* grub.cfg does not have luks module for encrypted root
@ 2019-01-31 3:13 Jack Hill
2019-02-01 3:09 ` Jack Hill
2019-02-01 14:03 ` Joshua Branson
0 siblings, 2 replies; 7+ messages in thread
From: Jack Hill @ 2019-01-31 3:13 UTC (permalink / raw)
To: help-guix
[-- Attachment #1: Type: text/plain, Size: 979 bytes --]
Ahoy,
I'm using the attached config.scm for a host with an encrypted gpt root
partition while booking with bios-grub. It produces the attached
grub.cfg, which lacks the luks module, thus grub cannot find the kernel.
If I enter the grub command line and manually insmod luks and cryptomount,
I can then boot correction. My guix version information follows. I don't
see the problem. What am I missing?
jackhill@alperton ~$ guix --version
guix (GNU Guix) 2e484e78cd1ba021a87a56e4d94cd315fb19fba9
Copyright (C) 2019 the Guix authors
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
jackhill@alperton ~$ guix describe
Generation 1 Jan 30 2019 17:51:38 (current)
guix 2e484e7
repository URL: https://git.savannah.gnu.org/git/guix.git
branch: master
commit: 2e484e78cd1ba021a87a56e4d94cd315fb19fba9
Best,
Jack
[-- Attachment #2: Type: text/plain, Size: 3485 bytes --]
# This file was generated from your GuixSD configuration. Any changes
# will be lost upon reconfiguration.
function setup_gfxterm {
# Leave 'gfxmode' to 'auto'.
insmod video_bochs
insmod video_cirrus
insmod gfxterm
if [ "${grub_platform}" == efi ]; then
# This is for (U)EFI systems (these modules are unavailable in the
# non-EFI GRUB.) If we don't load them, GRUB boots in "blind mode",
# which isn't convenient.
insmod efi_gop
insmod efi_uga
else
# These are specific to non-EFI Intel machines.
insmod vbe
insmod vga
fi
}
# Set 'root' to the partition that contains /gnu/store.
search --label --set alperton_root
if loadfont /gnu/store/w7aqfhxad9b65kf1za17fl4dmyvzh96r-grub-2.02/share/grub/unicode.pf2; then
setup_gfxterm
fi
terminal_output gfxterm
insmod png
if background_image /gnu/store/8fxspsrjqnkjlqnzkgf4mnmv7nf5cadm-grub-image.png; then
set color_normal=light-gray/black
set color_highlight=yellow/black
else
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
fi
set default=0
set timeout=5
menuentry "GNU with Linux-Libre 4.20.5 (beta)" {
search --label --set alperton_root
linux /gnu/store/ricf82z3mqqrqim67jz3jlsglfm1g1a8-linux-libre-4.20.5/bzImage --root=alperton_root --system=/gnu/store/ir9p7pl5zzi8zvfrabv3dpijavd1mvy1-system --load=/gnu/store/ir9p7pl5zzi8zvfrabv3dpijavd1mvy1-system/boot
initrd /gnu/store/lqmwc1gxq4h85gyk7fdyp58g070gr27c-raw-initrd/initrd.cpio.gz
}
submenu "GNU system, old configurations..." {
menuentry "GNU with Linux-Libre 4.20.5 (beta) (#5, 2019-01-30 17:43)" {
search --label --set alperton_root
linux /gnu/store/ricf82z3mqqrqim67jz3jlsglfm1g1a8-linux-libre-4.20.5/bzImage --root=alperton_root --system=/var/guix/profiles/system-5-link --load=/var/guix/profiles/system-5-link/boot
initrd /gnu/store/lqmwc1gxq4h85gyk7fdyp58g070gr27c-raw-initrd/initrd.cpio.gz
}
menuentry "GNU with Linux-Libre 4.20.5 (beta) (#4, 2019-01-30 17:31)" {
search --label --set alperton_root
linux /gnu/store/ricf82z3mqqrqim67jz3jlsglfm1g1a8-linux-libre-4.20.5/bzImage --root=alperton_root --system=/var/guix/profiles/system-4-link --load=/var/guix/profiles/system-4-link/boot
initrd /gnu/store/lqmwc1gxq4h85gyk7fdyp58g070gr27c-raw-initrd/initrd.cpio.gz
}
menuentry "GNU with Linux-Libre 4.20.5 (beta) (#3, 2019-01-30 17:25)" {
search --label --set alperton_root
linux /gnu/store/ricf82z3mqqrqim67jz3jlsglfm1g1a8-linux-libre-4.20.5/bzImage --root=alperton_root --system=/var/guix/profiles/system-3-link --load=/var/guix/profiles/system-3-link/boot
initrd /gnu/store/lqmwc1gxq4h85gyk7fdyp58g070gr27c-raw-initrd/initrd.cpio.gz
}
menuentry "GNU with Linux-Libre 4.19.6 (beta) (#2, 2019-01-29 19:50)" {
search --label --set alperton_root
linux /gnu/store/0zajbn9q39yva4l0zzrcshlll8qikzba-linux-libre-4.19.6/bzImage --root=alperton_root --system=/var/guix/profiles/system-2-link --load=/var/guix/profiles/system-2-link/boot
initrd /gnu/store/hvbmp93czjhplvakzkcy47skn9553s05-raw-initrd/initrd.cpio.gz
}
menuentry "GNU with Linux-Libre 4.19.6 (beta) (#1, 2019-01-29 18:48)" {
search --label --set alperton_root
linux /gnu/store/0zajbn9q39yva4l0zzrcshlll8qikzba-linux-libre-4.19.6/bzImage --root=alperton_root --system=/var/guix/profiles/system-1-link --load=/var/guix/profiles/system-1-link/boot
initrd /gnu/store/21i87p5pa53wn3f66j86y797qfqjm7x3-raw-initrd/initrd.cpio.gz
}
}
[-- Attachment #3: Type: text/plain, Size: 2215 bytes --]
;; This is an operating system configuration template
;; for a "desktop" setup with GNOME and Xfce where the
;; root partition is encrypted with LUKS.
(use-modules (gnu) (gnu system nss))
(use-service-modules desktop)
(use-package-modules certs gnome)
(operating-system
(host-name "alperton")
(timezone "America/New_York")
(locale "en_US.utf8")
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(target "/dev/sda")))
;; Specify a mapped device for the encrypted root partition.
;; The UUID is that returned by 'cryptsetup luksUUID'.
(mapped-devices
(list (mapped-device
(source (uuid "f7776767-70c9-44e3-9973-c1334d301348"))
(target "alperton_root")
(type luks-device-mapping))))
(file-systems (cons*
(file-system
(device (file-system-label "boot"))
(mount-point "/boot")
(type "ext4"))
(file-system
(device (file-system-label "alperton_root"))
(mount-point "/")
(type "ext4")
(dependencies mapped-devices))
%base-file-systems))
(users (cons (user-account
(name "jackhill")
(comment "Jack Hill")
(group "users")
(supplementary-groups '("wheel" "netdev"
"audio" "video"))
(home-directory "/home/jackhill"))
%base-user-accounts))
;; This is where we specify system-wide packages.
(packages (cons* nss-certs ;for HTTPS access
gvfs ;for user mounts
%base-packages))
;; Add GNOME and/or Xfce---we can choose at the log-in
;; screen with F1. Use the "desktop" services, which
;; include the X11 log-in service, networking with
;; NetworkManager, and more.
(services (cons* (gnome-desktop-service)
%desktop-services))
;; Allow resolution of '.local' host names with mDNS.
(name-service-switch %mdns-host-lookup-nss))
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: grub.cfg does not have luks module for encrypted root
2019-01-31 3:13 grub.cfg does not have luks module for encrypted root Jack Hill
@ 2019-02-01 3:09 ` Jack Hill
2019-02-01 14:03 ` Joshua Branson
1 sibling, 0 replies; 7+ messages in thread
From: Jack Hill @ 2019-02-01 3:09 UTC (permalink / raw)
To: help-guix
[-- Attachment #1: Type: text/plain, Size: 893 bytes --]
I have solved my problem, and now have Grub working with an encrypted /.
The config I had before had a gpt partitioned disk, with bios boot. I had
an encrypted / and a separate, unencrypted /boot.
When I changed the configuration to not use a separate /boot filesystem,
and put /boot on the encrypted root, Grub dutifully prompts me for a
password, and is then able to boot the system normally.
Is it a bug that a separate /boot doesn't work? Is it worth mentioning in
the manual that a separate /boot isn't needed?
As a side note: I had been expecting 'insmod luks' and 'cryptomount …'
lines in the grub.cfg. They don't appear even with the working setup, but
we are running grub-install with the GRUB_ENABLE_CRYPTODISK environment
variable set. I couldn't find a mention of this variable in the Grub
manual. What's going on here/how do all the pieces fit together?
Best,
Jack
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: grub.cfg does not have luks module for encrypted root
2019-01-31 3:13 grub.cfg does not have luks module for encrypted root Jack Hill
2019-02-01 3:09 ` Jack Hill
@ 2019-02-01 14:03 ` Joshua Branson
2019-02-01 15:29 ` Jack Hill
1 sibling, 1 reply; 7+ messages in thread
From: Joshua Branson @ 2019-02-01 14:03 UTC (permalink / raw)
To: help-guix
Jack Hill <jackhill@jackhill.us> writes:
> Ahoy,
>
> I'm using the attached config.scm for a host with an encrypted gpt
> root partition while booking with bios-grub. It produces the attached
> grub.cfg, which lacks the luks module, thus grub cannot find the
> kernel.
>
> If I enter the grub command line and manually insmod luks and
> cryptomount, I can then boot correction. My guix version information
> follows. I don't see the problem. What am I missing?
Out of curiosity how do you boot GuixSD on the grub command line?
The only way I know how to do it is:
set root=(hd0,1) ; wherever your root partition is
linux /gnu/path/to/vmlinuz-linux-libre root=/dev/sda1
initrd /gnu/path/to/initramfs-linux-libre.img
boot
In arch linux, I know where those paths are: /boot, but it GuixSD those
paths are usually buried in /gnu/some/crazy/path...
>
>
> Best,
> Jack
>
>
>
--
Joshua Branson
Sent from Emacs and Gnus
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: grub.cfg does not have luks module for encrypted root
2019-02-01 14:03 ` Joshua Branson
@ 2019-02-01 15:29 ` Jack Hill
2019-02-02 13:50 ` Joshua Branson
0 siblings, 1 reply; 7+ messages in thread
From: Jack Hill @ 2019-02-01 15:29 UTC (permalink / raw)
To: Joshua Branson; +Cc: help-guix
On Fri, 1 Feb 2019, Joshua Branson wrote:
> Jack Hill <jackhill@jackhill.us> writes:
>
>> Ahoy,
>>
>> I'm using the attached config.scm for a host with an encrypted gpt
>> root partition while booking with bios-grub. It produces the attached
>> grub.cfg, which lacks the luks module, thus grub cannot find the
>> kernel.
>>
>> If I enter the grub command line and manually insmod luks and
>> cryptomount, I can then boot correction.
>
> Out of curiosity how do you boot GuixSD on the grub command line?
>
> The only way I know how to do it is:
>
> set root=(hd0,1) ; wherever your root partition is
> linux /gnu/path/to/vmlinuz-linux-libre root=/dev/sda1
> initrd /gnu/path/to/initramfs-linux-libre.img
> boot
>
> In arch linux, I know where those paths are: /boot, but it GuixSD those
> paths are usually buried in /gnu/some/crazy/path...
Once I ran 'insmod luks' and 'crytomount (hd0,gpt2)', the filesystem
containing the store became available to Grub. I then ran 'configfile
(hd0,gpt1)/boot/grub/grub.cfg' to have Grub reprocess the config file that
Guix wrote for it. Since the store was now available, Grub was able to
load its theme, kernel, and initramfs. Sorry for admitting that step in my
summary.
Best,
Jack
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: grub.cfg does not have luks module for encrypted root
2019-02-01 15:29 ` Jack Hill
@ 2019-02-02 13:50 ` Joshua Branson
2019-02-02 19:02 ` swedebugia
0 siblings, 1 reply; 7+ messages in thread
From: Joshua Branson @ 2019-02-02 13:50 UTC (permalink / raw)
To: help-guix
Jack Hill <jackhill@jackhill.us> writes:
> On Fri, 1 Feb 2019, Joshua Branson wrote:
>
>> Jack Hill <jackhill@jackhill.us> writes:
>>
>>> Ahoy,
>>>
>>> I'm using the attached config.scm for a host with an encrypted gpt
>>> root partition while booking with bios-grub. It produces the attached
>>> grub.cfg, which lacks the luks module, thus grub cannot find the
>>> kernel.
>>>
>>> If I enter the grub command line and manually insmod luks and
>>> cryptomount, I can then boot correction.
>>
>> Out of curiosity how do you boot GuixSD on the grub command line?
>>
>> The only way I know how to do it is:
>>
>> set root=(hd0,1) ; wherever your root partition is
>> linux /gnu/path/to/vmlinuz-linux-libre root=/dev/sda1
>> initrd /gnu/path/to/initramfs-linux-libre.img
>> boot
>>
>> In arch linux, I know where those paths are: /boot, but it GuixSD those
>> paths are usually buried in /gnu/some/crazy/path...
>
> Once I ran 'insmod luks' and 'crytomount (hd0,gpt2)', the filesystem
> containing the store became available to Grub. I then ran 'configfile
> (hd0,gpt1)/boot/grub/grub.cfg' to have Grub reprocess the config file
> that Guix wrote for it. Since the store was now available, Grub was
> able to load its theme, kernel, and initramfs. Sorry for admitting
> that step in my summary.
You're fine. I was unaware of that command. I actually didn't know how
to boot guixSD, from grub's command prompt....
>
> Best,
> Jack
>
--
Joshua Branson
Sent from Emacs and Gnus
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: grub.cfg does not have luks module for encrypted root
2019-02-02 13:50 ` Joshua Branson
@ 2019-02-02 19:02 ` swedebugia
2019-02-03 18:16 ` Joshua Branson
0 siblings, 1 reply; 7+ messages in thread
From: swedebugia @ 2019-02-02 19:02 UTC (permalink / raw)
To: help-guix, Joshua Branson
Joshua Branson <jbranso@dismail.de> skrev: (2 februari 2019 14:50:17 CET)
>Jack Hill <jackhill@jackhill.us> writes:
>
>> On Fri, 1 Feb 2019, Joshua Branson wrote:
>>
>>> Jack Hill <jackhill@jackhill.us> writes:
>>>
>>>> Ahoy,
>>>>
>>>> I'm using the attached config.scm for a host with an encrypted gpt
>>>> root partition while booking with bios-grub. It produces the
>attached
>>>> grub.cfg, which lacks the luks module, thus grub cannot find the
>>>> kernel.
>>>>
>>>> If I enter the grub command line and manually insmod luks and
>>>> cryptomount, I can then boot correction.
>>>
>>> Out of curiosity how do you boot GuixSD on the grub command line?
>>>
>>> The only way I know how to do it is:
>>>
>>> set root=(hd0,1) ; wherever your root partition is
>>> linux /gnu/path/to/vmlinuz-linux-libre root=/dev/sda1
>>> initrd /gnu/path/to/initramfs-linux-libre.img
>>> boot
>>>
>>> In arch linux, I know where those paths are: /boot, but it GuixSD
>those
>>> paths are usually buried in /gnu/some/crazy/path...
>>
>> Once I ran 'insmod luks' and 'crytomount (hd0,gpt2)', the filesystem
>> containing the store became available to Grub. I then ran 'configfile
>> (hd0,gpt1)/boot/grub/grub.cfg' to have Grub reprocess the config file
>> that Guix wrote for it. Since the store was now available, Grub was
>> able to load its theme, kernel, and initramfs. Sorry for admitting
>> that step in my summary.
>
>You're fine. I was unaware of that command. I actually didn't know
>how
>to boot guixSD, from grub's command prompt....
I think this is a good thing to include in the manual. Maybe in a troubleshooting section?
--
Sent from my k-9 mail for Android.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: grub.cfg does not have luks module for encrypted root
2019-02-02 19:02 ` swedebugia
@ 2019-02-03 18:16 ` Joshua Branson
0 siblings, 0 replies; 7+ messages in thread
From: Joshua Branson @ 2019-02-03 18:16 UTC (permalink / raw)
To: help-guix
swedebugia <swedebugia@riseup.net> writes:
> Joshua Branson <jbranso@dismail.de> skrev: (2 februari 2019 14:50:17 CET)
>>Jack Hill <jackhill@jackhill.us> writes:
>>
>>> On Fri, 1 Feb 2019, Joshua Branson wrote:
>>>
>>>> Jack Hill <jackhill@jackhill.us> writes:
>>>>
>>>>> Ahoy,
>>>>>
>>>>> I'm using the attached config.scm for a host with an encrypted gpt
>>>>> root partition while booking with bios-grub. It produces the
>>attached
>>>>> grub.cfg, which lacks the luks module, thus grub cannot find the
>>>>> kernel.
>>>>>
>>>>> If I enter the grub command line and manually insmod luks and
>>>>> cryptomount, I can then boot correction.
>>>>
>>>> Out of curiosity how do you boot GuixSD on the grub command line?
>>>>
>>>> The only way I know how to do it is:
>>>>
>>>> set root=(hd0,1) ; wherever your root partition is
>>>> linux /gnu/path/to/vmlinuz-linux-libre root=/dev/sda1
>>>> initrd /gnu/path/to/initramfs-linux-libre.img
>>>> boot
>>>>
>>>> In arch linux, I know where those paths are: /boot, but it GuixSD
>>those
>>>> paths are usually buried in /gnu/some/crazy/path...
>>>
>>> Once I ran 'insmod luks' and 'crytomount (hd0,gpt2)', the filesystem
>>> containing the store became available to Grub. I then ran 'configfile
>>> (hd0,gpt1)/boot/grub/grub.cfg' to have Grub reprocess the config file
>>> that Guix wrote for it. Since the store was now available, Grub was
>>> able to load its theme, kernel, and initramfs. Sorry for admitting
>>> that step in my summary.
>>
>>You're fine. I was unaware of that command. I actually didn't know
>>how
>>to boot guixSD, from grub's command prompt....
>
> I think this is a good thing to include in the manual. Maybe in a troubleshooting section?
That would be a fine thing to include indeed!
--
Joshua Branson
Sent from Emacs and Gnus
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-02-03 18:17 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-01-31 3:13 grub.cfg does not have luks module for encrypted root Jack Hill
2019-02-01 3:09 ` Jack Hill
2019-02-01 14:03 ` Joshua Branson
2019-02-01 15:29 ` Jack Hill
2019-02-02 13:50 ` Joshua Branson
2019-02-02 19:02 ` swedebugia
2019-02-03 18:16 ` Joshua Branson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).