From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jack Hill Subject: grub with encrpted root no longer automatically loads luks Date: Fri, 21 Jun 2019 00:21:55 -0400 (EDT) Message-ID: Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:47434) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1heB3o-0005Lh-Oe for help-guix@gnu.org; Fri, 21 Jun 2019 00:22:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1heB3n-0001ZL-GB for help-guix@gnu.org; Fri, 21 Jun 2019 00:22:00 -0400 Received: from minsky.hcoop.net ([104.248.1.95]:55324) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1heB3l-0001X8-SC for help-guix@gnu.org; Fri, 21 Jun 2019 00:21:59 -0400 Received: from marsh.hcoop.net ([45.55.52.66]) by minsky.hcoop.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1heB3j-0001ss-J7 for help-guix@gnu.org; Fri, 21 Jun 2019 00:21:55 -0400 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: help-guix@gnu.org Hi Guix, I've noticed that recently (unfortunately, I don't know exactly when it started), that grub no longer prompts me to enter my password to unlock my root filesystem. I notice that at the grub command line, if I enter `cryptomount -a`, I am not prompted for a password, and the root filesystem does not become available. However, if I first run `insmod luks` and then `cryptomount -a`, I am prompted for my password, and the root filesystem become available and I can boot normally. Therefore, it seem like grub is not auto-loading the luks module for some reason. Why might this be the case? What needs to be changed so that luks is auto loaded? Best, Jack my config.scm: ;; This is an operating system configuration template ;; for a "desktop" setup with GNOME and Xfce where the ;; root partition is encrypted with LUKS. (use-modules (gnu) (gnu system nss) (gnu services xorg) (gnu packages linux)) (use-service-modules desktop) (use-package-modules certs gnome scanner security-token) (operating-system (host-name "alperton") (timezone "America/New_York") (locale "en_US.utf8") (bootloader (bootloader-configuration (bootloader grub-bootloader) (target "/dev/sda"))) ;; Specify a mapped device for the encrypted root partition. ;; The UUID is that returned by 'cryptsetup luksUUID'. (mapped-devices (list (mapped-device (source (uuid "f7776767-70c9-44e3-9973-c1334d301348")) (target "alperton_root") (type luks-device-mapping)))) (file-systems (cons* (file-system (device (file-system-label "boot")) (mount-point "/boot") (type "ext4")) (file-system (device (file-system-label "alperton_root")) (mount-point "/") (type "ext4") (dependencies mapped-devices)) %base-file-systems)) (swap-devices (list "/root/swap")) (users (cons (user-account (name "jackhill") (comment "Jack Hill") (group "users") (supplementary-groups '("wheel" "netdev" "audio" "lp" "video")) (home-directory "/home/jackhill")) %base-user-accounts)) ;; This is where we specify system-wide packages. (packages (cons* nss-certs ;for HTTPS access fuse-exfat gvfs ;for user mounts %base-packages)) ;; Add GNOME and/or Xfce---we can choose at the log-in ;; screen with F1. Use the "desktop" services, which ;; include the X11 log-in service, networking with ;; NetworkManager, and more. (services (cons* (service gnome-desktop-service-type) (bluetooth-service) (simple-service 'custom-udev-rules udev-service-type (list sane-backends libu2f-host)) %desktop-services)) ;; Allow resolution of '.local' host names with mDNS. (name-service-switch %mdns-host-lookup-nss))