LVM Ontop of LUKS using Grub
Solution 1
Your problem seems to be in the difference of :crypt
as volume group for /dev/sdb2
and using lvmpool-
as volumegroup name as parameter for root.
GRUB_CMDLINE_LINUX="root=/dev/mapper/lvmpool-root cryptdevice=/dev/sdb2:crypt ro"
The example here:
cryptdevice=/dev/partition:MyStorage root=/dev/mapper/MyStorage-rootvol
has matching :MyStorage
and MyStorage-
. That page specifically targets grub
(and not Syslinux), with LVM on top of LUKS. So I would follow that set up.
That you have an extra, not encrypted partition, doesn't matter.
Solution 2
Thank you Anthon for your answer above, it greatly contributed to solving my problem.
It seems the solution to my issue was two parts.
- The entry in /etc/default/grub, for me should read:
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdb2:lvmpool root=/dev/mapper/lvmpool-root"
cryptdevice consists of the partition you applied the encryption too, in my case /dev/sdb2 and lvmpool (my volume group)
root is simply pointing to the location of my encrypted root lvmpool (which is located on sdb2)
- After that entry is made (and this was a key mistake for me) you must run:
grub-mkconfig -o /boot/grub/grub.cfg
After I did that, the system booted straight into the prompt to unlock the root partition.
Cyberpsychosis
Updated on September 18, 2022Comments
-
Cyberpsychosis over 1 year
What am I trying to do?
Install Arch with full system encryption (sans boot and media partition) using LVM on top of LUKS on an external hard drive (sdb) using: http://suddenkernelpanic.blogspot.com/2013/03/arch-linux-lvm-on-top-of-luks-2013-style.html
What is my problem:
System boots grub and it appears there is some confusion on where to find root
Error: Device 'uuid=f7153c4b-e6ea-48a2-9ee1-bf38c037173d' not found. skipping fsck
Error: Unable to find root device 'uuid=f7153c4b-e6ea-48a2-9ee1-bf38c037173d'
Where I deviated from this tutorial
-
I used Grub Instead of Syslinux as the tutorial suggests (This seems to be the crux) and it's really hazy on the solution for Grub
-
My partition scheme consists of an extra FAT32 partition that is not involved in the encryption (seems irrelevant to the issue)
Issues on /etc/default/grub:
(I feel like this is where the issue is)
From what I've read I need to update a couple of places in this file specifically:
GRUB_CMDLINE_LINUX="root=/dev/mapper/lvmpool-root cryptdevice=/dev/sdb2:crypt ro"
and I'm supposed to uncomment:
GRUB_DISABLE_LINUX_UUID=true
Issues on
/etc/mkinitcpio.conf
I'm supposed to add the hooks as follows
HOOKS="... encrypt lvm2 ... filesystems ..."
Here's my fstab entry for root
<filesystem> /dev/mapper/lvmpool-root UUID=f7153c4b-e6ea-48a2-9ee1-bf38c037173d / ext4 rw,relatime,data=ordered 0 1
Current Work-Around
I can still use the system because after it errors out, it drops me into a recovery shell, at which type I can simply do a:
cryptsetup luksOpen /dev/sdb2 crypt enter password
Then exit recovery shell and it drops me back into a normal arch login prompt. This wouldn't be so bad, if it weren't so time consuming... (Takes forever to error out on boot, like 20 seconds)
Other Resources I tried
I have also used:
-
wiki.archlinux.org/index.php/Beginners%27_guide
-
wiki.archlinux.org/index.php/Gr … encryption
-
wiki.archlinux.org/index.php/Dm … oot_loader
-
wiki.archlinux.org/index.php/Dm … VM_on_LUKS
-
-
Anthon over 9 yearsIn "Preparing the logical volumes" it says that MyStorage is the Volume Group and rootvol the Logical Volume