Home / server / Questions / 953306
In Process
SWilk
Asked: 2019-02-12 00:32:02 +0800 CST

Cannot get kernel to ask for LUKS password at boot after migrating the system from LVM to LVM on LUKS

  • 772

I am running Linux Mint 18.3 on desktop system.

I have migrated my workstation to LVM over LUKS, from plain LVM. The system does not boot and does not ask for LUKS password at boot. I can boot the system from LiveCD and properly unlock and mount lvm logical volumes and chroot into it, so the filesystems are OK.

This is my first attempt to encrypt existing system.

I think I am doing something wrong with initramfs and it lacks either some modules, tools or configuration.

My current config, shown after chroot-ing to my root fs from a LiveDVD is:

# cat /etc/crypttab
crypt_nvme0n1p2     UUID=107e557d-9b46-4a6e-897a-1e7f206700e3   none    luks,discard
encSda1         UUID=4b7a630b-f224-4501-9dc7-6955be0fe44c   none    luks,discard

# blkid
/dev/nvme0n1p2: UUID="107e557d-9b46-4a6e-897a-1e7f206700e3" TYPE="crypto_LUKS" PARTUUID="b5caeeb7-3d41-4569-ac4f-96357c851439"
/dev/sda1: UUID="4b7a630b-f224-4501-9dc7-6955be0fe44c" TYPE="crypto_LUKS" PARTUUID="13a6508d-5e77-417e-bfbd-2d11af488128"

# pvs 
  PV                          VG      Fmt  Attr PSize   PFree  
  /dev/mapper/crypt_nvme0n1p2 vg-main lvm2 a--  237.10g  55.33g
  /dev/mapper/encSda1         vg-main lvm2 a--  465.76g 283.99g

# lvs -o+devices
  LV      VG      Attr       LSize   Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert Devices                                
  lv-home vg-main rwi-a-r--- 137.00g                                    100.00           lv-home_rimage_0(0),lv-home_rimage_1(0)
  lv-root vg-main rwi-aor---  44.76g                                    100.00           lv-root_rimage_0(0),lv-root_rimage_1(0)

# lsblk
NAME                             MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sr0                               11:0    1   1.9G  0 rom   
loop0                              7:0    0   1.8G  1 loop  
sda                                8:0    0 465.8G  0 disk  
└─sda1                             8:1    0 465.8G  0 part  
  └─encSda1                      253:1    0 465.8G  0 crypt 
    ├─vg--main-lv--home_rimage_0 253:8    0   137G  0 lvm   
    │ └─vg--main-lv--home        253:11   0   137G  0 lvm   
    ├─vg--main-lv--root_rmeta_0  253:2    0     4M  0 lvm   
    │ └─vg--main-lv--root        253:6    0  44.8G  0 lvm   /
    ├─vg--main-lv--home_rmeta_0  253:7    0     4M  0 lvm   
    │ └─vg--main-lv--home        253:11   0   137G  0 lvm   
    └─vg--main-lv--root_rimage_0 253:3    0  44.8G  0 lvm   
      └─vg--main-lv--root        253:6    0  44.8G  0 lvm   /
nvme0n1                          259:0    0 238.5G  0 disk  
├─nvme0n1p3                      259:3    0   511M  0 part  
├─nvme0n1p1                      259:1    0   125M  0 part  
├─nvme0n1p4                      259:4    0   768M  0 part  /boot
└─nvme0n1p2                      259:2    0 237.1G  0 part  
  └─crypt_nvme0n1p2              253:0    0 237.1G  0 crypt 
    ├─vg--main-lv--home_rimage_1 253:10   0   137G  0 lvm   
    │ └─vg--main-lv--home        253:11   0   137G  0 lvm   
    ├─vg--main-lv--root_rmeta_1  253:4    0     4M  0 lvm   
    │ └─vg--main-lv--root        253:6    0  44.8G  0 lvm   /
    ├─vg--main-lv--home_rmeta_1  253:9    0     4M  0 lvm   
    │ └─vg--main-lv--home        253:11   0   137G  0 lvm   
    └─vg--main-lv--root_rimage_1 253:5    0  44.8G  0 lvm   
      └─vg--main-lv--root        253:6    0  44.8G  0 lvm   /

So after encrypting this system I have edited /etc/crypttab, so it looks as shown above and I have recreated initramfs with update-initramfs -u -k all. Then I have tried to reboot the system but it cannot boot, saying that it cannot mount root fs.

The logs at startup shows:

Begin: Loading essential drivers ... done.
Begin: Running /scripts/init-premount ... done. 
Begin: Mounting root file system ... Begin Running /scripts/local-top ... lvmetad is not active yet, using direct activa(...)
during sysinit
  Volume group "vg-main" not found
  Cannot process volume group vg-main
  /run/lvm/lvmetad.socket: connect failsed: No such file or directory
  WARNING: Failed to connect to lvmetad. Falling back to internal scanning.
  Reading all pysical volumes. This may take a while...
  /run/lvm/lvmetad.socket: connect failed: No such file or directory
  WARNING: Failed to connect to lvmetad. Falling back to internal scanning.
Begin: Waiting for encrypted source device... ...     /run/lvm/lvmetad.socket: connect failsed: No such file or directory
  WARNING: Failed to connect to lvmetad. Falling back to internal scanning.
  Reading all pysical volumes. This may take a while...
  /run/lvm/lvmetad.socket: connect failed: No such file or directory
  WARNING: Failed to connect to lvmetad. Falling back to internal scanning.

Last 3 rows repeat themselves afterwards and nothing else is happening Some background

What have I done wrong? What I need to add something to the configuration of initramfs? Should I modify the kernel parameters in grub?

Some background:

I had a desktop system which was set up with LVM on a signle drive. I am trying to migrate it to encrypted setup with LUKS. I have installed temporarily another drive, set up LUKS partition on it, created PV and mirrored existing Logical Volumes (root and home) to this new encrypted drive.

Then I had wiped the old drive, created encrypted volume, and recreated LVM PV on this encrypted volume, and mirrored back the LVs. My goal is to remove the mirroring after the system is bootable, and to remove the temporary disk.

lvm

1 Answers

  1. modules needed at boottime

    lvm2
dmcrypt

    Guess dmcrypt is missing. Be sure to add those 2 to /etc/initramfs-tools/modules

    They also depend on busybox so make sure busybox is installed.

    then dont forget to update-initramfs -u

    • 1