Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Automatic unlocking of encrypted partition at boot
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
nitro322
Guru
Guru


Joined: 24 Jul 2002
Posts: 562
Location: USA

PostPosted: Wed Jul 25, 2012 6:58 pm    Post subject: Automatic unlocking of encrypted partition at boot Reply with quote

(Not 100% sure this belongs in the installation forum, but technically this was setup during a fresh installation, so I guess it fits here as well as anywhere else. Feel free to move some place more appropriate, though.)

I managed to get partition encryption mostly working by following various howtos on the internet. Here's my drive setup:

/dev/sda1 - boot
/dev/sda2 - encrypted using dm-crypt/cryptsetup/luks

The encrypted partition contains an LVM volume group w/ the following volumes:

/dev/lvm/root
/dev/lvm/home
/dev/lvm/swap

I'm using grub2 for my boot manager, booting using bios/msdos rather than gpt/uefi, and using genkernel to generate initramfs (though I configured/compiled the kernel manually).

So like I said, this mostly works. I boot, hit grub, start booting... and the kernel chokes and prompts me for the root partition. I can then drop into a rescue shell and run the following:

cryptsetup luksOpen /dev/sda2 vault
lvm vgscan
lvm vgchange -ay

Then, exit the shell and supply /dev/mapper/lvm-root to the kernel and it'll happily finish booting. So, all the individual pieces I need to make this work are there, but I'm missing that last, critical automation step.

Can anyone provide some guidance on how to get this working automatically w/ grub2 and, preferrably, using genkernel? As mentioned, I've found several howtos on the subject, some quite well documented, but they all differ in subtle ways (grub1 vs. grub2, encrypted LVM volumes vs. encrypted partitions, dm-crypt vs. encfs, vs. a bunch of others, etc.), and I've not found any that completely matches my setup. The final bootloader configuration seems to be highly dependent on which combination of methods you chose to implement this, and I haven't had any luck stringing together the reight sequence of grub2 options to make this work. I'm not even sure if grub2 can handle it by itself, but I don't see why not.

So, any pointers? I'd greatly appreciate any assistance. In the meantime, I'm just suspending my laptop everytime I leave so I don't have to reboot. :-)
_________________
http://www.legroom.net/
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13845

PostPosted: Thu Jul 26, 2012 1:08 am    Post subject: Reply with quote

Grub2 cannot handle this, nor should it. Your initramfs is responsible for unlocking the container, activating the LVM inside it, and then mounting root. The bootloader is not involved in this.
Back to top
View user's profile Send private message
nitro322
Guru
Guru


Joined: 24 Jul 2002
Posts: 562
Location: USA

PostPosted: Thu Jul 26, 2012 1:37 am    Post subject: Reply with quote

OK, that's fine. Can you suggest how to make that actually work, though? I built it with "genkernel --lvm --luks --all-ramdisk-modules --install initramfs" and also poked around through the config file to see if there were any other related settings I missed, but I haven't found anything.

Thanks.
_________________
http://www.legroom.net/
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Thu Jul 26, 2012 6:10 pm    Post subject: Reply with quote

nitro322 ...

I'm not familair with genkernel but are you passing 'crypt_root=/dev/sda2' and 'real_root=/dev/lvm/root' via kernel parameters?

best ... khay
Back to top
View user's profile Send private message
nitro322
Guru
Guru


Joined: 24 Jul 2002
Posts: 562
Location: USA

PostPosted: Thu Jul 26, 2012 8:38 pm    Post subject: Reply with quote

I am not. Sounds like that'd be pretty helpful, though. Will try it as soon as I get home.

Thanks for the suggestion. Will let you know how it goes.
_________________
http://www.legroom.net/
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13845

PostPosted: Thu Jul 26, 2012 10:32 pm    Post subject: Reply with quote

I use a handwritten initramfs script, so I cannot comment on how to make genkernel do the right thing here.
Back to top
View user's profile Send private message
nitro322
Guru
Guru


Joined: 24 Jul 2002
Posts: 562
Location: USA

PostPosted: Thu Jul 26, 2012 11:16 pm    Post subject: Reply with quote

I have a bad habit of hand-editing too much stuff. Was trying to avoid as much of that as possible this time around, try something a little different. :-)

khayyam's suggestion did the trick. Thanks! For anyone else that may run into this, the magic grub arguments ended up being:

Code:
noload=scsi_wait_scan doload=xts dolvm crypt_root=/dev/sda2 real_root=/dev/mapper/lvm-root


Thanks to everyone for the suggestions.
_________________
http://www.legroom.net/
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum