installation on LVM on LUKS - Emmanuel Beffara

unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed

From: Emmanuel Beffara <manu@beffara.org>
To: help-guix@gnu.org
Subject: installation on LVM on LUKS
Date: Thu, 2 Mar 2023 11:25:53 +0100	[thread overview]
Message-ID: <20230302112553.GD11782@beffara.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 1759 bytes --]

Hello,

I am currently trying to install Guix System on my laptop and I am facing an
issue with the bootloader configuration.

I use full-disk encryption with a single encrypted partition, split into
several logical volumes using LVM, plus an extra non-encrypted partition for
EFI boot material:

	nvme0n1              259:0    0 953,9G  0 disk
	├─nvme0n1p1          259:1    0 953,4G  0 part
	│ └─manivelle        254:0    0 953,4G  0 crypt
	│   ├─storage-swap   254:1    0    32G  0 lvm   [SWAP]
	│   │ [...]
	│   └─storage-guix   254:5    0    64G  0 lvm   /
	└─nvme0n1p2          259:2    0   487M  0 part  /boot

I attach the system configuration, which I derived from the desktop template.

Everything installed fine EXCEPT that Grub fails to load its LVM volume, hence
the root partition is not found. Indeed, the produced grub.cfg has no mention
of lvm anywhere. If I adjust it by inserting "insmod lvm" somewhere, either at
the start or in a menuentry, or if I do that by hand in the Grub shell, then
the system starts and works fine.

Did I miss something in the configuration ?


As a related point, this setup requires entering the decryption password
twice: once so that Grub can load the kernel from the store, and once so that
the kernel can open the volume itself. I understand the situation is known,
but it could be avoided, for instance, by copying the kernel and initrd
somewhere in the EFI partition so that they could be loaded directly. Besides,
for some reason, Grub is extremely slow at opening the partition: it takes
around 30 seconds to start after I correctly enter the password, whereas the
kernel boots in just a few seconds after I enter the password for it.

Any thoughts on this ?

-- 
Emmanuel

[-- Attachment #2: config.scm --]
[-- Type: text/plain, Size: 2290 bytes --]

(use-modules (gnu) (gnu system nss) (guix utils))
(use-service-modules desktop sddm xorg)
(use-package-modules certs gnome)

(operating-system
  (host-name "manivelle")
  (timezone "Europe/Paris")
  (locale "fr_FR.utf8")

  (keyboard-layout (keyboard-layout "fr"))

  (bootloader (bootloader-configuration
                (bootloader grub-efi-bootloader)
                (targets '("/boot"))
                (keyboard-layout keyboard-layout)
                (terminal-outputs '(vga_text))
                ))

  (mapped-devices
   (list (mapped-device
          (source (uuid "8c8e1490-378f-4e1c-b4c6-25f44070afce"))
          (target "storage")
          (type luks-device-mapping))
         (mapped-device
          (source "storage")
          (targets (list "storage-guix" "storage-swap"))
          (type lvm-device-mapping))))

  (file-systems (append
                 (list (file-system
                         (device (file-system-label "guix"))
                         (mount-point "/")
                         (type "ext4")
                         (dependencies mapped-devices))
                       (file-system
                         (device (file-system-label "boot"))
                         (mount-point "/boot")
                         (type "vfat")))
                 %base-file-systems))

  (swap-devices (list (swap-space
                       (target (file-system-label "swap"))
                       (dependencies mapped-devices))))

  (users (cons (user-account
                (name "manu")
                (comment "Manu")
                (home-directory "/home/manu")
                (group "users")
                (supplementary-groups '("wheel" "netdev"
                                        "audio" "video")))
               %base-user-accounts))

  (packages (append (list
                     nss-certs
                     gvfs)
                    %base-packages))

  (services (append (list (service gnome-desktop-service-type)
                          (service xfce-desktop-service-type)
                          (set-xorg-configuration
                            (xorg-configuration
                              (keyboard-layout keyboard-layout))))
                    %desktop-services))

  (name-service-switch %mdns-host-lookup-nss))

next             reply	other threads:[~2023-03-03 13:53 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-02 10:25 Emmanuel Beffara [this message]
2023-03-03 14:33 ` installation on LVM on LUKS Raffael Mancini
2023-03-03 15:05 ` Roman Scherer
2023-03-03 17:03   ` Emmanuel Beffara
2023-03-03 23:42     ` wolf
2023-03-05 21:39       ` Emmanuel Beffara

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230302112553.GD11782@beffara.org \
    --to=manu@beffara.org \
    --cc=help-guix@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).