The officially official Devuan Forum!

You are not logged in.

#1 Re: Installation » [SOLVED] Chimaera install, encrypted root » 2022-10-26 08:42:23

Yes!!!!  Success!!!  Thank you fsmithred!!

Your hint about keyfiles, I couldn't find an exact post. This one https://dev1galaxy.org/viewtopic.php?id=597 Talks has an unencrypted boot, encrypted root.  But searching, found https://cryptsetup-team.pages.debian.ne … -boot.html
Root at install is LUKS1 encrypted. So only section 4 is needed. Boot is already on the root partition.  So I only needed to followed the steps in section

4 Avoiding the extra password prompt

Reboot and success!

golinux:  Found why the code buttons didn't work previously. Plugins. The posts today were on mobile without them. Added exception rules for the site.

#2 Re: Installation » [SOLVED] Chimaera install, encrypted root » 2022-10-25 22:21:18

face palm

It uses square brackets not < > . Thanks for that. How'd I miss the buttons!
Is there an option to make the forums more mobile friendly?

Secure boot: In the BIOS is an option to use it, or use legacy. Also an option to try different combinations.

I don't think it's the problem. As I get the boot is happening. I think some config setting that's not getting the right volume for root_fs.
Grub unlocks root_fs to load the kernel from. So it's unlocked initially.

#3 Re: Installation » [SOLVED] Chimaera install, encrypted root » 2022-10-25 21:09:52

Secure boot turned on or off makes no difference to this.
The system boots. I just need to enter the crypt password twice.
I want to stop that.

I used the code tags, but preview of the post didn't show any change. The help showed indenting at least 2 spaces was the alternative.
But, that doesn't help the readability either.

Edit: Looked into secure boot more. Secure boot is turned on in the BIOS, but secure boot is NOT being used.

mokutil --sb-state

SecureBoot disabled
Platform is in Setup Mode

Found https://wiki.debian.org/SecureBoot but decided not to test it.

#4 Installation » [SOLVED] Chimaera install, encrypted root » 2022-10-25 18:23:00

F5PPu6kGqj
Replies: 7

Chimaera desktop-live used.
Lenovo x230

Boot desktop-live and installed to /dev/sda2, choose encrypted root. No separate boot partition. /dev/sda1 is the EFI partition. Installed boot loader. No errors during the install. On reboot the boot failed. HD not recognised as a bootable device. Booted from the desktop-live usb again. Unencrypted /dev/sda2 and chroot'ed into the install and run

    grub-install --uefi-secure-boot --target=x86_64-efi /dev/sda 
    Installing for x86_64-efi platform.
    Installation finished. No error reported.

Reboot:

  Attempting to decrypt master key...
  Enter passphrase for hd0,gpt2 (94454ab59343fd43c99):

I enter the sda2 crypt password and screen changes graphical options, and I pick:

 
  Booting 'Devuan GNU/Linux'
  Loading Linux 5.10.0-19-amd64 ...
  Loading initial ramdisk ...

But then it drops back to console:

  [   0.190978] x86/cpu: VDX (outside TXT) disabled by BIOS
  [   2.425227] integrity: Couldn't parse dbx signatures: -74
  Please unlock disk root_fs: _ 

If I enter the crypt password again, the boot continues and I can log in.

VDX (outside TXT) disabled by BIOS

I have these turned options off in the BIOS. Turning them on makes no difference to the boot. Adds a few more error messages if they are on. I don't know why I have them off atm.

Turning secure boot on/off in the BIOS doesn't matter

I think it's a configuration issue with grub? sda2 is decrypted by grub to show the menu, and to be able to start loading the ramdisk. After much trouble shooting editing files, gave up. Run the installer again.   

Only option I picked from the installer was encrypted root.  I also choose to install the bootloader. The install completed without problems. Reboot and the problem of two password prompts persists.  I unlock grub, get the GUI boot option menu, select and ramdisk starts to load before dropping back to the console for password. After which the system boots.

How can I fix this so I don't need to enter the disk encryption password twice?

Here are the current files:

cat /etc/crypttab

  # <target name>	<source device>		<key file>	<options>
  root_fs		UUID=68355f0d-4b1f-428f-85e0-7bdc0fc63f2c		none	luks

cat /etc/fstab

  /dev/mapper/root_fs	/	ext4	defaults,noatime	0	1
  /swapfile	none	swap	sw	0	0
  UUID=10D7-FB08	/boot/efi	vfat	umask=0077	0	1

cat /etc/default/grub

  # If you change this file, run 'update-grub' afterwards to update
  # /boot/grub/grub.cfg.
  # For full documentation of the options in this file, see:
  #   info -f grub -n 'Simple configuration'
  
  GRUB_DEFAULT=0
  GRUB_TIMEOUT=5
  GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
  GRUB_CMDLINE_LINUX_DEFAULT="quiet"
  GRUB_CMDLINE_LINUX=""
   
  # Uncomment to enable BadRAM filtering, modify to suit your needs
  # This works with Linux (no patch required) and with any kernel that obtains
  # the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
  #GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"
  
  # Uncomment to disable graphical terminal (grub-pc only)
  #GRUB_TERMINAL=console 
  
  # The resolution used on graphical terminal
  # note that you can use only modes which your graphic card supports via VBE
  # you can see them in real GRUB with the command `vbeinfo'
  #GRUB_GFXMODE=640x480 
  
  # Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
  #GRUB_DISABLE_LINUX_UUID=true
  
  # Uncomment to disable generation of recovery mode menu entries
  #GRUB_DISABLE_RECOVERY="true" 
  
  # Uncomment to get a beep at grub start
  #GRUB_INIT_TUNE="480 440 1"
  
  GRUB_THEME=/usr/share/desktop-base/grub-themes/desktop-grub-theme/theme.txt
  
  GRUB_ENABLE_CRYPTODISK=y

sudo fdisk -l

  Disk /dev/sda: 119.24 GiB, 128035676160 bytes, 250069680 sectors
  Disk model: SAMSUNG MZ7PA128
  Units: sectors of 1 * 512 = 512 bytes
  Sector size (logical/physical): 512 bytes / 512 bytes
  I/O size (minimum/optimal): 512 bytes / 512 bytes
  Disklabel type: gpt
  Disk identifier: 65F1E106-FA8A-47F1-BB09-4CF534271C34
  
  Device      Start       End   Sectors   Size Type
  /dev/sda1    2048    616447    614400   300M EFI System
  /dev/sda2  616448 250068991 249452544 118.9G Linux filesystem

  Disk /dev/mapper/root_fs: 118.95 GiB, 127717605376 bytes, 249448448 sectors
  Units: sectors of 1 * 512 = 512 bytes
  Sector size (logical/physical): 512 bytes / 512 bytes
  I/O size (minimum/optimal): 512 bytes / 512 bytes

Board footer

Forum Software