update-initramfs not generating working initrd for encrypted lvm
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Linux Mint |
New
|
Undecided
|
Unassigned | ||
Bug Description
When I set up my LMDE UP4 with luks-encrypted LVM, using the usual method that was working fine on Ubuntu and Ubuntu-based Mint, it failed to unlock the encrypted partition and dropped me to a busybox.
Steps to reproduce:
Inside a live-DVD or usb session, apt-get install cryptsetup and lvm2, partition the hard drive with a /boot partition (200MiB, ext4) and a luks-encrypted partition for the rest of the space.
# cryptsetup -c aes-xts-plain -s 512 luksFormat /dev/sda2
# cryptsetup luksOpen /dev/sda2 lvm
# pvcreate /dev/mapper/lvm
# vgcreate mintvg /dev/mapper/lvm
Create logical volumes for root, swap and home, format them (I used ext4 for / and reiser for /home).
# mount /dev/mapper/
# mount /dev/sda1 /mnt/boot
# mount /dev/mapper/
I had a default, "vanilla" installation of LMDE on another hard-drive and rsync'ed everything into place, but there are various methods, it should not make a difference in the end.
# mount -o rbind /dev /mnt/dev
# mount -t proc proc /mnt/proc
# mount -t sysfs sys /mnt/sys
# cp /etc/resolv.conf /mnt/etc/
# chroot /mnt
Inside chroot:
# apt-get install cryptsetup lvm2
Edit /etc/fstab to use /dev/mapper/
# echo "lvm UUID=XX_
# echo "dm-crypt" >> /etc/modules
Make sure all needed modules will be built into the initrd (not all of them are actually needed, but just to be on the safe side):
# echo "aes" >> /etc/initramfs-
# echo "aes_x86_64" >> /etc/initramfs-
# echo "aes_generic" >> /etc/initramfs-
# echo "dm-crypt" >> /etc/initramfs-
# echo "dm-mod" >> /etc/initramfs-
# echo "sha256" >> /etc/initramfs-
# echo "sha256_generic" >> /etc/initramfs-
# echo "lrw" >> /etc/initramfs-
# echo "xts" >> /etc/initramfs-
# echo "crypto_blkcipher" >> /etc/initramfs-
# echo "gf128mul" >> /etc/initramfs-
Build the new initrd:
# update-initramfs -u -k all
And finally update grub:
# update-grub
# grub-install /dev/sda
Sync, unmount everything, reboot.
At this point we would have a working system on Ubuntu or Ubuntu-based Mint, depending on the version there may be a few hiccups here and there, but mostly it should prompt for our password, unlock the encrypted lvm, create the nodes for the logical volumes in /dev/mapper, mount our root-fs and boot up fine.
With LMDE however, there are a few cosmetic errors about not being able to load kernel-modules (these also appear on my now working system, so I suppose they don't really matter), followed by an error saying the lvm could not be found:
>Volume group "mintvg" not found
>Skipping volume group mintvg
>Unable to find LVM volume mintvg-root
and something like "unable to mount root-fs" -> busybox.
(I can reproduce this on another box next week, if you really need more detailed output).
### WORKAROUND: ###
I finally got it working by booting up the live-media again, mount, set up the chroot as described above and then doing:
# cp /usr/share/
# cp /usr/share/
# echo "CRYPTOPTS=
If you don't remove /etc/crypttab after this, it will set up your lvm correctly but still keep asking for the password to unlock the encrypted container, even though it _is_ already unlocked (after a lot of annoying repetitions, you can just hit enter without actually entering the password, it will boot successfully)
# rm /etc/crypttab
# update-initramfs -u -k all
And, just to make sure:
# update-grub
# grub-install /dev/sda
Done. We still get a lot of errors and warnings on boot, but all in all, everything is working now.
Many thanks to UnrealMiniMe for this workaround:
http://
| Julian Rüger (jr98) wrote | #1 |
| malenki (x-launchpad-r) wrote | #2 |
| malenki (x-launchpad-r) wrote | #3 |
Sorry, forgot to mention that I used the 64-bit version.