARTLABEL="primary" PARTUUID="redactedredactedredactedredactedreda"
/dev/sdb1: UUID="redactedredactedredact" LABEL="Gentoo amd64 redactedredacted" TYPE="iso9660" PTUUID="redacted" PTTYPE="dos" PARTUUID="redactedred"
/dev/sdb2: SEC_TYPE="msdos" LABEL_FATBOOT="GENTOOLIVE" LABEL="GENTOOLIVE" UUID="redactedr" TYPE="vfat" PARTUUID="redactedred"
/dev/mapper/lvm: UUID="redactedredactedredactedredactedredact" TYPE="LVM2_member"
/dev/mapper/matrix-swapvol: UUID="redactedredactedredactedredactedreda" TYPE="swap"
/dev/mapper/matrix-rootvol: UUID="redactedredactedredactedredactedreda" TYPE="ext4"
/dev/sda2: PARTLABEL="primary" PARTUUID="redactedredactedredactedredactedreda"

Sorry if I replaced something useful. I just don't want to leave any unique identifiers.
Back to top
View user's profile Send private message
fturco
Veteran
Veteran


Joined: 08 Dec 2010
Posts: 1038
Location: Italy

PostPosted: Sun Mar 29, 2020 11:40 am    Post subject: Reply with quote

It seems you didn't customize the GRUB_CMDLINE_LINUX variable (see this).
Remember to regenerate GRUB's configuration file with the grub-mkconfig command.
Back to top
View user's profile Send private message
vistav
n00b
n00b


Joined: 28 Mar 2020
Posts: 4

PostPosted: Sun Mar 29, 2020 12:52 pm    Post subject: Reply with quote

I added in
Code:
GRUB_CMDLINE_LINUX="dolvm crypt_root=UUID=redactedredactedredactedredactedreda root=/dev/mapper/matrix-rootvol"

where the UUID is that from /dev/sda1 in which LUKS is set up.
I tried booting and I got a different error:
Code:
...
   :: Loading from crypto:
>> Scanning for volume groups ...
  Reading all physical volumes. This may take a while...
>> Activating volume groups ...
Enter passphrase for /dev/sda1:
device-mapper: reload ioctl on   failed: Invalid argument
!! Failed to open LUKS device /dev/sda1
!! Could not find the root in /dev/sda1.
!! Please specify another value or:
!! - press Enter for the same
!! - type "shell" for a shell
!! - type "q" to skip ...
root (/dev/sda1) ::

I get the same error if I try to open LUKS manually:
Code:
rescueshell / # cryptsetup luksOpen /dev/sda1 lvm
Enter passphrase for /dev/sda1:
device-mapper: reload ioctl on   failed: Invalid argument
Back to top
View user's profile Send private message
fturco
Veteran
Veteran


Joined: 08 Dec 2010
Posts: 1038
Location: Italy

PostPosted: Sun Mar 29, 2020 1:47 pm    Post subject: Reply with quote

Did you enable all required algorithms/ciphers in the kernel? You can know which one you need with the following command:
Code:
cryptsetup luksDump /dev/sda1

Look for something like:
Code:
Cipher:     aes-xts-plain64

Or:
Code:
Hash:       sha256

Then enable the corresponding kernel options (see the "Cryptographic API" section in make menuconfig).
For example in my case I need to enable the CONFIG_CRYPTO_AES, CONFIG_CRYPTO_XTS, and CONFIG_CRYPTO_SHA256 options.
Back to top
View user's profile Send private message
vistav
n00b
n00b


Joined: 28 Mar 2020
Posts: 4

PostPosted: Mon Mar 30, 2020 7:18 am    Post subject: Reply with quote

Here is the relevant output of luksDump:
Code:
LUKS header information for /dev/sda1

Version:          1
Cipher name:      serpent
Cipher mode:      xts-plain64
Hash spec:        whirlpool
Payload offset:   4096
MK bits:          512

I enabled CONFIG_CRYPTO_XTS, CONFIG_CRYPTO_WP512 and CONFIG_CRYPTO_SERPENT in
the kernel config and recompiled it but the error persists.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum