[SOLVED] Cannot boot on fully encrypted system (Mageia 6)

This forum is dedicated to advanced help and support :

Ask here your questions about advanced usage of Mageia. For example you may post here all your questions about network and automated installs, complex server configurations, kernel tuning, creating your own Mageia mirrors, and all tasks likely to be touchy even for skilled users.

[SOLVED] Cannot boot on fully encrypted system (Mageia 6)

Postby dude » Jan 1st, '18, 21:47

After I re-installed Mageia 6 as a fully encrypted system, I cannot boot it anymore. I have separate /boot, root, /home and swap partitions. All partitions are formatted with btrfs. After starting up, I am prompted for the password to unlock the encrypted root, home and swap partitions. After that, the system tries to locate the swap partition, finally resulting in these messages:

Code: Select all
dracut: Scanning all btrfs devices
dracut Warning: Could not boot.
dracut Warning: /dev/disk/by-uuid/344b61f3-8c29-4ce6-8404-16868ea6b117 does not exist
dracut Warning: /dev/mapper/crypt_sda7 does not exist


I have attached the rdsosreport.txt file that dracut created upon boot failure. Here's the output of blkid:
Code: Select all
/dev/sda1: UUID="edb7622d-bf28-40a9-8a5b-5187dcf063c0" UUID_SUB="0a0b5769-c665-4c8f-b6e1-63759d0baf1c" TYPE="btrfs" PARTUUID="76a48d21-01"
/dev/sda5: UUID="b88a0a6e-7764-4b9e-8ca6-e8988caee590" TYPE="crypto_LUKS" PARTUUID="76a48d21-05"
/dev/sda6: UUID="22e2eaa4-f81b-42d3-9ad0-40c78e82057b" TYPE="crypto_LUKS" PARTUUID="76a48d21-06"
/dev/sda7: UUID="66da5532-2772-435b-b90d-7af535bcf311" TYPE="crypto_LUKS" PARTUUID="76a48d21-07"
/dev/mapper/luks-b88a0a6e-7764-4b9e-8ca6-e8988caee590: UUID="34055801-4757-4cc6-a677-a9f3437c5958" UUID_SUB="91f44aa8-ea5d-4fb6-ac96-90a150e24d7c" TYPE="btrfs"


Here's the contents of /etc/fstab:
Code: Select all
/dev/mapper/crypt_sda5 / btrfs noatime 0 0
# Entry for /dev/sda1 :
UUID=edb7622d-bf28-40a9-8a5b-5187dcf063c0 /boot btrfs noatime 1 2
/dev/mapper/crypt_sda6 /home btrfs noatime 0 0
none /proc proc defaults 0 0
/dev/mapper/crypt_sda7 swap swap noatime 0 0


From the attached log file created by dracut, it seems that the system cannot find my swap partition (crypt_sda7). The encryption key is correct.

What is different from the - also fully encrypted - Mageia 6 system I had before is that I re-formatted the disk, and switched the positions of /home and swap partitions. I have tried reinstalling several times, also with ext4 as file system, and I have also deleted all partitions and reformatted inbetween, but to no avail. I used the classic installation medium (64-bit) on a Lenovo Thinkpad T540p with a Toshiba SSD.

I hope someone can help me out. The UUID of the crypt_sda7 partition that dracut is looking for does not appear in neither /etc/fstab nor blkid, while the dracut luksOpen command (see attached file) of the swap (sda7) partition matches the UUID in /etc/fstab.
Attachments
rdsosreport.txt
Log file created by dracut upon boot failure.
(48.9 KiB) Downloaded 16 times
Last edited by dude on Feb 11th, '18, 18:12, edited 1 time in total.
dude
 
Posts: 10
Joined: Feb 17th, '16, 23:49

Re: Cannot boot on fully encrypted system (Mageia 6)

Postby doktor5000 » Jan 1st, '18, 23:32

You would need to updated the UUID of the swap device in the bootloader configuration, it should be OK to temporarily replace the UUID 344b61f3-8c29-4ce6-8404-16868ea6b117 by sda7 unless you also chose to encrypt it. Then you would need to add it to /etc/crypttab and you would need to regenerate all initrds afterwards via e.g. dracut --force.
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 14320
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: Cannot boot on fully encrypted system (Mageia 6)

Postby dude » Jan 2nd, '18, 10:41

Dear doktor5000

The /etc/crypttab seems correct to me, I did not change anything:
Code: Select all
crypt_sda5 UUID=b88a0a6e-7764-4b9e-8ca6-e8988caee590
crypt_sda6 UUID=22e2eaa4-f81b-42d3-9ad0-40c78e82057b
crypt_sda7 UUID=66da5532-2772-435b-b90d-7af535bcf311


Swap is indeed encrypted (crypt_sda7). The UUID you quoted, which the system looks for during boot, does not appear in either /etc/fstab, /etc/crypttab or blkid. I have attached the /boot/grub2/grub.cfg file. It's not there, either. The swap entry ("resume=/dev/mapper/crypt_sda7") seems alright, from what you described I should do. Thanks very much for your fast help!
dude
 
Posts: 10
Joined: Feb 17th, '16, 23:49

Re: Cannot boot on fully encrypted system (Mageia 6)

Postby doktor5000 » Jan 2nd, '18, 19:01

doktor5000 wrote: and you would need to regenerate all initrds afterwards via e.g. dracut --force.


If you extract your currently used initrd, and grep for the UUID 344b61f3-8c29-4ce6-8404-16868ea6b117 you will see where it is currently stored.
I bet it's in etc/dracut.conf.d/51-mageia-resume.conf, see e.g. viewtopic.php?f=15&t=9646 and maybe viewtopic.php?p=53329#p53329
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 14320
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: Cannot boot on fully encrypted system (Mageia 6)

Postby dude » Jan 3rd, '18, 17:39

Contents of /etc/dracut.conf.d/51-mageia-resume.conf:
Code: Select all
add_device+="/dev/mapper/crypt_sda7"


lsinitrd /run/media/live/edb7622d-bf28-40a9-8a5b-5187dcf063c0/initrd-4.9.56-desktop-1.mga6.img | grep -e 344b61f3
Code: Select all
-rw-r--r--   1 root     root          146 Dec 30 11:43 usr/lib/dracut/hooks/emergency/80-\\x2fdev\\x2fdisk\\x2fby-uuid\\x2f344b61f3-8c29-4ce6-8404-16868ea6b117.sh
-rw-r--r--   1 root     root           64 Dec 30 11:43 usr/lib/dracut/hooks/initqueue/finished/devexists-\\x2fdev\\x2fdisk\\x2fby-uuid\\x2f344b61f3-8c29-4ce6-8404-16868ea6b117.sh



lsblk -fl
Code: Select all
NAME                                      FSTYPE      LABEL                   UUID                                 MOUNTPOINT
sda                                                                                                               
sda2                                                                                                               
sda7                                      crypto_LUKS                         66da5532-2772-435b-b90d-7af535bcf311
sda5                                      crypto_LUKS                         b88a0a6e-7764-4b9e-8ca6-e8988caee590
luks-b88a0a6e-7764-4b9e-8ca6-e8988caee590 btrfs                               34055801-4757-4cc6-a677-a9f3437c5958 /run/media/live/34055801-4757-4cc6-a677-a9f3437c5958
sda1                                      btrfs                               edb7622d-bf28-40a9-8a5b-5187dcf063c0 /run/media/live/edb7622d-bf28-40a9-8a5b-5187dcf063c0
sda6                                      crypto_LUKS                         22e2eaa4-f81b-42d3-9ad0-40c78e82057b


Unfortunately, I am not an expert, so I do not know what the hooks in the output of lsinitrd try to tell me.

I haven't yet tried to regenerate the initrds, but I suppose I should do this in a live session using chroot, is that correct?
dude
 
Posts: 10
Joined: Feb 17th, '16, 23:49

Re: Cannot boot on fully encrypted system (Mageia 6)

Postby doktor5000 » Jan 3rd, '18, 19:27

dude wrote:I haven't yet tried to regenerate the initrds, but I suppose I should do this in a live session using chroot, is that correct?

Exactly, this should be done in the running system.


Going through your logs again, you should be able to get further with the boot by editing your bootloader entry with "e" and removing the resume= stanza from there.
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 14320
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: Cannot boot on fully encrypted system (Mageia 6)

Postby dude » Jan 4th, '18, 15:38

I followed your advice and the instructions in this thread: http://www.mageialinux-online.org/wiki/ ... d-not-boot
I regenerated the initrds and afterwards removed the "resume=..." part from the grub.cfg file.

I can again boot the system. Great! One problem remains (may be unrelated, though): suddenly my keyboard layout is English (US). Do you have some advice on how to change the layout? It has not been like this before, only after regenerating the initrds, I believe.

Two things I want to point out:
1.) If you have an encrypted root partition, you must mount the separate /boot-partition - this is not described explicitly in the thread mentioned above, but follows the same pattern:
Code: Select all
mount /dev/sda1 /mnt/chroot/boot

This must be done after mounting the root partition. Of course, you must also unmount the /boot-partition when finished.

2.) I had to use
Code: Select all
dracut --regenerate-all -force

instead of dracut -f. The latter command only regenerated the kernel of the running live system.
dude
 
Posts: 10
Joined: Feb 17th, '16, 23:49

Re: Cannot boot on fully encrypted system (Mageia 6)

Postby dude » Jan 4th, '18, 15:44

I think this whole problem is not specific to an encrypted system, as the thread's title suggests, while some of the steps in debugging and the solution are slightly different for fully encrypted systems. Probably, a change of the title is appropriate, before being marked as solved. Thanks for your help, doktor5000!
dude
 
Posts: 10
Joined: Feb 17th, '16, 23:49

Re: Cannot boot on fully encrypted system (Mageia 6)

Postby doktor5000 » Jan 4th, '18, 16:00

dude wrote:One problem remains (may be unrelated, though): suddenly my keyboard layout is English (US). Do you have some advice on how to change the layout?

Keyboard layout where? In an X session or before in a tty session? Check what localectl output says, and compare that to the etc/locale.conf in the initrd and also to the values in the bootloader config.

dude wrote:1.) If you have an encrypted root partition, you must mount the separate /boot-partition - this is not described explicitly in the thread mentioned above

Well, it's more like if you have a separate /boot partition, then you must also mount that, this seems pretty obvious, no? This is not specific to encrypted systems, although it's more common there.
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 14320
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: Cannot boot on fully encrypted system (Mageia 6)

Postby dude » Jan 4th, '18, 16:30

Sorry, I meant the keyboard layout during the boot process - when I need to type the passphrase to unlock the encrypted device.
You are right, of course, it's the separate boot partition, not the encryption... :)
dude
 
Posts: 10
Joined: Feb 17th, '16, 23:49

Re: Cannot boot on fully encrypted system (Mageia 6)

Postby zeebra » Jan 10th, '18, 18:57

loadkeys de-latin1
loadkeys XX.latinX
zeebra
 
Posts: 110
Joined: Sep 7th, '13, 21:20

Re: Cannot boot on fully encrypted system (Mageia 6)

Postby dude » Feb 11th, '18, 18:11

Everything is fine now, also the keyboard layout at boot. Thank you very much for your help!
dude
 
Posts: 10
Joined: Feb 17th, '16, 23:49


Return to Advanced support

Who is online

Users browsing this forum: No registered users and 1 guest

cron