1 |
On Thu, Dec 31, 2015 at 10:38:45AM +1000, Hans wrote: |
2 |
> I have a working VM with Gentoo on LVM on top of LUKS. Works fine in |
3 |
> change root, Just can't get it to boot. Probably somewhere missed |
4 |
> something. Will start from scratch using your 10 steps with dracut |
5 |
> instead of genkernel. |
6 |
|
7 |
I just tried the steps and indeed I forgot to mention a couple of things. |
8 |
|
9 |
You should generate the initramfs with dracut before you run |
10 |
grub2-mkconfig - that way grub will find the initramfs. |
11 |
|
12 |
The other issue is that of naming the root partition on the kernel |
13 |
cmdline. When you open the luks partition using `cryptsetup open` you |
14 |
give it a device-mapper name. In some cases grub will save this name in |
15 |
grub.cfg. So grub's kernel cmdline would contain e.g. |
16 |
|
17 |
root=/dev/mapper/crypto |
18 |
|
19 |
dracut will by default open the luks partition with a name of the form |
20 |
luks-<uuid>. This mismatch will prevent root from mounting. |
21 |
|
22 |
To overcome this and guarantee a predictable name add an /etc/crypttab |
23 |
entry of the form |
24 |
|
25 |
<name> UUID=<uuid> |
26 |
|
27 |
then generate the initramfs with dracut again, and it will copy this file |
28 |
and use it to name the luks partition upon opening. Just make sure you use |
29 |
the same name during installation and in crypttab - this is not mandatory |
30 |
but it makes things easier. |
31 |
|
32 |
Howver, sometimes grub will generate a cmdline entry of the form |
33 |
`root=UUID=<uuid>` if it finds an initramfs which will prevent this issue. |
34 |
Also remember that there are two things: the uuid of the encrypted luks |
35 |
partition (this needs to go in crypttab), and the uuid of the decrypted |
36 |
partition inside luks (this needs to go in fstab and the root cmdline). |
37 |
|
38 |
Just make sure everything is consistent. |