[-- Attachment #1: Type: text/plain, Size: 1583 bytes --] Hi, I have Librem 14 (coreboot/seaBIOS) with Samsung 970 Evo Plus 2TB SSD. I installed Guix manually, the disk has MBR partition table and these partitions: /dev/nvme0n1p1 - 1GB, Linux (83), bootable /dev/nvme0n1p2 - 1.8TB, Linux (83) The nvme0n1p1 (/boot) is unencrypted with ext4: mkfs.ext4 -L system-boot /dev/nvme0n1p1 The nvme0n1p2 (/) is encrypted using LUKS and on top is ext4: cryptsetup luksFormat /dev/nvme0n1p2 cryptsetup open /dev/nvme0n1p2 luks mkfs.ext4 -L system-root /dev/mapper/luks mount LABEL=system-root /mnt mkdir /mnt/etc /mnt/boot mount LABEL=system-boot /mnt/boot herd start cow-store /mnt The relevant part on /mnt/etc/config.scm: (bootloader (bootloader-configuration (bootloader grub-bootloader) (target "/dev/nvme0n1"))) (mapped-devices (list (mapped-device (source (uuid "...")) (target "luks") (type luks-device-mapping)))) (file-systems (cons* (file-system (mount-point "/") (device "/dev/mapper/luks") (type "ext4") (dependencies mapped-devices)) %base-file-systems))) guix system init /mnt/etc/config.scm /mnt Installation is without any errors. After rebooting grub asks for a password to decrypt LUKS partition, then gives me the boot menu. When I hit enter, the laptop gets stuck, I can't do ctrl+alt+f3,f4... only ctrl+alt+del works. Attached are pictures from grub. I also tried to use unencrypted root partition (basically the same as above, but without LUKS) and it works. Thanks, J [-- Attachment #2: grub1.jpeg --] [-- Type: image/jpeg, Size: 209666 bytes --] [-- Attachment #3: grub2.jpeg --] [-- Type: image/jpeg, Size: 259409 bytes --]
[-- Attachment #1: Type: text/plain, Size: 612 bytes --] Juraj, Juraj Hlista 写道: > mount LABEL=system-root /mnt > mkdir /mnt/etc /mnt/boot > mount LABEL=system-boot /mnt/boot Guix System doesn't support a separate /boot partition. See <http://issues.guix.gnu.org/48172>. I'll leave this bug unmerged with that one until we're sure that's your only issue: > I also tried to use unencrypted root partition (basically the > same as above, but without LUKS) and it works. Also with separate /boot? If so, maybe GRUB happens to look in the wrong right place (/ instead of /boot), or something else is going on. Kind regards, T G-R [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 247 bytes --]
I installed Guix again, there is just single 2TB encrypted partition with ext4 on top.
When booting, there is a prompt asking for a password to decrypt the partition, then there is the boot menu. When hitting enter the laptop gets stuck again just like before.
Seems like an issue with grub?
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, May 25, 2021 1:19 PM, Tobias Geerinckx-Rice <me@tobias.gr> wrote:
> Juraj,
>
> Juraj Hlista 写道:
>
> > mount LABEL=system-root /mnt
> > mkdir /mnt/etc /mnt/boot
> > mount LABEL=system-boot /mnt/boot
>
> Guix System doesn't support a separate /boot partition. Seehttp://issues.guix.gnu.org/48172.
>
> I'll leave this bug unmerged with that one until we're sure that's your only issue:
>
> > I also tried to use unencrypted root partition (basically the > same as above, but without LUKS) and it works.
>
> Also with separate /boot? If so, maybe GRUB happens to look in the wrong right place (/ instead of /boot), or something else is going on.
>
> Kind regards,
>
> T G-R
[-- Attachment #1: Type: text/plain, Size: 2221 bytes --] I tried to install Guix on unencrypted partition as well and it works. So to sum up my issue: /dev/nvme0n1p1 - 1.8TB, Linux (83) cryptsetup luksFormat /dev/nvme0n1p1 cryptsetup open /dev/nvme0n1p1 luks mkfs.ext4 -L system /dev/mapper/luks mount LABEL=system /mnt mkdir /mnt/etc herd start cow-store /mnt (bootloader (bootloader-configuration (bootloader grub-bootloader) (target "/dev/nvme0n1"))) (mapped-devices (list (mapped-device (source (uuid "...")) (target "luks") (type luks-device-mapping)))) (file-systems (cons* (file-system (mount-point "/") (device "/dev/mapper/luks") (type "ext4") (dependencies mapped-devices)) %base-file-systems))) guix system init /mnt/etc/config.scm /mnt reboot After inserting password to decrypt, I hit enter in boot menu, laptop freezes. Attached are pictures from GRUB. Best Regards, J ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, May 25, 2021 2:12 PM, Juraj Hlista <juraj@juraj.me> wrote: > I installed Guix again, there is just single 2TB encrypted partition with ext4 on top. > > When booting, there is a prompt asking for a password to decrypt the partition, then there is the boot menu. When hitting enter the laptop gets stuck again just like before. > > Seems like an issue with grub? > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Tuesday, May 25, 2021 1:19 PM, Tobias Geerinckx-Rice me@tobias.gr wrote: > > > Juraj, > > Juraj Hlista 写道: > > > > > mount LABEL=system-root /mnt > > > mkdir /mnt/etc /mnt/boot > > > mount LABEL=system-boot /mnt/boot > > > > Guix System doesn't support a separate /boot partition. Seehttp://issues.guix.gnu.org/48172. > > I'll leave this bug unmerged with that one until we're sure that's your only issue: > > > > > I also tried to use unencrypted root partition (basically the > same as above, but without LUKS) and it works. > > > > Also with separate /boot? If so, maybe GRUB happens to look in the wrong right place (/ instead of /boot), or something else is going on. > > Kind regards, > > T G-R [-- Attachment #2: grub-console-2.jpeg --] [-- Type: image/jpeg, Size: 281696 bytes --] [-- Attachment #3: grub-console-3.jpeg --] [-- Type: image/jpeg, Size: 317548 bytes --] [-- Attachment #4: grub-console-1.jpeg --] [-- Type: image/jpeg, Size: 334568 bytes --]
There has been some progress. I added this line:
(initrd-modules (cons* "i915" %base-initrd-modules))
to the config and it solved the issue with freezing the laptop.
Not sure how the i915 module is related to LUKS though.
Best Regards,
J
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, May 25, 2021 7:19 PM, Juraj Hlista <juraj@juraj.me> wrote:
> I tried to install Guix on unencrypted partition as well and it works.
>
> So to sum up my issue:
>
> /dev/nvme0n1p1 - 1.8TB, Linux (83)
>
> cryptsetup luksFormat /dev/nvme0n1p1
> cryptsetup open /dev/nvme0n1p1 luks
> mkfs.ext4 -L system /dev/mapper/luks
>
> mount LABEL=system /mnt
> mkdir /mnt/etc
>
> herd start cow-store /mnt
>
> (bootloader
> (bootloader-configuration
> (bootloader grub-bootloader)
> (target "/dev/nvme0n1")))
> (mapped-devices
> (list (mapped-device
> (source (uuid "..."))
> (target "luks")
> (type luks-device-mapping))))
> (file-systems
> (cons* (file-system
> (mount-point "/")
> (device "/dev/mapper/luks")
> (type "ext4")
> (dependencies mapped-devices))
> %base-file-systems)))
>
> guix system init /mnt/etc/config.scm /mnt
> reboot
>
> After inserting password to decrypt, I hit enter in boot menu, laptop freezes.
>
> Attached are pictures from GRUB.
>
> Best Regards,
> J
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Tuesday, May 25, 2021 2:12 PM, Juraj Hlista juraj@juraj.me wrote:
>
> > I installed Guix again, there is just single 2TB encrypted partition with ext4 on top.
> > When booting, there is a prompt asking for a password to decrypt the partition, then there is the boot menu. When hitting enter the laptop gets stuck again just like before.
> > Seems like an issue with grub?
> > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> > On Tuesday, May 25, 2021 1:19 PM, Tobias Geerinckx-Rice me@tobias.gr wrote:
> >
> > > Juraj,
> > > Juraj Hlista 写道:
> > >
> > > > mount LABEL=system-root /mnt
> > > > mkdir /mnt/etc /mnt/boot
> > > > mount LABEL=system-boot /mnt/boot
> > >
> > > Guix System doesn't support a separate /boot partition. Seehttp://issues.guix.gnu.org/48172.
> > > I'll leave this bug unmerged with that one until we're sure that's your only issue:
> > >
> > > > I also tried to use unencrypted root partition (basically the > same as above, but without LUKS) and it works.
> > >
> > > Also with separate /boot? If so, maybe GRUB happens to look in the wrong right place (/ instead of /boot), or something else is going on.
> > > Kind regards,
> > > T G-R
Juraj Hlista <juraj@juraj.me> writes:
> There has been some progress. I added this line:
>
> (initrd-modules (cons* "i915" %base-initrd-modules))
>
> to the config and it solved the issue with freezing the laptop.
>
> Not sure how the i915 module is related to LUKS though.
>
> Best Regards,
> J
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Tuesday, May 25, 2021 7:19 PM, Juraj Hlista <juraj@juraj.me> wrote:
>
>> I tried to install Guix on unencrypted partition as well and it works.
>>
>> So to sum up my issue:
>>
>> /dev/nvme0n1p1 - 1.8TB, Linux (83)
>>
>> cryptsetup luksFormat /dev/nvme0n1p1
>> cryptsetup open /dev/nvme0n1p1 luks
>> mkfs.ext4 -L system /dev/mapper/luks
>>
>> mount LABEL=system /mnt
>> mkdir /mnt/etc
>>
>> herd start cow-store /mnt
>>
>> (bootloader
>> (bootloader-configuration
>> (bootloader grub-bootloader)
>> (target "/dev/nvme0n1")))
>> (mapped-devices
>> (list (mapped-device
>> (source (uuid "..."))
>> (target "luks")
>> (type luks-device-mapping))))
>> (file-systems
>> (cons* (file-system
>> (mount-point "/")
>> (device "/dev/mapper/luks")
>> (type "ext4")
>> (dependencies mapped-devices))
>> %base-file-systems)))
>>
>> guix system init /mnt/etc/config.scm /mnt
>> reboot
>>
>> After inserting password to decrypt, I hit enter in boot menu, laptop freezes.
>>
>> Attached are pictures from GRUB.
>>
>> Best Regards,
>> J
>>
>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>> On Tuesday, May 25, 2021 2:12 PM, Juraj Hlista juraj@juraj.me wrote:
>>
>> > I installed Guix again, there is just single 2TB encrypted partition with ext4 on top.
>> > When booting, there is a prompt asking for a password to decrypt
>> > the partition, then there is the boot menu. When hitting enter the
>> > laptop gets stuck again just like before.
>> > Seems like an issue with grub?
>> > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>> > On Tuesday, May 25, 2021 1:19 PM, Tobias Geerinckx-Rice me@tobias.gr wrote:
>> >
>> > > Juraj,
>> > > Juraj Hlista 写道:
>> > >
>> > > > mount LABEL=system-root /mnt
>> > > > mkdir /mnt/etc /mnt/boot
>> > > > mount LABEL=system-boot /mnt/boot
>> > >
>> > > Guix System doesn't support a separate /boot partition. Seehttp://issues.guix.gnu.org/48172.
>> > > I'll leave this bug unmerged with that one until we're sure that's your only issue:
>> > >
>> > > > I also tried to use unencrypted root partition (basically the
>> > > > > same as above, but without LUKS) and it works.
>> > >
>> > > Also with separate /boot? If so, maybe GRUB happens to look in
>> > > the wrong right place (/ instead of /boot), or something else is
>> > > going on.
>> > > Kind regards,
>> > > T G-R
In my experience, missing video drivers will cause the system to freeze
right when switching to GUI mode.
You may try to append:
nomodeset nosplash
to the grub configuration and get past it, but you will be in "console
mode" but at least you can take steps to get drivers.
Two passwords: it's a wonderful idea. One for GRUB, which may contain
secrets, and then one to unlock the disk.
[-- Attachment #1: Type: text/plain, Size: 699 bytes --] Juraj Hlista 写道: > Not sure how the i915 module is related to LUKS though. Not, all all. You should see the same apparent ‘freeze’ when booting the system without LUKS with ‘--repl’ on the kernel command line. Linux prompts for the LUKS passphrase early, and (obviously :-) before the root file system is mounted. The kernel needs to display this prompt. The root file system contains all drivers. See the deadlock? Adding i915 to the initrd will ensure that it is loaded before the initrd tries to mount / and asks you for the passphrase, so everything will work fine. Building i915 into the kernel would have the same effect. Kind regards, T G-R [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 247 bytes --]
Hello,
Tobias Geerinckx-Rice <me@tobias.gr> writes:
> Juraj Hlista 写道:
>> Not sure how the i915 module is related to LUKS though.
>
> Not, all all. You should see the same apparent ‘freeze’ when booting
> the system without LUKS with ‘--repl’ on the kernel command line.
>
> Linux prompts for the LUKS passphrase early, and (obviously :-) before
> the root file system is mounted. The kernel needs to display this
> prompt. The root file system contains all drivers. See the deadlock?
>
> Adding i915 to the initrd will ensure that it is loaded before the
> initrd tries to mount / and asks you for the passphrase, so
> everything will work fine. Building i915 into the kernel would have
> the same effect.
Seems this issue was about not having a required video driver in the
init RAM disk, rather than LUKS support.
Closing.
Glad you got it solved!
Maxim