From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 4B41E15817D for ; Mon, 17 Jun 2024 06:23:46 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 41A87E2A28; Mon, 17 Jun 2024 06:23:40 +0000 (UTC) Received: from mailsrv30.linznet.at (mailsrv30.linznet.at [80.66.43.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6357CE2A01 for ; Mon, 17 Jun 2024 06:23:38 +0000 (UTC) Received: from mail.linznet.at (mail.linznet.at [80.66.39.75]) by mailsrv30.linznet.at (Postfix) with ESMTPS id 992E47D28C for ; Mon, 17 Jun 2024 08:23:37 +0200 (CEST) Received: (qmail 3974271 invoked from network); 17 Jun 2024 06:23:37 -0000 Received: from unknown (HELO zeus.localnet) (a03096@linznet.at@91.142.26.35) by mail.linznet.at with ESMTPA; 17 Jun 2024 06:23:37 -0000 From: Alexander Puchmayr To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] [SOLVED] Uefi + uki stuck while booting (/dev/gpt-auto-root) Date: Mon, 17 Jun 2024 08:23:36 +0200 Message-ID: <8427142.NyiUUSuA9g@zeus> In-Reply-To: <2153625.OBFZWjSADL@rogueboard> References: <22321113.EfDdHjke4D@zeus> <2153625.OBFZWjSADL@rogueboard> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Archives-Salt: 5109c8b7-99b8-4064-833a-f747fb9a25f4 X-Archives-Hash: 344e2e0a90b008a931dba2e7932f0116 On Sonntag, 16. Juni 2024, 12:59:54 CEST Michael wrote: > I'm not the right person to comment reliably on this, because I don't use > systemd and do not use LVM, but until someone else chimes in I'll give it a > go ... :-) > I found the solution for my specific setup (lvm+luks+secureboot: installkernel: USE+=uki ukify Systemd: USE += secureboot cryptsetup boot ukify This implies that installkernel is using dracut for creating an initrd and systemd's uki-generator for creating the efi file. Systemd's uki generator is configured in /etc/kernel/uki.conf: [UKI] SecureBootSigningTool=sbsign SecureBootPrivateKey="/usr/share/secureboot/keys/db/db.key" SecureBootCertificate="/usr/share/secureboot/keys/db/db.pem" Cmdline=dolvm rd.luks.uuid=luks- root=/dev/mapper/ rd.luks.options=discard Where is the patition uuid of the encrypted lvm container and the real root inside the contianer (/dev/mapper/). The dolvm instructs initrd to trigger the lvm discovery, rd.luks.uuid being defined tells it to use cryptsetup luksOpen on the specified device. rd.luks.options=discard is optional and enables pass-through of ssd trim commands through the lvm layer to the real nvme-ssd. The relevant information I was looking for is the Cmdline arguement in uki.conf. Best Regards Alex > On Sunday, 16 June 2024 09:04:26 BST Alexander Puchmayr wrote: > > Hi there, > > > > I just tried to prepare my new laptop for UFEI+secureboot by creating a > > single unified kernel image including kernel,initrd,microcode,etc. > > NB: The partition layout has a vfat/Efi partition and a luks encrypted lvm > > container holding SYS(Root), Data(home) and swap. > > > > I added uki and ukify use flags to installkernel and systemd, checked the > > configuration again and configured the kernel by emerge --config > > sys-kernel/ gentoo-kernel. > > > > Bulding the kernel image seems to work fine, the log messages say its > > creating a initrd using dracut, creating a efi file, signing it properly > > and even installs it under /boot/efi/EFI/Linux. > > Why is the ESP mounted under /boot/efi, instead of /efi? > > https://wiki.gentoo.org/wiki/EFI_System_Partition#Mount_point > > > When booting it, it loads the kernel and then seems to get stuck: > > > > Timed out waiting for device /dev/gpt-auto-root > > Dependency failed for File System Check in /dev/gpt-auto-root > > Dependency failed for Root Partition > > Dependency failed for Initrd Root File System > > Dependency failed for Initrd Mountpoints Configured in the Real Root > > Dependency failed for Initrd Root Device > > The gpt-auto-root is a script which tries to automatically detect and mount > the root fs. Did you create your partition(s) with GPT and did you select > the correct partition type "Linux Root (x86-64)" to make sure the partition > GUID code for LUKS is correct according to the Discoverable Partitions > Specification? If you used fdisk, you'll probably need to add the partition > type GUID code manually, as advised in the Handbook. Press -i in fdisk to > find out what it currently is set as. > > > Then it ends up in an emergency shell. > > > > There's a log in /run/initramfs/rdsosreport.txt, which reveals that it > > does > > not find my encrypted lvm partition (LUKS encrypted lvm container holding > > SYS, DATA, SWAP, etc), which obviously needs to be setup first. Seems like > > some boot parameter is missing. > > Did you configure dracut to include the necessary modules and to add the > corresponding LUKS and LVM UUIDs? > > https://wiki.gentoo.org/wiki/ > Full_Disk_Encryption_From_Scratch#Initramfs_configuration > > > Checking systemd's USE flags: Relevant flags lvm + cryptsetup + boot + > > secureboot use flags are set > > > > To me it looks like as if its missing information which partition to use > > for decrypting/mounting, and which lvm volume to use as real-root. > > > > Is this a dracut configuration? A systemd configruation? An installkernel > > configuration? Something else? > > > > Thanks > > > > Alex > > I think this is a dracut configuration issue, because systemd's 'kernel- > install' setup is relatively straight forward: > > https://wiki.gentoo.org/wiki/Installkernel#Systemd_kernel-install_.28USE.3D. > 2Bsystemd.29 > > If the problem is with dracut as I suspect, you may find 'sys-kernel/ugrd' > easier than dracut for your type of installation, but dracut should work too > if correctly configured. > > HTH.