6

I'm using common "pattern" well known as LVM on LUKS. I have /dev/sda1 which is used for /boot and /dev/sda2 which is dm-crypted partition (default aes-sha512-xts). There are two lvm partitions: one for swap and one for root.

The problem is that the most guides (from gentoo and arch wikies) are telling just to add "cryptdevice", without specifying place it should be put in or giving representative example (full length working example). All I found was just parts of code which clarified nothing.

I'm a bit exausted trying different configurations. So thats why I'm asking you.

Grub.cfg image here: 3 images on imgur

UPDATE :

After some searching I've used crypt_root=… real_root=… instrad of root=… (also I added some line to /etc/default/grub)

Now when loading it asks me to type a passphrase, but after opening it thinks that /dev/mapper/root (which is default name for crypt_root) is not valid (of course it is not).

Using shell I listed contents of /dev/mapper/ and I found that there are no LVM partitions. So that mean, that I need somehow to tell grub to also dolvm explisitly.

user8896663
  • 71
  • 1
  • 3

1 Answers1

1

First off boot off the install media and chroot into the LUKs LVM.

In the file /etc/default/grub you will want to make sure the following line exists

GRUB_CMDLINE_LINUX="dolvm crypt_root=UUID=6a7a642a-3262-4f87-9540-bcd53969343b root=/dev/mapper/vg0-root"

The two things you will want to set here is the 'crypt_root' and 'root' options. You should not need a real_root option (typically)

The crypt_root should be the LVM, in this example above you can see blkid(below) that that UUID maps to /dev/sda3, in this example. 

(chroot) root@localhost:/#blkid
/dev/sdb3: UUID="6a7a642a-3262-4f87-9540-bcd53969343b" TYPE="crypto_LUKS" PARTLABEL="lvm" PARTUUID="be8e6694-b39c-4d2f-9f42-7ca455fdd64f"

Then for the root option you will want to put in the LVM mapper device node to the root partition.

The following guide covers this quite well:

https://wiki.gentoo.org/wiki/Full_Disk_Encryption_From_Scratch_Simplified#install_GRUB2

Citizen Kepler
  • 139
  • 5
  • What do you mean `chroot into the LUKs LVM`?`There are 3 partitions. The last one has the `/etc` folder, so changing anything inside it will not have any effect. My system is stuck in the grub because it doesn't know it needs to decrypt the 3rd partition before booting from it. The other two partitions are the EFI ones. They do have grub.cfg files, but they aren't exactly obvious to work with. – CoderGuy123 Sep 29 '21 at 23:22
  • @CoderGuy123 If you manually decrypt the partitions in a LiveCD, and mount them in a temporary directory such as /mnt/Gentoo or /mnt/Debian with the other filesystems mounted inside the root directory (i.e./mnt/Debian/etc ) Then you can chroot into the system, and it will act as you booted into the system. A chroot helps do repair work. Gentoo has a chroot guide, and you need to replace the mount commands for the LUKs commands. https://wiki.gentoo.org/wiki/Chroot – Citizen Kepler Nov 15 '21 at 17:58