unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed
* grub.cfg does not have luks module for encrypted root
@ 2019-01-31  3:13 Jack Hill
  2019-02-01  3:09 ` Jack Hill
  2019-02-01 14:03 ` Joshua Branson
  0 siblings, 2 replies; 7+ messages in thread
From: Jack Hill @ 2019-01-31  3:13 UTC (permalink / raw)
  To: help-guix

[-- Attachment #1: Type: text/plain, Size: 979 bytes --]

Ahoy,

I'm using the attached config.scm for a host with an encrypted gpt root 
partition while booking with bios-grub. It produces the attached 
grub.cfg, which lacks the luks module, thus grub cannot find the kernel.

If I enter the grub command line and manually insmod luks and cryptomount, 
I can then boot correction. My guix version information follows. I don't 
see the problem. What am I missing?

jackhill@alperton ~$ guix --version
guix (GNU Guix) 2e484e78cd1ba021a87a56e4d94cd315fb19fba9
Copyright (C) 2019 the Guix authors
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
jackhill@alperton ~$ guix describe
Generation 1	Jan 30 2019 17:51:38	(current)
   guix 2e484e7
     repository URL: https://git.savannah.gnu.org/git/guix.git
     branch: master
     commit: 2e484e78cd1ba021a87a56e4d94cd315fb19fba9


Best,
Jack

[-- Attachment #2: Type: text/plain, Size: 3485 bytes --]

# This file was generated from your GuixSD configuration.  Any changes
# will be lost upon reconfiguration.

function setup_gfxterm {
  # Leave 'gfxmode' to 'auto'.
  insmod video_bochs
  insmod video_cirrus
  insmod gfxterm

  if [ "${grub_platform}" == efi ]; then
    # This is for (U)EFI systems (these modules are unavailable in the
    # non-EFI GRUB.)  If we don't load them, GRUB boots in "blind mode",
    # which isn't convenient.
    insmod efi_gop
    insmod efi_uga
  else
    # These are specific to non-EFI Intel machines.
    insmod vbe
    insmod vga
  fi
}

# Set 'root' to the partition that contains /gnu/store.
search --label --set alperton_root

if loadfont /gnu/store/w7aqfhxad9b65kf1za17fl4dmyvzh96r-grub-2.02/share/grub/unicode.pf2; then
  setup_gfxterm
fi

terminal_output gfxterm


insmod png
if background_image /gnu/store/8fxspsrjqnkjlqnzkgf4mnmv7nf5cadm-grub-image.png; then
  set color_normal=light-gray/black
  set color_highlight=yellow/black
else
  set menu_color_normal=cyan/blue
  set menu_color_highlight=white/blue
fi

set default=0
set timeout=5
menuentry "GNU with Linux-Libre 4.20.5 (beta)" {
  search --label --set alperton_root
  linux /gnu/store/ricf82z3mqqrqim67jz3jlsglfm1g1a8-linux-libre-4.20.5/bzImage --root=alperton_root --system=/gnu/store/ir9p7pl5zzi8zvfrabv3dpijavd1mvy1-system --load=/gnu/store/ir9p7pl5zzi8zvfrabv3dpijavd1mvy1-system/boot
  initrd /gnu/store/lqmwc1gxq4h85gyk7fdyp58g070gr27c-raw-initrd/initrd.cpio.gz
}

submenu "GNU system, old configurations..." {
menuentry "GNU with Linux-Libre 4.20.5 (beta) (#5, 2019-01-30 17:43)" {
  search --label --set alperton_root
  linux /gnu/store/ricf82z3mqqrqim67jz3jlsglfm1g1a8-linux-libre-4.20.5/bzImage --root=alperton_root --system=/var/guix/profiles/system-5-link --load=/var/guix/profiles/system-5-link/boot
  initrd /gnu/store/lqmwc1gxq4h85gyk7fdyp58g070gr27c-raw-initrd/initrd.cpio.gz
}
menuentry "GNU with Linux-Libre 4.20.5 (beta) (#4, 2019-01-30 17:31)" {
  search --label --set alperton_root
  linux /gnu/store/ricf82z3mqqrqim67jz3jlsglfm1g1a8-linux-libre-4.20.5/bzImage --root=alperton_root --system=/var/guix/profiles/system-4-link --load=/var/guix/profiles/system-4-link/boot
  initrd /gnu/store/lqmwc1gxq4h85gyk7fdyp58g070gr27c-raw-initrd/initrd.cpio.gz
}
menuentry "GNU with Linux-Libre 4.20.5 (beta) (#3, 2019-01-30 17:25)" {
  search --label --set alperton_root
  linux /gnu/store/ricf82z3mqqrqim67jz3jlsglfm1g1a8-linux-libre-4.20.5/bzImage --root=alperton_root --system=/var/guix/profiles/system-3-link --load=/var/guix/profiles/system-3-link/boot
  initrd /gnu/store/lqmwc1gxq4h85gyk7fdyp58g070gr27c-raw-initrd/initrd.cpio.gz
}
menuentry "GNU with Linux-Libre 4.19.6 (beta) (#2, 2019-01-29 19:50)" {
  search --label --set alperton_root
  linux /gnu/store/0zajbn9q39yva4l0zzrcshlll8qikzba-linux-libre-4.19.6/bzImage --root=alperton_root --system=/var/guix/profiles/system-2-link --load=/var/guix/profiles/system-2-link/boot
  initrd /gnu/store/hvbmp93czjhplvakzkcy47skn9553s05-raw-initrd/initrd.cpio.gz
}
menuentry "GNU with Linux-Libre 4.19.6 (beta) (#1, 2019-01-29 18:48)" {
  search --label --set alperton_root
  linux /gnu/store/0zajbn9q39yva4l0zzrcshlll8qikzba-linux-libre-4.19.6/bzImage --root=alperton_root --system=/var/guix/profiles/system-1-link --load=/var/guix/profiles/system-1-link/boot
  initrd /gnu/store/21i87p5pa53wn3f66j86y797qfqjm7x3-raw-initrd/initrd.cpio.gz
}
}

[-- Attachment #3: Type: text/plain, Size: 2215 bytes --]

;; This is an operating system configuration template
;; for a "desktop" setup with GNOME and Xfce where the
;; root partition is encrypted with LUKS.

(use-modules (gnu) (gnu system nss))
(use-service-modules desktop)
(use-package-modules certs gnome)

(operating-system
  (host-name "alperton")
  (timezone "America/New_York")
  (locale "en_US.utf8")

  (bootloader (bootloader-configuration
                (bootloader grub-bootloader)
                (target "/dev/sda")))

  ;; Specify a mapped device for the encrypted root partition.
  ;; The UUID is that returned by 'cryptsetup luksUUID'.
  (mapped-devices
   (list (mapped-device
          (source (uuid "f7776767-70c9-44e3-9973-c1334d301348"))
          (target "alperton_root")
          (type luks-device-mapping))))

  (file-systems (cons* 
	               (file-system
	                (device (file-system-label "boot"))
	                (mount-point "/boot")
	                (type "ext4"))  
	               (file-system
                        (device (file-system-label "alperton_root"))
                        (mount-point "/")
                        (type "ext4")
                        (dependencies mapped-devices))
                      %base-file-systems))

  (users (cons (user-account
                (name "jackhill")
                (comment "Jack Hill")
                (group "users")
                (supplementary-groups '("wheel" "netdev"
                                        "audio" "video"))
                (home-directory "/home/jackhill"))
               %base-user-accounts))

  ;; This is where we specify system-wide packages.
  (packages (cons* nss-certs         ;for HTTPS access
                   gvfs              ;for user mounts
                   %base-packages))

  ;; Add GNOME and/or Xfce---we can choose at the log-in
  ;; screen with F1.  Use the "desktop" services, which
  ;; include the X11 log-in service, networking with
  ;; NetworkManager, and more.
  (services (cons* (gnome-desktop-service)
                   %desktop-services))

  ;; Allow resolution of '.local' host names with mDNS.
  (name-service-switch %mdns-host-lookup-nss))

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: grub.cfg does not have luks module for encrypted root
  2019-01-31  3:13 grub.cfg does not have luks module for encrypted root Jack Hill
@ 2019-02-01  3:09 ` Jack Hill
  2019-02-01 14:03 ` Joshua Branson
  1 sibling, 0 replies; 7+ messages in thread
From: Jack Hill @ 2019-02-01  3:09 UTC (permalink / raw)
  To: help-guix

[-- Attachment #1: Type: text/plain, Size: 893 bytes --]

I have solved my problem, and now have Grub working with an encrypted /. 
The config I had before had a gpt partitioned disk, with bios boot. I had 
an encrypted / and a separate, unencrypted /boot.

When I changed the configuration to not use a separate /boot filesystem, 
and put /boot on the encrypted root, Grub dutifully prompts me for a 
password, and is then able to boot the system normally.

Is it a bug that a separate /boot doesn't work? Is it worth mentioning in 
the manual that a separate /boot isn't needed?

As a side note: I had been expecting 'insmod luks' and 'cryptomount …' 
lines in the grub.cfg. They don't appear even with the working setup, but 
we are running grub-install with the GRUB_ENABLE_CRYPTODISK environment 
variable set. I couldn't find a mention of this variable in the Grub 
manual. What's going on here/how do all the pieces fit together?

Best,
Jack

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: grub.cfg does not have luks module for encrypted root
  2019-01-31  3:13 grub.cfg does not have luks module for encrypted root Jack Hill
  2019-02-01  3:09 ` Jack Hill
@ 2019-02-01 14:03 ` Joshua Branson
  2019-02-01 15:29   ` Jack Hill
  1 sibling, 1 reply; 7+ messages in thread
From: Joshua Branson @ 2019-02-01 14:03 UTC (permalink / raw)
  To: help-guix

Jack Hill <jackhill@jackhill.us> writes:

> Ahoy,
>
> I'm using the attached config.scm for a host with an encrypted gpt
> root partition while booking with bios-grub. It produces the attached
> grub.cfg, which lacks the luks module, thus grub cannot find the
> kernel.
>
> If I enter the grub command line and manually insmod luks and
> cryptomount, I can then boot correction. My guix version information
> follows. I don't see the problem. What am I missing?

Out of curiosity how do you boot GuixSD on the grub command line?

The only way I know how to do it is:

set root=(hd0,1)  ; wherever your root partition is
linux /gnu/path/to/vmlinuz-linux-libre root=/dev/sda1
initrd /gnu/path/to/initramfs-linux-libre.img
boot


In arch linux, I know where those paths are: /boot, but it GuixSD those
paths are usually buried in /gnu/some/crazy/path...
>
>
> Best,
> Jack
>
>
>

--
Joshua Branson
Sent from Emacs and Gnus

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: grub.cfg does not have luks module for encrypted root
  2019-02-01 14:03 ` Joshua Branson
@ 2019-02-01 15:29   ` Jack Hill
  2019-02-02 13:50     ` Joshua Branson
  0 siblings, 1 reply; 7+ messages in thread
From: Jack Hill @ 2019-02-01 15:29 UTC (permalink / raw)
  To: Joshua Branson; +Cc: help-guix

On Fri, 1 Feb 2019, Joshua Branson wrote:

> Jack Hill <jackhill@jackhill.us> writes:
>
>> Ahoy,
>>
>> I'm using the attached config.scm for a host with an encrypted gpt
>> root partition while booking with bios-grub. It produces the attached
>> grub.cfg, which lacks the luks module, thus grub cannot find the
>> kernel.
>>
>> If I enter the grub command line and manually insmod luks and
>> cryptomount, I can then boot correction.
>
> Out of curiosity how do you boot GuixSD on the grub command line?
>
> The only way I know how to do it is:
>
> set root=(hd0,1)  ; wherever your root partition is
> linux /gnu/path/to/vmlinuz-linux-libre root=/dev/sda1
> initrd /gnu/path/to/initramfs-linux-libre.img
> boot
>
> In arch linux, I know where those paths are: /boot, but it GuixSD those
> paths are usually buried in /gnu/some/crazy/path...

Once I ran 'insmod luks' and 'crytomount (hd0,gpt2)', the filesystem 
containing the store became available to Grub. I then ran 'configfile 
(hd0,gpt1)/boot/grub/grub.cfg' to have Grub reprocess the config file that 
Guix wrote for it. Since the store was now available, Grub was able to 
load its theme, kernel, and initramfs. Sorry for admitting that step in my 
summary.

Best,
Jack

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: grub.cfg does not have luks module for encrypted root
  2019-02-01 15:29   ` Jack Hill
@ 2019-02-02 13:50     ` Joshua Branson
  2019-02-02 19:02       ` swedebugia
  0 siblings, 1 reply; 7+ messages in thread
From: Joshua Branson @ 2019-02-02 13:50 UTC (permalink / raw)
  To: help-guix

Jack Hill <jackhill@jackhill.us> writes:

> On Fri, 1 Feb 2019, Joshua Branson wrote:
>
>> Jack Hill <jackhill@jackhill.us> writes:
>>
>>> Ahoy,
>>>
>>> I'm using the attached config.scm for a host with an encrypted gpt
>>> root partition while booking with bios-grub. It produces the attached
>>> grub.cfg, which lacks the luks module, thus grub cannot find the
>>> kernel.
>>>
>>> If I enter the grub command line and manually insmod luks and
>>> cryptomount, I can then boot correction.
>>
>> Out of curiosity how do you boot GuixSD on the grub command line?
>>
>> The only way I know how to do it is:
>>
>> set root=(hd0,1)  ; wherever your root partition is
>> linux /gnu/path/to/vmlinuz-linux-libre root=/dev/sda1
>> initrd /gnu/path/to/initramfs-linux-libre.img
>> boot
>>
>> In arch linux, I know where those paths are: /boot, but it GuixSD those
>> paths are usually buried in /gnu/some/crazy/path...
>
> Once I ran 'insmod luks' and 'crytomount (hd0,gpt2)', the filesystem
> containing the store became available to Grub. I then ran 'configfile
> (hd0,gpt1)/boot/grub/grub.cfg' to have Grub reprocess the config file
> that Guix wrote for it. Since the store was now available, Grub was
> able to load its theme, kernel, and initramfs. Sorry for admitting
> that step in my summary.

You're fine.  I was unaware of that command.  I actually didn't know how
to boot guixSD, from grub's command prompt....

>
> Best,
> Jack
>

-- 
Joshua Branson
Sent from Emacs and Gnus

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: grub.cfg does not have luks module for encrypted root
  2019-02-02 13:50     ` Joshua Branson
@ 2019-02-02 19:02       ` swedebugia
  2019-02-03 18:16         ` Joshua Branson
  0 siblings, 1 reply; 7+ messages in thread
From: swedebugia @ 2019-02-02 19:02 UTC (permalink / raw)
  To: help-guix, Joshua Branson

Joshua Branson <jbranso@dismail.de> skrev: (2 februari 2019 14:50:17 CET)
>Jack Hill <jackhill@jackhill.us> writes:
>
>> On Fri, 1 Feb 2019, Joshua Branson wrote:
>>
>>> Jack Hill <jackhill@jackhill.us> writes:
>>>
>>>> Ahoy,
>>>>
>>>> I'm using the attached config.scm for a host with an encrypted gpt
>>>> root partition while booking with bios-grub. It produces the
>attached
>>>> grub.cfg, which lacks the luks module, thus grub cannot find the
>>>> kernel.
>>>>
>>>> If I enter the grub command line and manually insmod luks and
>>>> cryptomount, I can then boot correction.
>>>
>>> Out of curiosity how do you boot GuixSD on the grub command line?
>>>
>>> The only way I know how to do it is:
>>>
>>> set root=(hd0,1)  ; wherever your root partition is
>>> linux /gnu/path/to/vmlinuz-linux-libre root=/dev/sda1
>>> initrd /gnu/path/to/initramfs-linux-libre.img
>>> boot
>>>
>>> In arch linux, I know where those paths are: /boot, but it GuixSD
>those
>>> paths are usually buried in /gnu/some/crazy/path...
>>
>> Once I ran 'insmod luks' and 'crytomount (hd0,gpt2)', the filesystem
>> containing the store became available to Grub. I then ran 'configfile
>> (hd0,gpt1)/boot/grub/grub.cfg' to have Grub reprocess the config file
>> that Guix wrote for it. Since the store was now available, Grub was
>> able to load its theme, kernel, and initramfs. Sorry for admitting
>> that step in my summary.
>
>You're fine.  I was unaware of that command.  I actually didn't know
>how
>to boot guixSD, from grub's command prompt....

I think this is a good thing to include in the manual. Maybe in a troubleshooting section?


-- 
Sent from my k-9 mail for Android.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: grub.cfg does not have luks module for encrypted root
  2019-02-02 19:02       ` swedebugia
@ 2019-02-03 18:16         ` Joshua Branson
  0 siblings, 0 replies; 7+ messages in thread
From: Joshua Branson @ 2019-02-03 18:16 UTC (permalink / raw)
  To: help-guix

swedebugia <swedebugia@riseup.net> writes:

> Joshua Branson <jbranso@dismail.de> skrev: (2 februari 2019 14:50:17 CET)
>>Jack Hill <jackhill@jackhill.us> writes:
>>
>>> On Fri, 1 Feb 2019, Joshua Branson wrote:
>>>
>>>> Jack Hill <jackhill@jackhill.us> writes:
>>>>
>>>>> Ahoy,
>>>>>
>>>>> I'm using the attached config.scm for a host with an encrypted gpt
>>>>> root partition while booking with bios-grub. It produces the
>>attached
>>>>> grub.cfg, which lacks the luks module, thus grub cannot find the
>>>>> kernel.
>>>>>
>>>>> If I enter the grub command line and manually insmod luks and
>>>>> cryptomount, I can then boot correction.
>>>>
>>>> Out of curiosity how do you boot GuixSD on the grub command line?
>>>>
>>>> The only way I know how to do it is:
>>>>
>>>> set root=(hd0,1)  ; wherever your root partition is
>>>> linux /gnu/path/to/vmlinuz-linux-libre root=/dev/sda1
>>>> initrd /gnu/path/to/initramfs-linux-libre.img
>>>> boot
>>>>
>>>> In arch linux, I know where those paths are: /boot, but it GuixSD
>>those
>>>> paths are usually buried in /gnu/some/crazy/path...
>>>
>>> Once I ran 'insmod luks' and 'crytomount (hd0,gpt2)', the filesystem
>>> containing the store became available to Grub. I then ran 'configfile
>>> (hd0,gpt1)/boot/grub/grub.cfg' to have Grub reprocess the config file
>>> that Guix wrote for it. Since the store was now available, Grub was
>>> able to load its theme, kernel, and initramfs. Sorry for admitting
>>> that step in my summary.
>>
>>You're fine.  I was unaware of that command.  I actually didn't know
>>how
>>to boot guixSD, from grub's command prompt....
>
> I think this is a good thing to include in the manual. Maybe in a troubleshooting section?

That would be a fine thing to include indeed!  

-- 
Joshua Branson
Sent from Emacs and Gnus

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2019-02-03 18:17 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-01-31  3:13 grub.cfg does not have luks module for encrypted root Jack Hill
2019-02-01  3:09 ` Jack Hill
2019-02-01 14:03 ` Joshua Branson
2019-02-01 15:29   ` Jack Hill
2019-02-02 13:50     ` Joshua Branson
2019-02-02 19:02       ` swedebugia
2019-02-03 18:16         ` Joshua Branson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).