update-initramfs not generating working initrd for encrypted lvm

Bug #1000569 reported by Julian Rüger on 2012-05-17
28
This bug affects 6 people
Affects Status Importance Assigned to Milestone
Linux Mint
New
Undecided
Unassigned

Bug Description

When I set up my LMDE UP4 with luks-encrypted LVM, using the usual method that was working fine on Ubuntu and Ubuntu-based Mint, it failed to unlock the encrypted partition and dropped me to a busybox.

Steps to reproduce:

Inside a live-DVD or usb session, apt-get install cryptsetup and lvm2, partition the hard drive with a /boot partition (200MiB, ext4) and a luks-encrypted partition for the rest of the space.

# cryptsetup -c aes-xts-plain -s 512 luksFormat /dev/sda2
# cryptsetup luksOpen /dev/sda2 lvm

# pvcreate /dev/mapper/lvm
# vgcreate mintvg /dev/mapper/lvm

Create logical volumes for root, swap and home, format them (I used ext4 for / and reiser for /home).

# mount /dev/mapper/mintvg-root /mnt
# mount /dev/sda1 /mnt/boot
# mount /dev/mapper/mintvg-home /mnt/home

I had a default, "vanilla" installation of LMDE on another hard-drive and rsync'ed everything into place, but there are various methods, it should not make a difference in the end.

# mount -o rbind /dev /mnt/dev
# mount -t proc proc /mnt/proc
# mount -t sysfs sys /mnt/sys
# cp /etc/resolv.conf /mnt/etc/resolv.conf
# chroot /mnt

Inside chroot:
# apt-get install cryptsetup lvm2

Edit /etc/fstab to use /dev/mapper/mintvg-* for the respective partitions.

# echo "lvm UUID=XX_your_uuid_here_XX none luks" >> /etc/crypttab
# echo "dm-crypt" >> /etc/modules

Make sure all needed modules will be built into the initrd (not all of them are actually needed, but just to be on the safe side):

# echo "aes" >> /etc/initramfs-tools/modules
# echo "aes_x86_64" >> /etc/initramfs-tools/modules
# echo "aes_generic" >> /etc/initramfs-tools/modules
# echo "dm-crypt" >> /etc/initramfs-tools/modules
# echo "dm-mod" >> /etc/initramfs-tools/modules
# echo "sha256" >> /etc/initramfs-tools/modules
# echo "sha256_generic" >> /etc/initramfs-tools/modules
# echo "lrw" >> /etc/initramfs-tools/modules
# echo "xts" >> /etc/initramfs-tools/modules
# echo "crypto_blkcipher" >> /etc/initramfs-tools/modules
# echo "gf128mul" >> /etc/initramfs-tools/modules

Build the new initrd:

# update-initramfs -u -k all

And finally update grub:

# update-grub
# grub-install /dev/sda

Sync, unmount everything, reboot.

At this point we would have a working system on Ubuntu or Ubuntu-based Mint, depending on the version there may be a few hiccups here and there, but mostly it should prompt for our password, unlock the encrypted lvm, create the nodes for the logical volumes in /dev/mapper, mount our root-fs and boot up fine.

With LMDE however, there are a few cosmetic errors about not being able to load kernel-modules (these also appear on my now working system, so I suppose they don't really matter), followed by an error saying the lvm could not be found:

>Volume group "mintvg" not found
>Skipping volume group mintvg
>Unable to find LVM volume mintvg-root

and something like "unable to mount root-fs" -> busybox.
(I can reproduce this on another box next week, if you really need more detailed output).

### WORKAROUND: ###

I finally got it working by booting up the live-media again, mount, set up the chroot as described above and then doing:

# cp /usr/share/initramfs-tools/hooks/cryptroot /etc/initramfs-tools/hooks/cryptroot
# cp /usr/share/initramfs-tools/scripts/local-top/cryptroot /etc/initramfs-tools/scripts/local-top/cryptroot
# echo "CRYPTOPTS=target=lvm,source=UUID=XX_your_uuid_here_XX,lvm=mintvg-root" > /etc/initramfs-tools/conf.d/cryptroot

If you don't remove /etc/crypttab after this, it will set up your lvm correctly but still keep asking for the password to unlock the encrypted container, even though it _is_ already unlocked (after a lot of annoying repetitions, you can just hit enter without actually entering the password, it will boot successfully)
# rm /etc/crypttab

# update-initramfs -u -k all

And, just to make sure:

# update-grub
# grub-install /dev/sda

Done. We still get a lot of errors and warnings on boot, but all in all, everything is working now.

Many thanks to UnrealMiniMe for this workaround:
http://forums.linuxmint.com/viewtopic.php?f=189&t=83763

Julian Rüger (jr98) wrote :

Sorry, forgot to mention that I used the 64-bit version.

malenki (x-launchpad-r) wrote :

Today, the 27th September 2015 Anno Domini – about three years after you reported this issue (3,5 years after the linuxmint forum thread you posted) – I was troubled by it, too.
Thank you for posting the resolution, too.
Additionally, I want to mention that I had also an issue with Grub. Maybe it was by an initial faulty editing of mine, but fwiw I want to post the line here, too:
in /etc/default/grub
GRUB_CMDLINE_LINUX="cryptopts=target=$Crypted_Volume_Group,source=/dev/sda2,lvm=$Crypted_Volume_Group"

(sda2 is the location of $Crypted_Volume_Group)

hth

malenki (x-launchpad-r) wrote :

PS: with me, it is also 64bit

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers