| 1 |
On Thu, Dec 31, 2015 at 10:38:45AM +1000, Hans wrote: |
| 2 |
> I have a working VM with Gentoo on LVM on top of LUKS. Works fine in |
| 3 |
> change root, Just can't get it to boot. Probably somewhere missed |
| 4 |
> something. Will start from scratch using your 10 steps with dracut |
| 5 |
> instead of genkernel. |
| 6 |
|
| 7 |
I just tried the steps and indeed I forgot to mention a couple of things. |
| 8 |
|
| 9 |
You should generate the initramfs with dracut before you run |
| 10 |
grub2-mkconfig - that way grub will find the initramfs. |
| 11 |
|
| 12 |
The other issue is that of naming the root partition on the kernel |
| 13 |
cmdline. When you open the luks partition using `cryptsetup open` you |
| 14 |
give it a device-mapper name. In some cases grub will save this name in |
| 15 |
grub.cfg. So grub's kernel cmdline would contain e.g. |
| 16 |
|
| 17 |
root=/dev/mapper/crypto |
| 18 |
|
| 19 |
dracut will by default open the luks partition with a name of the form |
| 20 |
luks-<uuid>. This mismatch will prevent root from mounting. |
| 21 |
|
| 22 |
To overcome this and guarantee a predictable name add an /etc/crypttab |
| 23 |
entry of the form |
| 24 |
|
| 25 |
<name> UUID=<uuid> |
| 26 |
|
| 27 |
then generate the initramfs with dracut again, and it will copy this file |
| 28 |
and use it to name the luks partition upon opening. Just make sure you use |
| 29 |
the same name during installation and in crypttab - this is not mandatory |
| 30 |
but it makes things easier. |
| 31 |
|
| 32 |
Howver, sometimes grub will generate a cmdline entry of the form |
| 33 |
`root=UUID=<uuid>` if it finds an initramfs which will prevent this issue. |
| 34 |
Also remember that there are two things: the uuid of the encrypted luks |
| 35 |
partition (this needs to go in crypttab), and the uuid of the decrypted |
| 36 |
partition inside luks (this needs to go in fstab and the root cmdline). |
| 37 |
|
| 38 |
Just make sure everything is consistent. |
Archives