LUKS, Udev, Splashy, Hell

Hey! I'm another one of those guys who updated and now their computer is on the ritz. I got the following problems:
--Keymap defaults to qwerty in LUKS even though 'keymap' is loaded in mkinitcpio.conf and configured to dvorak in rc.conf
--I get this esoteric error in LUKS:
device-mapper:remove ioctl failed: Device or Resource is busy
I did some google searches and most of the posts were 'I dunno it doesn't work and now it does, Udev sucks'. Half the time my password gets accepted anyway and the other half of the time it doesn't.
--Splashy turned into a big grey screen and then went black. I've been having splashy crash after Udev begins for a while now (the screen turns back on at the GNOME login) but now it doesn't even begin at all. I suspect it's because it uses modified initscripts. I uninstalled splashy, removed it from mkinitcpio.conf, changed back to normal initscripts and recompiled the kernel and the system still crashes.
I saw another thread tracing some of these problems to a kernel issue--please note that I'm NOT using a custom kernel, I'm just using the vanilla stuff the repos give me. Any idea what I should do to fix this? I'm pretty sure all this is either because of klibc, udev, or initscripts being broken but I don't know where to go from here.
EDIT:
OK, I chrooted into my system and upgraded it, and the screen still goes black and the correct keyboard (dvorak) still doesn't load at luks anymore, but even though the screen is black I can see the disk light going off at irregular intervals, leading me to believe part of the boot process is still working, even if I don't know what part it is.
Last edited by Ferrenrock (2010-02-05 06:29:24)

Hello Ferrenrock,
this is my mkinitcpio.conf. I don't use v86d hook, so this can't be the problem.
[robert@thinkpad ~]$ cat /etc/mkinitcpio.conf
# vim:set ft=sh
# MODULES
# The following modules are loaded before any boot hooks are
# run. Advanced users may wish to specify all system modules
# in this array. For instance:
# MODULES="piix ide_disk reiserfs"
MODULES="intel_agp i915"
# BINARIES
# This setting includes, into the CPIO image, and additional
# binaries a given user may wish. This is run first, so may
# be used to override the actual binaries used in a given hook.
# (Existing files are NOT overwritten is already added)
# BINARIES are dependancy parsed, so you may safely ignore libraries
BINARIES=""
# FILES
# This setting is similar to BINARIES above, however, files are added
# as-is and are not parsed in anyway. This is useful for config files.
# Some users may wish to include modprobe.conf for custom module options,
# like so:
# FILES="/etc/modprobe.conf"
FILES="/etc/modprobe.d/modprobe.conf"
# HOOKS
# This is the most important setting in this file. The HOOKS control the
# modules and scripts added to the image, and what happens at boot time.
# Order is important, and it is recommended that you do not change the
# order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for
# help on a given hook.
# 'base' is _required_ unless you know precisely what you are doing.
# 'udev' is _required_ in order to automatically load modules
# 'modload' may be used in place of 'udev', but is not recommended
# 'filesystems' is _required_ unless you specify your fs modules in MODULES
# Examples:
# This setup specifies all modules in the MODULES setting above.
# No raid, lvm2, or encrypted root is needed.
# HOOKS="base"
# This setup will autodetect all modules for your system and should
# work as a sane default
# HOOKS="base udev autodetect pata scsi sata filesystems"
# This is identical to the above, except the old ide subsystem is
# used for IDE devices instead of the new pata subsystem.
# HOOKS="base udev autodetect ide scsi sata filesystems"
# This setup will generate a 'full' image which supports most systems.
# No autodetection is done.
# HOOKS="base udev pata scsi sata usb filesystems"
# This setup assembles an pata raid array with an encrypted root FS.
# Note: See 'mkinitcpio -H raid' for more information on raid devices.
# HOOKS="base udev pata raid encrypt filesystems"
# This setup loads an lvm2 volume group on a usb device.
# HOOKS="base udev usb lvm2 filesystems"
HOOKS="base udev autodetect pata scsi sata encrypt lvm2 filesystems"
# COMPRESSION
# Use this to compress the initramfs image. With kernels earlier than
# 2.6.30, only gzip is supported, which is also the default. Newer kernels
# support gzip, bzip2 and lzma.
#COMPRESSION="gzip"
#COMPRESSION="bzip2"
#COMPRESSION="lzma"
Last edited by orschiro (2010-02-10 22:25:11)

Similar Messages

  • MacBookPro1,1 (Mid 2006) Bluetooth not working

    I recently installed Arch on an old MacBook Pro (v1,1) from 2006, and I'm having problems getting bluetooth to work.  I'm using bluez4 because I'm using gnome-shell.
    hciconfig produces no output.
    lsusb shows the device in HID mode,
    $ lsusb
    Bus 001 Device 003: ID 05ac:8501 Apple, Inc. Built-in iSight [Micron]
    Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
    Bus 005 Device 002: ID 05ac:1000 Apple, Inc. Bluetooth HCI MacBookPro (HID mode)
    Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
    Bus 004 Device 002: ID 05ac:8240 Apple, Inc. Built-in IR Receiver
    Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
    Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
    Bus 002 Device 002: ID 05ac:0217 Apple, Inc. Internal Keyboard/Trackpad (ANSI)
    Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
    so I tried running hid2hci (as suggested by the Bluetooth wiki page) with the path determined as described in this post.
    # /lib/udev/hid2hci --devpath devices/pci0000:00/0000:00:1d.3/usb5/5-1 --method csr
    Can't open device: No such file or directory (2)
    error: unable to handle '/sys/devices/pci0000:00/0000:00:1d.3/usb5/5-1'
    $ stat /sys/devices/pci0000:00/0000:00:1d.3/usb5/5-1
    File: '/sys/devices/pci0000:00/0000:00:1d.3/usb5/5-1'
    Size: 0 Blocks: 0 IO Block: 4096 directory
    Device: dh/13d Inode: 12166 Links: 6
    Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
    Access: 2013-09-29 16:07:26.268170146 -0400
    Modify: 2013-09-29 15:39:37.720357106 -0400
    Change: 2013-09-29 15:39:37.720357106 -0400
    Birth: -
    Any ideas?
    $ uname -a
    Linux hydrogen 3.11.2-1-ARCH #1 SMP PREEMPT Fri Sep 27 08:03:21 CEST 2013 i686 GNU/Linux
    $ lsmod
    Module Size Used by
    fuse 65847 3
    bnep 8922 2
    bluetooth 271173 7 bnep
    hid_appleir 2264 0
    hid_generic 749 0
    hid_apple 4205 0
    uvcvideo 63684 0
    videobuf2_vmalloc 2604 1 uvcvideo
    videobuf2_memops 1683 1 videobuf2_vmalloc
    videobuf2_core 24341 1 uvcvideo
    usbhid 36609 0
    lm63 10557 0
    videodev 88107 2 uvcvideo,videobuf2_core
    media 9140 2 uvcvideo,videodev
    hid 70718 4 hid_generic,usbhid,hid_appleir,hid_apple
    joydev 7339 0
    iTCO_wdt 4471 0
    appletouch 8402 0
    iTCO_vendor_support 1545 1 iTCO_wdt
    arc4 1628 2
    evdev 8208 13
    applesmc 9834 0
    coretemp 5278 0
    input_polldev 2142 1 applesmc
    radeon 1117014 3
    kvm_intel 121535 0
    kvm 321817 1 kvm_intel
    ttm 47394 1 radeon
    drm_kms_helper 31934 1 radeon
    microcode 10132 0
    drm 191226 5 ttm,drm_kms_helper,radeon
    ath5k 125372 0
    pcspkr 1487 0
    i2c_i801 9905 0
    acpi_cpufreq 9523 1
    i2c_algo_bit 4583 1 radeon
    mperf 991 1 acpi_cpufreq
    ath 12669 1 ath5k
    of_i2c 1774 1 i2c_i801
    mac80211 389700 1 ath5k
    lpc_ich 11460 0
    sky2 43633 0
    tpm_infineon 7342 0
    intel_agp 8688 0
    intel_gtt 10172 1 intel_agp
    agpgart 22047 4 drm,ttm,intel_agp,intel_gtt
    cfg80211 336964 3 ath,ath5k,mac80211
    rfkill 12714 5 cfg80211,bluetooth
    tpm 13163 1 tpm_infineon
    video 10071 0
    processor 22169 3 acpi_cpufreq
    i2c_core 19967 8 drm,lm63,i2c_i801,drm_kms_helper,i2c_algo_bit,of_i2c,radeon,videodev
    apple_bl 2956 0
    tpm_bios 8381 1 tpm
    snd_hda_codec_idt 32712 1
    snd_hda_intel 30903 3
    battery 5589 0
    ac 2668 0
    button 3685 0
    snd_hda_codec 127562 2 snd_hda_codec_idt,snd_hda_intel
    snd_hwdep 4746 1 snd_hda_codec
    shpchp 21973 0
    snd_pcm 63876 2 snd_hda_codec,snd_hda_intel
    snd_page_alloc 5974 2 snd_pcm,snd_hda_intel
    snd_timer 14942 1 snd_pcm
    snd 44566 12 snd_hwdep,snd_timer,snd_hda_codec_idt,snd_pcm,snd_hda_codec,snd_hda_intel
    soundcore 4386 1 snd
    ext4 425604 2
    crc16 1091 2 ext4,bluetooth
    mbcache 4290 1 ext4
    jbd2 70221 1 ext4
    sd_mod 28311 4
    sr_mod 13055 0
    cdrom 29900 1 sr_mod
    ata_generic 2434 0
    pata_acpi 2367 0
    ata_piix 20856 4
    libata 149201 3 pata_acpi,ata_generic,ata_piix
    scsi_mod 108590 3 libata,sd_mod,sr_mod
    firewire_ohci 27462 0
    uhci_hcd 21416 0
    ehci_pci 3404 0
    ehci_hcd 42852 1 ehci_pci
    firewire_core 44687 1 firewire_ohci
    crc_itu_t 1095 1 firewire_core
    usbcore 152779 6 uhci_hcd,uvcvideo,ehci_hcd,ehci_pci,usbhid,appletouch
    usb_common 1399 1 usbcore

    hi, same here on a Mac Mini (mid 2007)  I've tested with bluez4 and bluez5.
    [root@luke mau]# uname -a
    Linux luke 3.11.2-1-ARCH #1 SMP PREEMPT Fri Sep 27 07:35:36 CEST 2013 x86_64 GNU/Linux
    [root@luke mau]# lsusb
    Bus 005 Device 002: ID 05ac:1000 Apple, Inc. Bluetooth HCI MacBookPro (HID mode)
    [root@luke mau]# hid2hci
    Can't open device: No such file or directory (2)
    [root@luke mau]# hcitool dev
    Devices:
    [root@luke mau]# hidd --show
    Following this post https://bbs.archlinux.org/viewtopic.php?id=167210 I thought it might have something to do with the kernel? I tried to downgrade kernel from 3.11 to 3.10 an then to 3.9 without resolving the issue.
    [root@luke mau]# uname -a
    Linux luke 3.9.7-1-ARCH #1 SMP PREEMPT Mon Sep 30 21:51:49 CEST 2013 x86_64 GNU/Linux
    [root@luke mau]# lsusb
    Bus 004 Device 002: ID 05ac:1000 Apple, Inc. Bluetooth HCI MacBookPro (HID mode)
    [root@luke mau]# /lib/udev/hid2hci --devpath devices/pci0000:00/0000:00:1d.3/usb5/5-1 --method csr
    error: could not find 'devices/pci0000:00/0000:00:1d.3/usb5/5-1
    Here what dmesg tells me about  bluetooth:
    $ dmesg | grep bluetooth
    [root@luke mau]# dmesg | grep Bluetooth
    [ 63.467549] Bluetooth: Core ver 2.16
    [ 63.467589] Bluetooth: HCI device and connection manager initialized
    [ 63.467605] Bluetooth: HCI socket layer initialized
    [ 63.467609] Bluetooth: L2CAP socket layer initialized
    [ 63.467617] Bluetooth: SCO socket layer initialized
    [ 63.583429] Bluetooth: RFCOMM TTY layer initialized
    [ 63.583449] Bluetooth: RFCOMM socket layer initialized
    [ 63.583451] Bluetooth: RFCOMM ver 1.11
    [ 107.627839] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
    [ 107.627858] Bluetooth: HIDP socket layer initialized
    Here my loaded kernel(3.9)modules
    [root@luke mau]# lsmod
    Module Size Used by
    hidp 18002 0
    rfcomm 51516 0
    bluetooth 304004 4 hidp,rfcomm
    nfsv4 219580 1
    nfsd 266601 9
    auth_rpcgss 34243 2 nfsd,nfsv4
    nfs_acl 2615 1 nfsd
    arc4 2000 2
    ath5k 135820 0
    ath 15489 1 ath5k
    mac80211 487694 1 ath5k
    cfg80211 452268 3 ath,ath5k,mac80211
    iTCO_wdt 5407 0
    iTCO_vendor_support 1929 1 iTCO_wdt
    rfkill 15626 3 cfg80211,bluetooth
    i2c_i801 11269 0
    sky2 49507 0
    applesmc 11918 0
    input_polldev 2850 1 applesmc
    coretemp 6102 0
    snd_hda_codec_idt 37946 1
    shpchp 25649 0
    kvm_intel 125437 0
    kvm 390199 1 kvm_intel
    microcode 13204 0
    snd_hda_intel 35816 0
    snd_hda_codec 145920 2 snd_hda_codec_idt,snd_hda_intel
    snd_hwdep 6364 1 snd_hda_codec
    snd_pcm 76860 2 snd_hda_codec,snd_hda_intel
    snd_page_alloc 7362 2 snd_pcm,snd_hda_intel
    pcspkr 2027 0
    snd_timer 18687 1 snd_pcm
    snd 58893 6 snd_hwdep,snd_timer,snd_hda_codec_idt,snd_pcm,snd_hda_codec,snd_hda_intel
    lpc_ich 12849 0
    pci_hotplug 22930 1 shpchp
    soundcore 5418 1 snd
    evdev 9912 10
    nfs 144455 2 nfsv4
    lockd 76709 2 nfs,nfsd
    sunrpc 220758 30 nfs,nfsd,auth_rpcgss,lockd,nfsv4,nfs_acl
    fscache 44638 2 nfs,nfsv4
    acpi_cpufreq 10726 1
    mperf 1299 1 acpi_cpufreq
    processor 27555 3 acpi_cpufreq
    ext4 486052 6
    crc16 1359 2 ext4,bluetooth
    mbcache 5930 1 ext4
    jbd2 85240 1 ext4
    hid_generic 1153 0
    usbhid 40956 0
    hid 87539 3 hidp,hid_generic,usbhid
    dm_mod 72527 29
    sr_mod 14930 0
    cdrom 35072 1 sr_mod
    sd_mod 30858 3
    ata_generic 3370 0
    pata_acpi 3387 0
    ata_piix 24888 2
    firewire_ohci 31845 0
    libata 170033 3 pata_acpi,ata_generic,ata_piix
    scsi_mod 129628 3 libata,sd_mod,sr_mod
    firewire_core 52307 1 firewire_ohci
    crc_itu_t 1363 1 firewire_core
    ehci_pci 4120 0
    uhci_hcd 24627 0
    ehci_hcd 47407 1 ehci_pci
    usbcore 177091 4 uhci_hcd,ehci_hcd,ehci_pci,usbhid
    usb_common 954 1 usbcore
    i915 563542 4
    video 11203 1 i915
    button 4669 1 i915
    i2c_algo_bit 5391 1 i915
    intel_agp 10872 1 i915
    intel_gtt 12664 3 i915,intel_agp
    drm_kms_helper 35086 1 i915
    drm 230013 5 i915,drm_kms_helper
    i2c_core 22447 5 drm,i915,i2c_i801,drm_kms_helper,i2c_algo_bit
    So its not the kernel module and installing bluez5 or bluez4 made no difference.
    [root@luke mau]# pacman -Ss bluez | grep installed
    extra/bluez-firmware 1.2-7 [installed]
    extra/bluez-libs 5.9-1 [installed]
    extra/bluez-utils 5.9-1 [installed]
    extra/bluez4 4.101-3 [installed]
    [root@luke udev]# sha1sum hid2hci
    09dbf30a30cd0f8a2ca46f6009e0cd979e745159 hid2hci
    after installing bluez version 5
    [root@luke udev]# pacman -Ss bluez | grep installed
    extra/bluez 5.9-1 [installed]
    extra/bluez-firmware 1.2-7 [installed]
    extra/bluez-libs 5.9-1 [installed]
    extra/bluez-utils 5.9-1 [installed]
    [root@luke udev]# sha1sum hid2hci
    09dbf30a30cd0f8a2ca46f6009e0cd979e745159 hid2hci
    Ha that's the same file! I am going to downgrade that next....
    [root@luke pkg]# pacman -Qo /lib/udev/hid2hci
    /lib/udev/hid2hci is owned by bluez-utils 5.9-1
    [root@luke pkg]# find /var/cache/pacman/pkg -name 'bluez-*'
    /var/cache/pacman/pkg/bluez-utils-5.7-1-x86_64.pkg.tar.xz
    /var/cache/pacman/pkg/bluez-5.9-1-x86_64.pkg.tar.xz
    /var/cache/pacman/pkg/bluez-libs-5.7-1-x86_64.pkg.tar.xz
    /var/cache/pacman/pkg/bluez-firmware-1.2-7-any.pkg.tar.xz
    /var/cache/pacman/pkg/bluez-libs-5.9-1-x86_64.pkg.tar.xz
    /var/cache/pacman/pkg/bluez-utils-5.9-1-x86_64.pkg.tar.xz
    [root@luke pkg]# sha1sum /lib/udev/hid2hci
    937659778fc90263e3e5d00baa01653273f1f5c8 /lib/udev/hid2hci
    [root@luke pkg]# /lib/udev/hid2hci --devpath devices/pci0000:00/0000:00:1d.3/usb5/5-1 --method csr
    error: could not find 'devices/pci0000:00/0000:00:1d.3/usb5/5-1'
    [root@luke pkg]# pacman -U /var/cache/pacman/pkg/bluez-libs-5.7-1-x86_64.pkg.tar.xz
    [root@luke pkg]# systemctl daemon-reload
    [root@luke pkg]# systemctl restart bluetooth
    [root@luke pkg]# /lib/udev/hid2hci --devpath devices/pci0000:00/0000:00:1d.3/usb5/5-1 --method csr
    error: could not find 'devices/pci0000:00/0000:00:1d.3/usb5/5-1'
    So still no clues.... but I think it's related to hid2hci not able to switch mode, I would like to test with bluez-utils < 5.7 but don't have that package at hand, will try to boot from an older install CD just to be sure what the old behavior of hid2hci was and confirm that it should work.
    Last edited by m2 (2013-09-30 21:36:59)

  • Changes to LVM2 and udev break LVM2 on LUKS?

    Hey all,
    After today's update I have an error on boot that I can't seem to figure out. I like many people, got an error when building mkinitcpio during the update. I reran mkinitcpio after the update, there were no errors, everything was great.
    Before I explain the issue fully, here is my setup.
    I have a lvm on a luks partition. On the lvm resides "/" "/home" and "swap". My mkinitcpio HOOKs line looks like this
    HOOKS="base udev autodetect modconf block mdadm_udev encrypt lvm2 filesystems keyboard fsck"
    Note that as you might have guessed from "mdadm_udev" I am using a raid, but this array is separate from my critical partitions, such root and home.
    Now for my issue.
    When I boot the machine, it executes up until the encrypt hook. It prompts for my password to decrypt the volume, which if given correctly, it does nothing for an unusually long time, then it prints
    end_request: I/O error, dev fd0, sector 0
    I don't have a floppy drive.
    I can mount the system from installation media and chroot into the system, and everything seems fine. I checked my lvm.conf file to make sure it included the line "use_lvmetad = 1" which it does. I reran,
    mkinitcpio -p linux
    This did not solve the issue.
    Any thoughts on what could be causing this?
    Thanks,
    -D
    ############## UPDATE ###############
    Working fix here: https://bbs.archlinux.org/viewtopic.php … 2#p1232092
    Bug report here: https://bugs.archlinux.org/task/33851
    Last edited by jasonwryan (2013-02-14 19:45:56)

    I also use LVM with a configuration similar to Xyne's. I updated this morning and my system booted fine. The only thing unusual about my setup is that I update in chroot from another (minimal) up-to-date Arch system on the same machine. Here's some details, I'm happy to provide anything else if needed.
    # fdisk -l /dev/sd?
    Disk /dev/sda: 251.1 GB, 251059544064 bytes, 490350672 sectors
    Device Boot Start End Blocks Id System
    /dev/sda1 2048 2099199 1048576 83 Linux
    /dev/sda2 * 2099200 2303999 102400 83 Linux
    /dev/sda3 2304000 490350671 244023336 8e Linux LVM
    Disk /dev/sdb: 251.1 GB, 251059544064 bytes, 490350672 sectors
    Device Boot Start End Blocks Id System
    /dev/sdb1 2048 490350671 245174312 8e Linux LVM
    Disk /dev/sdc: 251.1 GB, 251059544064 bytes, 490350672 sectors
    Device Boot Start End Blocks Id System
    /dev/sdc1 2048 490350671 245174312 8e Linux LVM
    Note: sda1 is the minimal system, sda2 is /boot for both systems. sda3 and sdb1 make up VG0. sdc1 makes up VG1.
    # lvscan
    ACTIVE Original '/dev/VG0/lv_root' [5.00 GiB] inherit
    ACTIVE Original '/dev/VG0/lv_home' [10.00 GiB] inherit
    ACTIVE '/dev/VG0/lv_data' [212.00 GiB] inherit
    ACTIVE Original '/dev/VG0/lv_var' [5.71 GiB] contiguous
    ACTIVE '/dev/VG0/lv_temp' [10.00 GiB] inherit
    ACTIVE '/dev/VG0/lv_build' [10.00 GiB] contiguous
    ACTIVE Snapshot '/dev/VG0/ss_root' [5.00 GiB] inherit
    ACTIVE Snapshot '/dev/VG0/ss_var' [5.71 GiB] inherit
    ACTIVE Snapshot '/dev/VG0/ss_home' [10.00 GiB] inherit
    ACTIVE '/dev/VG1/lv_bucket' [230.00 GiB] inherit
    ACTIVE '/dev/VG1/lv_swap1' [3.81 GiB] inherit
    # cat /etc/mkinitcpio.conf
    MODULES="nouveau"
    BINARIES=""
    FILES=""
    HOOKS="timestamp base udev autodetect block lvm2 filesystems fsck shutdown"
    COMPRESSION="xz"
    COMPRESSION_OPTIONS="-e -9"
    I saw something about fd0 when I first ran lvscan after a boot, but it didn't appear again that boot and I haven't tried to reproduce. I also had some errors related to my snapshots during boot:
    Feb 13 10:53:18 caddywhompus kernel: device-mapper: table: 254:4: snapshot: Snapshot cow pairing for exception table handover failed
    Feb 13 10:53:18 caddywhompus kernel: device-mapper: ioctl: error adding target to table
    Feb 13 10:53:18 caddywhompus kernel: device-mapper: table: 254:14: snapshot: Snapshot cow pairing for exception table handover failed
    Feb 13 10:53:18 caddywhompus kernel: device-mapper: ioctl: error adding target to table
    Note: the first and third lines are "error red"

  • System encryption using LUKS and GPG encrypted keys for arch linux

    Update: As of 2012-03-28, arch changed from gnupg 1.4 to 2.x which uses pinentry for the password dialog. The "etwo" hook described here doesn't work with gnupg 2. Either use the openssl hook below or use a statically compiled version of gnupg 1.4.
    Update: As of 2012-12-19, the mkinitcpio is not called during boot, unless the "install" file for the hook contains "add_runscript". This resulted in an unbootable system for me. Also, the method name was changed from install () to build ().
    Update: 2013-01-13: Updated the hook files using the corrections by Deth.
    Note: This guide is a bit dated now, in particular the arch installation might be different now. But essentially, the approach stays the same. Please also take a look at the posts further down, specifically the alternative hooks that use openssl.
    I always wanted to set up a fully encrypted arch linux server that uses gpg encrypted keyfiles on an external usb stick and luks for root filesystem encryption. I already did it once in gentoo using this guide. For arch, I had to play alot with initcpio hooks and after one day of experimentation, I finally got it working. I wrote a little guide for myself which I'm going to share here for anyone that might be interested. There might be better or easier ways, like I said this is just how I did it. I hope it might help someone else. Constructive feedback is always welcome
    Intro
    Using arch linux mkinitcpio's encrypt hook, one can easily use encrypted root partitions with LUKS. It's also possible to use key files stored on an external drive, like an usb stick. However, if someone steals your usb stick, he can just copy the key and potentially access the system. I wanted to have a little extra security by additionally encrypting the key file with gpg using a symmetric cipher and a passphrase.
    Since the encrypt hook doesn't support this scenario, I created a modifed hook called “etwo” (silly name I know, it was the first thing that came to my mind). It will simply look if the key file has the extension .gpg and, if yes, use gpg to decrypt it, then pipe the result into cryptsetup.
    Conventions
    In this short guide, I use the following disk/partition names:
    /dev/sda: is the hard disk that will contain an encrypted swap (/dev/sda1), /var (/dev/sda2) and root (/dev/sda3) partition.
    /dev/sdb is the usb stick that will contain the gpg encrypted luks keys, the kernel and grub. It will have one partition /dev/sdb1 formatted with ext2.
    /dev/mapper/root, /dev/mapper/swap and /dev/mapper/var will be the encrypted devices.
    Credits
    Thanks to the authors of SECURITY_System_Encryption_DM-Crypt_with_LUKS (gentoo wiki), System Encryption with LUKS (arch wiki), mkinitcpio (arch wiki) and Early Userspace in Arch Linux (/dev/brain0 blog)!
    Guide
    1. Boot the arch live cd
    I had to use a newer testing version, because the 2010.05 cd came with a broken gpg. You can download one here: http://releng.archlinux.org/isos/. I chose the “core“ version. Go ahead and boot the live cd, but don't start the setup yet.
    2. Set keymap
    Use km to set your keymap. This is important for non-qwerty keyboards to avoid suprises with passphrases...
    3. Wipe your discs
    ATTENTION: this will DELETE everything on /dev/sda and /dev/sdb forever! Do not blame me for any lost data!
    Before encrypting the hard disc, it has to be completely wiped and overwritten with random data. I used shred for this. Others use badblocks or dd with /dev/urandom. Either way, this will take a long time, depending on the size of your disc. I also wiped my usb stick just to be sure.
    shred -v /dev/sda
    shred -v /dev/sdb
    4. Partitioning
    Fire up fdisk and create the following partitions:
    /dev/sda1, type linux swap.
    /dev/sda2: type linux
    /dev/sda3: type linux
    /dev/sdb1, type linux
    Of course you can choose a different layout, this is just how I did it. Keep in mind that only the root filesystem will be decrypted by the initcpio. The rest will be decypted during normal init boot using /etc/crypttab, the keys being somewhere on the root filesystem.
    5. Format  and mount the usb stick
    Create an ext2 filesystem on /dev/sdb1:
    mkfs.ext2 /dev/sdb1
    mkdir /root/usb
    mount /dev/sdb1 /root/usb
    cd /root/usb # this will be our working directory for now.
    Do not mount anything to /mnt, because the arch installer will use that directory later to mount the encrypted root filesystem.
    6. Configure the network (if not already done automatically)
    ifconfig eth0 192.168.0.2 netmask 255.255.255.0
    route add default gw 192.168.0.1
    echo "nameserver 192.168.0.1" >> /etc/resolv.conf
    (this is just an example, your mileage may vary)
    7. Install gnupg
    pacman -Sy
    pacman -S gnupg
    Verify that gnupg works by launching gpg.
    8. Create the keys
    Just to be sure, make sure swap is off:
    cat /proc/swaps
    should return no entries.
    Create gpg encrypted keys (remember, we're still in our working dir /root/usb):
    dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > root.gpg
    dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > var.gpg
    Choose a strong password!!
    Don't do this in two steps, e.g don't do dd to a file and then gpg on that file. The key should never be stored in plain text on an unencrypted device, except if that device is wiped on system restart (ramfs)!
    Note that the default cipher for gpg is cast5, I just chose to use a different one.
    9. Create the encrypted devices with cryptsetup
    Create encrypted swap:
    cryptsetup -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -d /dev/urandom create swap /dev/sda1
    You should see /dev/mapper/swap now. Don't format nor turn it on for now. This will be done by the arch installer.
    Important: From the Cryptsetup 1.1.2 Release notes:
    Cryptsetup can accept passphrase on stdin (standard input). Handling of new line (\n) character is defined by input specification:
        if keyfile is specified as "-" (using --key-file=- or by positional argument in luksFormat and luksAddKey, like cat file | cryptsetup --key-file=- <action> ), input is processed
          as normal binary file and no new line is interpreted.
        if there is no key file specification (with default input from stdin pipe like echo passphrase | cryptsetup <action> ) input is processed as input from terminal, reading will
          stop after new line is detected.
    If I understand this correctly, since the randomly generated key can contain a newline early on, piping the key into cryptsetup without specifying --key-file=- could result in a big part of the key to be ignored by cryptsetup. Example: if the random key was "foo\nandsomemorebaratheendofthekey", piping it directly into cryptsetup without --key-file=- would result in cryptsetup using only "foo" as key which would have big security implications. We should therefor ALWAYS pipe the key into cryptsetup using --key-file=- which ignores newlines.
    gpg -q -d root.gpg 2>/dev/null | cryptsetup -v -–key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool luksFormat /dev/sda3
    gpg -q -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -v luksFormat /dev/sda2
    Check for any errors.
    10. Open the luks devices
    gpg -d root.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda3 root
    gpg -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda2 var
    If you see /dev/mapper/root and /dev/mapper/var now, everything is ok.
    11. Start the installer /arch/setup
    Follow steps 1 to 3.
    At step 4 (Prepare hard drive(s), select “3 – Manually Configure block devices, filesystems and mountpoints. Choose /dev/sdb1 (the usb stick) as /boot, /dev/mapper/swap for swap, /dev/mapper/root for / and /dev/mapper/var for /var.
    Format all drives (choose “yes” when asked “do you want to have this filesystem (re)created”) EXCEPT for /dev/sdb1, choose “no”. Choose the correct filesystem for /dev/sdb1, ext2 in my case. Use swap for /dev/mapper/swap. For the rest, I chose ext4.
    Select DONE to start formatting.
    At step 5 (Select packages), select grub as boot loader. Select the base group. Add mkinitcpio.
    Start step 6 (Install packages).
    Go to step 7 (Configure System).
    By sure to set the correct KEYMAP, LOCALE and TIMEZONE in /etc/rc.conf.
    Edit /etc/fstab:
    /dev/mapper/root / ext4 defaults 0 1
    /dev/mapper/swap swap swap defaults 0 0
    /dev/mapper/var /var ext4 defaults 0 1
    # /dev/sdb1 /boot ext2 defaults 0 1
    Configure the rest normally. When you're done, setup will launch mkinitcpio. We'll manually launch this again later.
    Go to step 8 (install boot loader).
    Be sure to change the kernel line in menu.lst:
    kernel /vmlinuz26 root=/dev/mapper/root cryptdevice=/dev/sda3:root cryptkey=/dev/sdb1:ext2:/root.gpg
    Don't forget the :root suffix in cryptdevice!
    Also, my root line was set to (hd1,0). Had to change that to
    root (hd0,0)
    Install grub to /dev/sdb (the usb stick).
    Now, we can exit the installer.
    12. Install mkinitcpio with the etwo hook.
    Create /mnt/lib/initcpio/hooks/etwo:
    #!/usr/bin/ash
    run_hook() {
    /sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
    if [ -e "/sys/class/misc/device-mapper" ]; then
    if [ ! -e "/dev/mapper/control" ]; then
    /bin/mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
    fi
    [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
    # Get keyfile if specified
    ckeyfile="/crypto_keyfile"
    usegpg="n"
    if [ "x${cryptkey}" != "x" ]; then
    ckdev="$(echo "${cryptkey}" | cut -d: -f1)"
    ckarg1="$(echo "${cryptkey}" | cut -d: -f2)"
    ckarg2="$(echo "${cryptkey}" | cut -d: -f3)"
    if poll_device "${ckdev}" ${rootdelay}; then
    case ${ckarg1} in
    *[!0-9]*)
    # Use a file on the device
    # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
    if [ "${ckarg2#*.}" = "gpg" ]; then
    ckeyfile="${ckeyfile}.gpg"
    usegpg="y"
    fi
    mkdir /ckey
    mount -r -t ${ckarg1} ${ckdev} /ckey
    dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
    umount /ckey
    # Read raw data from the block device
    # ckarg1 is numeric: ckarg1=offset, ckarg2=length
    dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
    esac
    fi
    [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
    fi
    if [ -n "${cryptdevice}" ]; then
    DEPRECATED_CRYPT=0
    cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
    cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
    else
    DEPRECATED_CRYPT=1
    cryptdev="${root}"
    cryptname="root"
    fi
    warn_deprecated() {
    echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
    echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
    if poll_device "${cryptdev}" ${rootdelay}; then
    if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
    [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
    dopassphrase=1
    # If keyfile exists, try to use that
    if [ -f ${ckeyfile} ]; then
    if [ "${usegpg}" = "y" ]; then
    # gpg tty fixup
    if [ -e /dev/tty ]; then mv /dev/tty /dev/tty.backup; fi
    cp -a /dev/console /dev/tty
    while [ ! -e /dev/mapper/${cryptname} ];
    do
    sleep 2
    /usr/bin/gpg -d "${ckeyfile}" 2>/dev/null | cryptsetup --key-file=- luksOpen ${cryptdev} ${cryptname} ${CSQUIET}
    dopassphrase=0
    done
    rm /dev/tty
    if [ -e /dev/tty.backup ]; then mv /dev/tty.backup /dev/tty; fi
    else
    if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
    dopassphrase=0
    else
    echo "Invalid keyfile. Reverting to passphrase."
    fi
    fi
    fi
    # Ask for a passphrase
    if [ ${dopassphrase} -gt 0 ]; then
    echo ""
    echo "A password is required to access the ${cryptname} volume:"
    #loop until we get a real password
    while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
    sleep 2;
    done
    fi
    if [ -e "/dev/mapper/${cryptname}" ]; then
    if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
    export root="/dev/mapper/root"
    fi
    else
    err "Password succeeded, but ${cryptname} creation failed, aborting..."
    exit 1
    fi
    elif [ -n "${crypto}" ]; then
    [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
    msg "Non-LUKS encrypted device found..."
    if [ $# -ne 5 ]; then
    err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
    err "Non-LUKS decryption not attempted..."
    return 1
    fi
    exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}"
    tmp=$(echo "${crypto}" | cut -d: -f1)
    [ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
    tmp=$(echo "${crypto}" | cut -d: -f2)
    [ -n "${tmp}" ] && exe="${exe} --cipher \"${tmp}\""
    tmp=$(echo "${crypto}" | cut -d: -f3)
    [ -n "${tmp}" ] && exe="${exe} --key-size \"${tmp}\""
    tmp=$(echo "${crypto}" | cut -d: -f4)
    [ -n "${tmp}" ] && exe="${exe} --offset \"${tmp}\""
    tmp=$(echo "${crypto}" | cut -d: -f5)
    [ -n "${tmp}" ] && exe="${exe} --skip \"${tmp}\""
    if [ -f ${ckeyfile} ]; then
    exe="${exe} --key-file ${ckeyfile}"
    else
    exe="${exe} --verify-passphrase"
    echo ""
    echo "A password is required to access the ${cryptname} volume:"
    fi
    eval "${exe} ${CSQUIET}"
    if [ $? -ne 0 ]; then
    err "Non-LUKS device decryption failed. verify format: "
    err " crypto=hash:cipher:keysize:offset:skip"
    exit 1
    fi
    if [ -e "/dev/mapper/${cryptname}" ]; then
    if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
    export root="/dev/mapper/root"
    fi
    else
    err "Password succeeded, but ${cryptname} creation failed, aborting..."
    exit 1
    fi
    else
    err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
    fi
    fi
    rm -f ${ckeyfile}
    fi
    Create /mnt/lib/initcpio/install/etwo:
    #!/bin/bash
    build() {
    local mod
    add_module dm-crypt
    if [[ $CRYPTO_MODULES ]]; then
    for mod in $CRYPTO_MODULES; do
    add_module "$mod"
    done
    else
    add_all_modules '/crypto/'
    fi
    add_dir "/dev/mapper"
    add_binary "cryptsetup"
    add_binary "dmsetup"
    add_binary "/usr/bin/gpg"
    add_file "/usr/lib/udev/rules.d/10-dm.rules"
    add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
    add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
    add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
    add_runscript
    help ()
    cat<<HELPEOF
    This hook allows for an encrypted root device with support for gpg encrypted key files.
    To use gpg, the key file must have the extension .gpg and you have to install gpg and add /usr/bin/gpg
    to your BINARIES var in /etc/mkinitcpio.conf.
    HELPEOF
    Edit /mnt/etc/mkinitcpio.conf (only relevant sections displayed):
    MODULES=”ext2 ext4” # not sure if this is really nessecary.
    BINARIES=”/usr/bin/gpg” # this could probably be done in install/etwo...
    HOOKS=”base udev usbinput keymap autodetect pata scsi sata usb etwo filesystems” # (usbinput is only needed if you have an usb keyboard)
    Copy the initcpio stuff over to the live cd:
    cp /mnt/lib/initcpio/hooks/etwo /lib/initcpio/hooks/
    cp /mnt/lib/initcpio/install/etwo /lib/initcpio/install/
    cp /mnt/etc/mkinitcpio.conf /etc/
    Verify your LOCALE, KEYMAP and TIMEZONE in /etc/rc.conf!
    Now reinstall the initcpio:
    mkinitcpio -g /mnt/boot/kernel26.img
    Make sure there were no errors and that all hooks were included.
    13. Decrypt the "var" key to the encrypted root
    mkdir /mnt/keys
    chmod 500 /mnt/keys
    gpg –output /mnt/keys/var -d /mnt/boot/var.gpg
    chmod 400 /mnt/keys/var
    14. Setup crypttab
    Edit /mnt/etc/crypttab:
    swap /dev/sda1 SWAP -c aes-cbc-essiv:sha256 -s 256 -h whirlpool
    var /dev/sda2 /keys/var
    15. Reboot
    We're done, you may reboot. Make sure you select the usb stick as the boot device in your bios and hope for the best. . If it didn't work, play with grub's settings or boot from the live cd, mount your encrypted devices and check all settings. You might also have less trouble by using uuid's instead of device names.  I chose device names to keep things as simple as possible, even though it's not the optimal way to do it.
    Make backups of your data and your usb stick and do not forget your password(s)! Or you can say goodbye to your data forever...
    Last edited by fabriceb (2013-01-15 22:36:23)

    I'm trying to run my install script that is based on https://bbs.archlinux.org/viewtopic.php?id=129885
    Decrypting the gpg key after grub works, but then "Devce root already exists." appears every second.
    any idea ?
    #!/bin/bash
    # This script is designed to be run in conjunction with a UEFI boot using Archboot intall media.
    # prereqs:
    # EFI "BIOS" set to boot *only* from EFI
    # successful EFI boot of Archboot USB
    # mount /dev/sdb1 /src
    set -o nounset
    #set -o errexit
    # Host specific configuration
    # this whole script needs to be customized, particularly disk partitions
    # and configuration, but this section contains global variables that
    # are used during the system configuration phase for convenience
    HOSTNAME=daniel
    USERNAME=user
    # Globals
    # We don't need to set these here but they are used repeatedly throughout
    # so it makes sense to reuse them and allow an easy, one-time change if we
    # need to alter values such as the install target mount point.
    INSTALL_TARGET="/install"
    HR="--------------------------------------------------------------------------------"
    PACMAN="pacman --noconfirm --config /tmp/pacman.conf"
    TARGET_PACMAN="pacman --noconfirm --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
    CHROOT_PACMAN="pacman --noconfirm --cachedir /var/cache/pacman/pkg --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
    FILE_URL="file:///packages/core-$(uname -m)/pkg"
    FTP_URL='ftp://mirrors.kernel.org/archlinux/$repo/os/$arch'
    HTTP_URL='http://mirrors.kernel.org/archlinux/$repo/os/$arch'
    # Functions
    # I've avoided using functions in this script as they aren't required and
    # I think it's more of a learning tool if you see the step-by-step
    # procedures even with minor duplciations along the way, but I feel that
    # these functions clarify the particular steps of setting values in config
    # files.
    SetValue () {
    # EXAMPLE: SetValue VARIABLENAME '\"Quoted Value\"' /file/path
    VALUENAME="$1" NEWVALUE="$2" FILEPATH="$3"
    sed -i "s+^#\?\(${VALUENAME}\)=.*$+\1=${NEWVALUE}+" "${FILEPATH}"
    CommentOutValue () {
    VALUENAME="$1" FILEPATH="$2"
    sed -i "s/^\(${VALUENAME}.*\)$/#\1/" "${FILEPATH}"
    UncommentValue () {
    VALUENAME="$1" FILEPATH="$2"
    sed -i "s/^#\(${VALUENAME}.*\)$/\1/" "${FILEPATH}"
    # Initialize
    # Warn the user about impending doom, set up the network on eth0, mount
    # the squashfs images (Archboot does this normally, we're just filling in
    # the gaps resulting from the fact that we're doing a simple scripted
    # install). We also create a temporary pacman.conf that looks for packages
    # locally first before sourcing them from the network. It would be better
    # to do either *all* local or *all* network but we can't for two reasons.
    # 1. The Archboot installation image might have an out of date kernel
    # (currently the case) which results in problems when chrooting
    # into the install mount point to modprobe efivars. So we use the
    # package snapshot on the Archboot media to ensure our kernel is
    # the same as the one we booted with.
    # 2. Ideally we'd source all local then, but some critical items,
    # notably grub2-efi variants, aren't yet on the Archboot media.
    # Warn
    timer=9
    echo -e "\n\nMAC WARNING: This script is not designed for APPLE MAC installs and will potentially misconfigure boot to your existing OS X installation. STOP NOW IF YOU ARE ON A MAC.\n\n"
    echo -n "GENERAL WARNING: This procedure will completely format /dev/sda. Please cancel with ctrl-c to cancel within $timer seconds..."
    while [[ $timer -gt 0 ]]
    do
    sleep 1
    let timer-=1
    echo -en "$timer seconds..."
    done
    echo "STARTING"
    # Get Network
    echo -n "Waiting for network address.."
    #dhclient eth0
    dhcpcd -p eth0
    echo -n "Network address acquired."
    # Mount packages squashfs images
    umount "/packages/core-$(uname -m)"
    umount "/packages/core-any"
    rm -rf "/packages/core-$(uname -m)"
    rm -rf "/packages/core-any"
    mkdir -p "/packages/core-$(uname -m)"
    mkdir -p "/packages/core-any"
    modprobe -q loop
    modprobe -q squashfs
    mount -o ro,loop -t squashfs "/src/packages/archboot_packages_$(uname -m).squashfs" "/packages/core-$(uname -m)"
    mount -o ro,loop -t squashfs "/src/packages/archboot_packages_any.squashfs" "/packages/core-any"
    # Create temporary pacman.conf file
    cat << PACMANEOF > /tmp/pacman.conf
    [options]
    Architecture = auto
    CacheDir = ${INSTALL_TARGET}/var/cache/pacman/pkg
    CacheDir = /packages/core-$(uname -m)/pkg
    CacheDir = /packages/core-any/pkg
    [core]
    Server = ${FILE_URL}
    Server = ${FTP_URL}
    Server = ${HTTP_URL}
    [extra]
    Server = ${FILE_URL}
    Server = ${FTP_URL}
    Server = ${HTTP_URL}
    #Uncomment to enable pacman -Sy yaourt
    [archlinuxfr]
    Server = http://repo.archlinux.fr/\$arch
    PACMANEOF
    # Prepare pacman
    [[ ! -d "${INSTALL_TARGET}/var/cache/pacman/pkg" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/cache/pacman/pkg"
    [[ ! -d "${INSTALL_TARGET}/var/lib/pacman" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/lib/pacman"
    ${PACMAN} -Sy
    ${TARGET_PACMAN} -Sy
    # Install prereqs from network (not on archboot media)
    echo -e "\nInstalling prereqs...\n$HR"
    #sed -i "s/^#S/S/" /etc/pacman.d/mirrorlist # Uncomment all Server lines
    UncommentValue S /etc/pacman.d/mirrorlist # Uncomment all Server lines
    ${PACMAN} --noconfirm -Sy gptfdisk btrfs-progs-unstable libusb-compat gnupg
    # Configure Host
    # Here we create three partitions:
    # 1. efi and /boot (one partition does double duty)
    # 2. swap
    # 3. our encrypted root
    # Note that all of these are on a GUID partition table scheme. This proves
    # to be quite clean and simple since we're not doing anything with MBR
    # boot partitions and the like.
    echo -e "format\n"
    # shred -v /dev/sda
    # disk prep
    sgdisk -Z /dev/sda # zap all on disk
    #sgdisk -Z /dev/mmcb1k0 # zap all on sdcard
    sgdisk -a 2048 -o /dev/sda # new gpt disk 2048 alignment
    #sgdisk -a 2048 -o /dev/mmcb1k0
    # create partitions
    sgdisk -n 1:0:+200M /dev/sda # partition 1 (UEFI BOOT), default start block, 200MB
    sgdisk -n 2:0:+4G /dev/sda # partition 2 (SWAP), default start block, 200MB
    sgdisk -n 3:0:0 /dev/sda # partition 3, (LUKS), default start, remaining space
    #sgdisk -n 1:0:1800M /dev/mmcb1k0 # root.gpg
    # set partition types
    sgdisk -t 1:ef00 /dev/sda
    sgdisk -t 2:8200 /dev/sda
    sgdisk -t 3:8300 /dev/sda
    #sgdisk -t 1:0700 /dev/mmcb1k0
    # label partitions
    sgdisk -c 1:"UEFI Boot" /dev/sda
    sgdisk -c 2:"Swap" /dev/sda
    sgdisk -c 3:"LUKS" /dev/sda
    #sgdisk -c 1:"Key" /dev/mmcb1k0
    echo -e "create gpg file\n"
    # create gpg file
    dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > /root/root.gpg
    echo -e "format LUKS on root\n"
    # format LUKS on root
    gpg -q -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- -c aes-xts-plain -s 512 --hash sha512 luksFormat /dev/sda3
    echo -e "open LUKS on root\n"
    gpg -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- luksOpen /dev/sda3 root
    # NOTE: make sure to add dm_crypt and aes_i586 to MODULES in rc.conf
    # NOTE2: actually this isn't required since we're mounting an encrypted root and grub2/initramfs handles this before we even get to rc.conf
    # make filesystems
    # following swap related commands not used now that we're encrypting our swap partition
    #mkswap /dev/sda2
    #swapon /dev/sda2
    #mkfs.ext4 /dev/sda3 # this is where we'd create an unencrypted root partition, but we're using luks instead
    echo -e "\nCreating Filesystems...\n$HR"
    # make filesystems
    mkfs.ext4 /dev/mapper/root
    mkfs.vfat -F32 /dev/sda1
    #mkfs.vfat -F32 /dev/mmcb1k0p1
    echo -e "mount targets\n"
    # mount target
    #mount /dev/sda3 ${INSTALL_TARGET} # this is where we'd mount the unencrypted root partition
    mount /dev/mapper/root ${INSTALL_TARGET}
    # mount target
    mkdir ${INSTALL_TARGET}
    # mkdir ${INSTALL_TARGET}/key
    # mount -t vfat /dev/mmcb1k0p1 ${INSTALL_TARGET}/key
    mkdir ${INSTALL_TARGET}/boot
    mount -t vfat /dev/sda1 ${INSTALL_TARGET}/boot
    # Install base, necessary utilities
    mkdir -p ${INSTALL_TARGET}/var/lib/pacman
    ${TARGET_PACMAN} -Sy
    ${TARGET_PACMAN} -Su base
    # curl could be installed later but we want it ready for rankmirrors
    ${TARGET_PACMAN} -S curl
    ${TARGET_PACMAN} -S libusb-compat gnupg
    ${TARGET_PACMAN} -R grub
    rm -rf ${INSTALL_TARGET}/boot/grub
    ${TARGET_PACMAN} -S grub2-efi-x86_64
    # Configure new system
    SetValue HOSTNAME ${HOSTNAME} ${INSTALL_TARGET}/etc/rc.conf
    sed -i "s/^\(127\.0\.0\.1.*\)$/\1 ${HOSTNAME}/" ${INSTALL_TARGET}/etc/hosts
    SetValue CONSOLEFONT Lat2-Terminus16 ${INSTALL_TARGET}/etc/rc.conf
    #following replaced due to netcfg
    #SetValue interface eth0 ${INSTALL_TARGET}/etc/rc.conf
    # write fstab
    # You can use UUID's or whatever you want here, of course. This is just
    # the simplest approach and as long as your drives aren't changing values
    # randomly it should work fine.
    cat > ${INSTALL_TARGET}/etc/fstab <<FSTAB_EOF
    # /etc/fstab: static file system information
    # <file system> <dir> <type> <options> <dump> <pass>
    tmpfs /tmp tmpfs nodev,nosuid 0 0
    /dev/sda1 /boot vfat defaults 0 0
    /dev/mapper/cryptswap none swap defaults 0 0
    /dev/mapper/root / ext4 defaults,noatime 0 1
    FSTAB_EOF
    # write etwo
    mkdir -p /lib/initcpio/hooks/
    mkdir -p /lib/initcpio/install/
    cp /src/etwo_hooks /lib/initcpio/hooks/etwo
    cp /src/etwo_install /lib/initcpio/install/etwo
    mkdir -p ${INSTALL_TARGET}/lib/initcpio/hooks/
    mkdir -p ${INSTALL_TARGET}/lib/initcpio/install/
    cp /src/etwo_hooks ${INSTALL_TARGET}/lib/initcpio/hooks/etwo
    cp /src/etwo_install ${INSTALL_TARGET}/lib/initcpio/install/etwo
    # write crypttab
    # encrypted swap (random passphrase on boot)
    echo cryptswap /dev/sda2 SWAP "-c aes-xts-plain -h whirlpool -s 512" >> ${INSTALL_TARGET}/etc/crypttab
    # copy configs we want to carry over to target from install environment
    mv ${INSTALL_TARGET}/etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf.orig
    cp /etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf
    mkdir -p ${INSTALL_TARGET}/tmp
    cp /tmp/pacman.conf ${INSTALL_TARGET}/tmp/pacman.conf
    # mount proc, sys, dev in install root
    mount -t proc proc ${INSTALL_TARGET}/proc
    mount -t sysfs sys ${INSTALL_TARGET}/sys
    mount -o bind /dev ${INSTALL_TARGET}/dev
    echo -e "umount boot\n"
    # we have to remount /boot from inside the chroot
    umount ${INSTALL_TARGET}/boot
    # Create install_efi script (to be run *after* chroot /install)
    touch ${INSTALL_TARGET}/install_efi
    chmod a+x ${INSTALL_TARGET}/install_efi
    cat > ${INSTALL_TARGET}/install_efi <<EFI_EOF
    # functions (these could be a library, but why overcomplicate things
    SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
    CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
    UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
    echo -e "mount boot\n"
    # remount here or grub et al gets confused
    mount -t vfat /dev/sda1 /boot
    # mkinitcpio
    # NOTE: intel_agp drm and i915 for intel graphics
    SetValue MODULES '\\"dm_mod dm_crypt aes_x86_64 ext2 ext4 vfat intel_agp drm i915\\"' /etc/mkinitcpio.conf
    SetValue HOOKS '\\"base udev pata scsi sata usb usbinput keymap consolefont etwo encrypt filesystems\\"' /etc/mkinitcpio.conf
    SetValue BINARIES '\\"/usr/bin/gpg\\"' /etc/mkinitcpio.conf
    mkinitcpio -p linux
    # kernel modules for EFI install
    modprobe efivars
    modprobe dm-mod
    # locale-gen
    UncommentValue de_AT /etc/locale.gen
    locale-gen
    # install and configure grub2
    # did this above
    #${CHROOT_PACMAN} -Sy
    #${CHROOT_PACMAN} -R grub
    #rm -rf /boot/grub
    #${CHROOT_PACMAN} -S grub2-efi-x86_64
    # you can be surprisingly sloppy with the root value you give grub2 as a kernel option and
    # even omit the cryptdevice altogether, though it will wag a finger at you for using
    # a deprecated syntax, so we're using the correct form here
    # NOTE: take out i915.modeset=1 unless you are on intel graphics
    SetValue GRUB_CMDLINE_LINUX '\\"cryptdevice=/dev/sda3:root cryptkey=/dev/sda1:vfat:/root.gpg add_efi_memmap i915.i915_enable_rc6=1 i915.i915_enable_fbc=1 i915.lvds_downclock=1 pcie_aspm=force quiet\\"' /etc/default/grub
    # set output to graphical
    SetValue GRUB_TERMINAL_OUTPUT gfxterm /etc/default/grub
    SetValue GRUB_GFXMODE 960x600x32,auto /etc/default/grub
    SetValue GRUB_GFXPAYLOAD_LINUX keep /etc/default/grub # comment out this value if text only mode
    # install the actual grub2. Note that despite our --boot-directory option we will still need to move
    # the grub directory to /boot/grub during grub-mkconfig operations until grub2 gets patched (see below)
    grub_efi_x86_64-install --bootloader-id=grub --no-floppy --recheck
    # create our EFI boot entry
    # bug in the HP bios firmware (F.08)
    efibootmgr --create --gpt --disk /dev/sda --part 1 --write-signature --label "ARCH LINUX" --loader "\\\\grub\\\\grub.efi"
    # copy font for grub2
    cp /usr/share/grub/unicode.pf2 /boot/grub
    # generate config file
    grub-mkconfig -o /boot/grub/grub.cfg
    exit
    EFI_EOF
    # Install EFI using script inside chroot
    chroot ${INSTALL_TARGET} /install_efi
    rm ${INSTALL_TARGET}/install_efi
    # Post install steps
    # anything you want to do post install. run the script automatically or
    # manually
    touch ${INSTALL_TARGET}/post_install
    chmod a+x ${INSTALL_TARGET}/post_install
    cat > ${INSTALL_TARGET}/post_install <<POST_EOF
    set -o errexit
    set -o nounset
    # functions (these could be a library, but why overcomplicate things
    SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
    CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
    UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
    # root password
    echo -e "${HR}\\nNew root user password\\n${HR}"
    passwd
    # add user
    echo -e "${HR}\\nNew non-root user password (username:${USERNAME})\\n${HR}"
    groupadd sudo
    useradd -m -g users -G audio,lp,optical,storage,video,games,power,scanner,network,sudo,wheel -s /bin/bash ${USERNAME}
    passwd ${USERNAME}
    # mirror ranking
    echo -e "${HR}\\nRanking Mirrors (this will take a while)\\n${HR}"
    cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig
    mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.all
    sed -i "s/#S/S/" /etc/pacman.d/mirrorlist.all
    rankmirrors -n 5 /etc/pacman.d/mirrorlist.all > /etc/pacman.d/mirrorlist
    # temporary fix for locale.sh update conflict
    mv /etc/profile.d/locale.sh /etc/profile.d/locale.sh.preupdate || true
    # yaourt repo (add to target pacman, not tmp pacman.conf, for ongoing use)
    echo -e "\\n[archlinuxfr]\\nServer = http://repo.archlinux.fr/\\\$arch" >> /etc/pacman.conf
    echo -e "\\n[haskell]\\nServer = http://www.kiwilight.com/\\\$repo/\\\$arch" >> /etc/pacman.conf
    # additional groups and utilities
    pacman --noconfirm -Syu
    pacman --noconfirm -S base-devel
    pacman --noconfirm -S yaourt
    # sudo
    pacman --noconfirm -S sudo
    cp /etc/sudoers /tmp/sudoers.edit
    sed -i "s/#\s*\(%wheel\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
    sed -i "s/#\s*\(%sudo\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
    visudo -qcsf /tmp/sudoers.edit && cat /tmp/sudoers.edit > /etc/sudoers
    # power
    pacman --noconfirm -S acpi acpid acpitool cpufrequtils
    yaourt --noconfirm -S powertop2
    sed -i "/^DAEMONS/ s/)/ @acpid)/" /etc/rc.conf
    sed -i "/^MODULES/ s/)/ acpi-cpufreq cpufreq_ondemand cpufreq_powersave coretemp)/" /etc/rc.conf
    # following requires my acpi handler script
    echo "/etc/acpi/handler.sh boot" > /etc/rc.local
    # time
    pacman --noconfirm -S ntp
    sed -i "/^DAEMONS/ s/hwclock /!hwclock @ntpd /" /etc/rc.conf
    # wireless (wpa supplicant should already be installed)
    pacman --noconfirm -S iw wpa_supplicant rfkill
    pacman --noconfirm -S netcfg wpa_actiond ifplugd
    mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.orig
    echo -e "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=network\nupdate_config=1" > /etc/wpa_supplicant.conf
    # make sure to copy /etc/network.d/examples/wireless-wpa-config to /etc/network.d/home and edit
    sed -i "/^DAEMONS/ s/)/ @net-auto-wireless @net-auto-wired)/" /etc/rc.conf
    sed -i "/^DAEMONS/ s/ network / /" /etc/rc.conf
    echo -e "\nWIRELESS_INTERFACE=wlan0" >> /etc/rc.conf
    echo -e "WIRED_INTERFACE=eth0" >> /etc/rc.conf
    echo "options iwlagn led_mode=2" > /etc/modprobe.d/iwlagn.conf
    # sound
    pacman --noconfirm -S alsa-utils alsa-plugins
    sed -i "/^DAEMONS/ s/)/ @alsa)/" /etc/rc.conf
    mv /etc/asound.conf /etc/asound.conf.orig || true
    #if alsamixer isn't working, try alsamixer -Dhw and speaker-test -Dhw -c 2
    # video
    pacman --noconfirm -S base-devel mesa mesa-demos
    # x
    #pacman --noconfirm -S xorg xorg-xinit xorg-utils xorg-server-utils xdotool xorg-xlsfonts
    #yaourt --noconfirm -S xf86-input-wacom-git # NOT NEEDED? input-wacom-git
    #TODO: cut down the install size
    #pacman --noconfirm -S xorg-server xorg-xinit xorg-utils xorg-server-utils
    # TODO: wacom
    # environment/wm/etc.
    #pacman --noconfirm -S xfce4 compiz ccsm
    #pacman --noconfirm -S xcompmgr
    #yaourt --noconfirm -S physlock unclutter
    #pacman --noconfirm -S rxvt-unicode urxvt-url-select hsetroot
    #pacman --noconfirm -S gtk2 #gtk3 # for taffybar?
    #pacman --noconfirm -S ghc
    # note: try installing alex and happy from cabal instead
    #pacman --noconfirm -S haskell-platform haskell-hscolour
    #yaourt --noconfirm -S xmonad-darcs xmonad-contrib-darcs xcompmgr
    #yaourt --noconfirm -S xmobar-git
    # TODO: edit xfce to use compiz
    # TODO: xmonad, but deal with video tearing
    # TODO: xmonad-darcs fails to install from AUR. haskell dependency hell.
    # switching to cabal
    # fonts
    pacman --noconfirm -S terminus-font
    yaourt --noconfirm -S webcore-fonts
    yaourt --noconfirm -S fontforge libspiro
    yaourt --noconfirm -S freetype2-git-infinality
    # TODO: sed infinality and change to OSX or OSX2 mode
    # and create the sym link from /etc/fonts/conf.avail to conf.d
    # misc apps
    #pacman --noconfirm -S htop openssh keychain bash-completion git vim
    #pacman --noconfirm -S chromium flashplugin
    #pacman --noconfirm -S scrot mypaint bc
    #yaourt --noconfirm -S task-git stellarium googlecl
    # TODO: argyll
    POST_EOF
    # Post install in chroot
    #echo "chroot and run /post_install"
    chroot /install /post_install
    rm /install/post_install
    # copy grub.efi file to the default HP EFI boot manager path
    mkdir -p ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/
    mkdir -p ${INSTALL_TARGET}/boot/EFI/BOOT/
    cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/bootmgfw.efi
    cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/BOOT/BOOTX64.EFI
    cp /root/root.gpg ${INSTALL_TARGET}/boot/
    # NOTES/TODO

  • How to setup grub2 with arch linux and xen, lvm on luks

    OK, so I tried downloading this package from AUR:  https://aur.archlinux.org/packages/xen-git/ , but that has patching problems as noted in the comments.  It looks like the packagebuild sets up all the xen stuff for you, but I can't seem to get the package to install because of the error's while patching.  If anyone can point me in the right direction on what all the extra files in the PKGBUILD are for or how to debug problems with PKGBUILDs not working because of patches.
    So next I just tried to compile the latest xen from git://xenbits.xen.org/xen.git (with ./configure, make, make install) and that seemed to go fine, but I'm a bit confused:
    1.  Do I have to do any additional configuration for xen when working with arch linux?  On ubuntu I could just compile the source, update grub, and make sure to start the x services at runtime.
    2.  How do I set up grub to load xen with this setup?  Right now this is my /boot/grub/grub.cfg:
    GRUB_DEFAULT=0
    GRUB_TIMEOUT=5
    GRUB_DISTRIBUTOR="Arch"
    GRUB_CMDLINE_LINUX_DEFAULT="quiet"
    GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda3:vgStorage"
    # Preload both GPT and MBR modules so that they are not missed
    GRUB_PRELOAD_MODULES="part_gpt part_msdos"
    # Uncomment to enable Hidden Menu, and optionally hide the timeout count
    #GRUB_HIDDEN_TIMEOUT=5
    #GRUB_HIDDEN_TIMEOUT_QUIET=true
    # Uncomment to use basic console
    GRUB_TERMINAL_INPUT=console
    # Uncomment to disable graphical terminal
    #GRUB_TERMINAL_OUTPUT=console
    # The resolution used on graphical terminal
    # note that you can use only modes which your graphic card supports via VBE
    # you can see them in real GRUB with the command `vbeinfo'
    GRUB_GFXMODE=auto
    # Uncomment to allow the kernel use the same resolution used by grub
    GRUB_GFXPAYLOAD_LINUX=keep
    # Uncomment if you want GRUB to pass to the Linux kernel the old parameter
    # format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
    #GRUB_DISABLE_LINUX_UUID=true
    # Uncomment to disable generation of recovery mode menu entries
    GRUB_DISABLE_RECOVERY=true
    # Uncomment and set to the desired menu colors. Used by normal and wallpaper
    # modes only. Entries specified as foreground/background.
    #GRUB_COLOR_NORMAL="light-blue/black"
    #GRUB_COLOR_HIGHLIGHT="light-cyan/blue"
    # Uncomment one of them for the gfx desired, a image background or a gfxtheme
    #GRUB_BACKGROUND="/path/to/wallpaper"
    #GRUB_THEME="/path/to/gfxtheme"
    # Uncomment to get a beep at GRUB start
    #GRUB_INIT_TUNE="480 440 1"
    #GRUB_SAVEDEFAULT="true"
    ~
    I've tried throwing in a line like: XEN_HYPERVISOR_CMDLINE="cryptdevice=/dev/sda3:vgStorage", but nothing new shows up on the grub boot menu.
    First time trying to set up a non-ubuntu system, please help!

    As for XEN.... well you could always try QEMU/KVM or LXC.
    As for the LVM2-on-LUKS/dm-crypt
    My /etc/mkinitcpio.conf looks like this...
    MODULES="aesni_intel ata_generic ata_piix nls_cp437 ext4 intel_agp i915 dm-snapshot"
    BINARIES=""
    FILES=""
    HOOKS="base udev autodetect block keymap encrypt lvm2 filesystems keyboard fsck shutdown"
    /etc/defaults/grub
    GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:root:allow-discards"
    GRUB_PRELOAD_MODULES="part_gpt part_msdos"
    GRUB_TERMINAL_INPUT=console
    GRUB_GFXMODE=auto
    GRUB_GFXPAYLOAD_LINUX=keep
    GRUB_DISABLE_RECOVERY=true
    The running grub config looks like this
    /boot/grub/grub.cfg
    9 insmod part_gpt
    10 insmod part_msdos
    53 if loadfont unicode ; then
    54 set gfxmode=auto
    55 load_video
    56 insmod gfxterm
    57 set locale_dir=$prefix/locale
    58 set lang=en_US
    59 insmod gettext
    60 fi
    61 terminal_input console
    62 terminal_output gfxterm
    63 set timeout=3
    84 menuentry 'Backup, Arch Linux grsec kernel' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-grsec kernel-true-12341234-8080-8080-8080-332200882255' {
    85 load_video
    86 set gfxpayload=keep
    87 insmod gzio
    88 insmod part_msdos
    89 insmod ext2
    90 set root='hd1,msdos2'
    91 if [ x$feature_platform_search_hint = xy ]; then
    92 search --no-floppy --fs-uuid --set=root --hint-bios=hd1,msdos2 --hint-efi=hd1,msdos2 --hint-baremetal=ahci1,msdos2 BBAAEEAA-FFCC-CCFF-FFCC-AABBCCEEBBAA
    93 else
    94 search --no-floppy --fs-uuid --set=root BBAAEEAA-FFCC-CCFF-FFCC-AABBCCEEBBAA
    95 fi
    96 echo 'Loading Linux grsec kernel ...'
    97 linux /vmlinuz-linux-grsec root=/dev/mapper/VolGroup00-lvroot rw cryptdevice=/dev/sda2:root:allow-discards quiet
    98 echo 'Loading initial ramdisk ...'
    99 initrd /initramfs-linux-grsec.img
    100 }
    Things to note:
    Numerical UUID is the UUID of the ROOT partition.
    Alphabetical UUIS is the BOOT partition
    hd1,msdos2 AND ahci1,msdos2 are how the Grub Bootloader numbers the drives not Linux.
    I have my BOOT partition on a USB stick, and it is the Second partition.
    So, that would make it, Device 2 and Partition 2
    Device numbering starts at 0
    Partition numbering starts at 1
    Oh, and note that you don't need ":allow-discards" ... at all but certainly if you don't have an SSD. Also note that I included the line numbers so it is very clear that I didn't post the whole thing, but instead what I thought was relevant. Finally, I am loading modules that I don't even need, but what the hell... if it ain't broke, don't fix it
    Last edited by hunterthomson (2013-12-04 08:31:45)

  • Kernel updates kill my luks encrypted system

    All right, this is weird. I have a 64bit system with encrypted root, home and  swap partitions. To setup I followed the wiki here:
    https://wiki.archlinux.org/index.php/LUKS
    My swap is encrypted like described here:
    https://wiki.archlinux.org/index.php/LU … sk_support
    Since the updates to kernel 3.1 each new kernel update kills my system. Pacman says while upgrading
    [2011-11-08 08:21] >>> Updating module dependencies. Please wait ...
    [2011-11-08 08:21] >>> Generating initial ramdisk, using mkinitcpio. Please wait...
    [2011-11-08 08:21] ==> Building image from preset: 'default'
    [2011-11-08 08:21] -> -k /boot/vmlinuz-linux_64 -c /etc/mkinitcpio.conf -g /boot/initramfs-linux.img_64
    [2011-11-08 08:21] ==> Starting build: 3.1.0-3-ARCH
    [2011-11-08 08:21] -> Parsing hook: [base]
    [2011-11-08 08:21] -> Parsing hook: [udev]
    [2011-11-08 08:21] -> Parsing hook: [autodetect]
    [2011-11-08 08:21] -> Parsing hook: [pata]
    [2011-11-08 08:21] -> Parsing hook: [scsi]
    [2011-11-08 08:21] -> Parsing hook: [sata]
    [2011-11-08 08:21] -> Parsing hook: [usbinput]
    [2011-11-08 08:21] -> Parsing hook: [keymap]
    [2011-11-08 08:21] -> Parsing hook: [usb]
    [2011-11-08 08:21] -> Parsing hook: [encrypt]
    [2011-11-08 08:21] -> Parsing hook: [openswap]
    [2011-11-08 08:21] -> Parsing hook: [resume]
    [2011-11-08 08:21] -> Parsing hook: [filesystems]
    [2011-11-08 08:21] ==> Creating gzip initcpio image: /boot/initramfs-linux.img_64
    [2011-11-08 08:21] ==> Image generation successful
    [2011-11-08 08:21] ==> Building image from preset: 'fallback'
    [2011-11-08 08:21] -> -k /boot/vmlinuz-linux_64 -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-fallback.img_64 -S autodetect
    [2011-11-08 08:21] ==> Starting build: 3.1.0-3-ARCH
    [2011-11-08 08:21] -> Parsing hook: [base]
    [2011-11-08 08:21] -> Parsing hook: [udev]
    [2011-11-08 08:21] -> Parsing hook: [pata]
    [2011-11-08 08:21] -> Parsing hook: [scsi]
    [2011-11-08 08:21] -> Parsing hook: [sata]
    [2011-11-08 08:21] -> Parsing hook: [usbinput]
    [2011-11-08 08:21] -> Parsing hook: [keymap]
    [2011-11-08 08:21] -> Parsing hook: [usb]
    [2011-11-08 08:21] -> Parsing hook: [encrypt]
    [2011-11-08 08:21] -> Parsing hook: [openswap]
    [2011-11-08 08:21] -> Parsing hook: [resume]
    [2011-11-08 08:21] -> Parsing hook: [filesystems]
    [2011-11-08 08:21] ==> Creating gzip initcpio image: /boot/initramfs-linux-fallback.img_64
    [2011-11-08 08:21] ==> Image generation successful
    So the generation of the initramfs seems to be ok.
    But when I reboot this box, I get:
    running hook [openswap]
    device /dev/sda4 doesn't exist or access denied
    running hook [resume]
    waiting 10 seconds for device /dev/mapper/swapDevice
    waiting 10 seconds for device /dev/mapper/root
    root device /dev/mapper/root doesn't exist. Attempting to create it.
    ERROR: unable to determine major/minor number of root device /dev/mapper/root
    /dev/sda4 is my swap partition. Then I get dropped to a recovery shell which I can't use because my (usb) keyboard is not working.
    Now the funny part. I start the box from a install cd and chroot into the existing installation. I do a
    mkinitcpio -p linux
    The initramfs is regenerated and it works again! What the hell is pacman doing other than regenerate the initramfs with my presets?
    Harvey
    Last edited by Harey (2011-11-12 16:10:48)

    New kernel 3.1.1 did it again. My system hangs in initramfs after the reboot. Same as before: a simple rebuild without any changes fixed the boot process. This time I was able to backup the 'bad' initramfs before chrooting in and rebuilding.
    it is very funny to see the content of the 'bad' initramfs image - it is nearly empty!
    ==> Image: /boot/initramfs-linux.img_64.bak
    ==> Kernel: unknown
    ==> Compressed with: gzip
    -> Compression ratio: .452
    -> Estimated decompression time: 0.036s
    ==> Included binaries:
    /sbin/dmsetup
    /sbin/cryptsetup
    /sbin/udevadm
    /sbin/blkid
    /sbin/modprobe
    /bin/busybox
    ==> Hook run order:
    udev
    keymap
    encrypt
    openswap
    resume
    The rebuilt image looks like this:
    ==> Image: /boot/initramfs-linux.img_64
    ==> Kernel: 3.1.1-1-ARCH
    ==> Compressed with: gzip
    -> Compression ratio: .593
    -> Estimated decompression time: 0.047s
    ==> Included modules:
    aes_generic fcrypt hid-roccat-kone rmd160
    aesni-intel ff-memless hid-roccat-koneplus rmd256
    aes-x86_64 gcm hid-roccat-kovaplus rmd320
    af_alg gf128mul hid-roccat-pyra salsa20_generic
    ahci ghash-clmulni-intel hid-samsung salsa20-x86_64
    algif_hash ghash-generic hid-sjoy scsi_mod
    algif_skcipher hid hid-sony sd_mod
    ansi_cprng hid-a4tech hid-speedlink seed
    anubis hid-apple hid-sunplus seqiv
    arc4 hid-axff hid-tmff serpent
    async_memcpy hid-belkin hid-topseed sha1_generic
    async_pq hid-cherry hid-twinhan sha256_generic
    async_raid6_recov hid-chicony hid-uclogic sha512_generic
    async_tx hid-cypress hid-wacom snd
    async_xor hid-dr hid-waltop snd-rawmidi
    ata_piix hid-elecom hid-wiimote snd-seq-device
    authenc hid-emsff hid-zpff soundcore
    authencesn hid-ezkey hid-zydacron sr_mod
    blowfish hid-gaff hifn_795x syscopyarea
    camellia hid-gyration hmac sysfillrect
    cast5 hid-holtekff jbd2 sysimgblt
    cast6 hid-kensington khazad tcrypt
    cbc hid-keytouch lcd tea
    ccm hid-kye libahci tgr192
    cdrom hid-lcpower libata twofish_common
    crc16 hid-logitech lrw twofish_generic
    crc32c hid-magicmouse lzo twofish-x86_64
    crc32c-intel hid-microsoft mbcache uhci-hcd
    cryptd hid-monterey md4 usbcore
    crypto_null hid-multitouch md5 usbhid
    ctr hid-ntrig michael_mic usb-storage
    cts hid-ortek padlock-aes vmac
    deflate hid-petalynx padlock-sha wp512
    des_generic hid-picolcd pata_acpi xcbc
    dm-crypt hid-pl pata_jmicron xor
    dm-mod hid-prodikeys pcbc xts
    ecb hid-quanta pcrypt zlib
    ehci-hcd hid-roccat raid6_pq zlib_deflate
    ext4 hid-roccat-arvo raid6test
    fb_sys_fops hid-roccat-common rmd128
    ==> Included binaries:
    /bin/busybox
    /sbin/udevadm
    /sbin/dmsetup
    /sbin/blkid
    /sbin/cryptsetup
    /sbin/modprobe
    ==> Hook run order:
    udev
    keymap
    encrypt
    openswap
    resume
    For some reason the initramfs built by pacman is missing all modules. To say it again, nothing changed, simple rebuilt by mkinitcpio -p linux!
    This seems to be a bad bug...
    Harvey
    Last edited by Harey (2011-11-12 16:07:09)

  • [solved] luks on lvm encryption keymap issue

    hi,
    i just installed arch on a new notebook of mine.
    i used a luks encrypted lvm installation, which works (guided by the wiki)
    but i am encoutering an issue with the keymap while decrypting at boot.
    i've installed using "de-latin1-nodeadkeys" as keymap, and my actual passwort has some special characters.
    at boot, i'v entered the passwort but it doesn't work.
    so i rebootet with the live image and checked, with the german keymap again, which worked.
    i checked for mispelling btw .
    for testing purposes i set a password like "///" and it seems that the keymap at boot is an english one.
    https://bugs.archlinux.org/task/36689 i found this bug, but it says closed so i'm thinking i went wrong somewhere.
    any help is appreciated
    here is my mkinitcpio.conf
    # vim:set ft=sh
    # MODULES
    # The following modules are loaded before any boot hooks are
    # run. Advanced users may wish to specify all system modules
    # in this array. For instance:
    # MODULES="piix ide_disk reiserfs"
    MODULES=""
    # BINARIES
    # This setting includes any additional binaries a given user may
    # wish into the CPIO image. This is run last, so it may be used to
    # override the actual binaries included by a given hook
    # BINARIES are dependency parsed, so you may safely ignore libraries
    BINARIES=""
    # FILES
    # This setting is similar to BINARIES above, however, files are added
    # as-is and are not parsed in any way. This is useful for config files.
    FILES=""
    # HOOKS
    # This is the most important setting in this file. The HOOKS control the
    # modules and scripts added to the image, and what happens at boot time.
    # Order is important, and it is recommended that you do not change the
    # order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for
    # help on a given hook.
    # 'base' is _required_ unless you know precisely what you are doing.
    # 'udev' is _required_ in order to automatically load modules
    # 'filesystems' is _required_ unless you specify your fs modules in MODULES
    # Examples:
    ## This setup specifies all modules in the MODULES setting above.
    ## No raid, lvm2, or encrypted root is needed.
    # HOOKS="base"
    ## This setup will autodetect all modules for your system and should
    ## work as a sane default
    # HOOKS="base udev autodetect block filesystems"
    ## This setup will generate a 'full' image which supports most systems.
    ## No autodetection is done.
    # HOOKS="base udev block filesystems"
    ## This setup assembles a pata mdadm array with an encrypted root FS.
    ## Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
    # HOOKS="base udev block mdadm encrypt filesystems"
    ## This setup loads an lvm2 volume group on a usb device.
    # HOOKS="base udev block lvm2 filesystems"
    ## NOTE: If you have /usr on a separate partition, you MUST include the
    # usr, fsck and shutdown hooks.
    HOOKS="base udev autodetect modconf encrypt lvm2 block filesystems keyboard fsck"
    # COMPRESSION
    # Use this to compress the initramfs image. By default, gzip compression
    # is used. Use 'cat' to create an uncompressed image.
    #COMPRESSION="gzip"
    #COMPRESSION="bzip2"
    #COMPRESSION="lzma"
    #COMPRESSION="xz"
    #COMPRESSION="lzop"
    # COMPRESSION_OPTIONS
    # Additional options for the compressor
    #COMPRESSION_OPTIONS=""
    and my grub.cfg
    # DO NOT EDIT THIS FILE
    # It is automatically generated by grub-mkconfig using templates
    # from /etc/grub.d and settings from /etc/default/grub
    ### BEGIN /etc/grub.d/00_header ###
    insmod part_gpt
    insmod part_msdos
    if [ -s $prefix/grubenv ]; then
    load_env
    fi
    if [ "${next_entry}" ] ; then
    set default="${next_entry}"
    set next_entry=
    save_env next_entry
    set boot_once=true
    else
    set default="0"
    fi
    if [ x"${feature_menuentry_id}" = xy ]; then
    menuentry_id_option="--id"
    else
    menuentry_id_option=""
    fi
    export menuentry_id_option
    if [ "${prev_saved_entry}" ]; then
    set saved_entry="${prev_saved_entry}"
    save_env saved_entry
    set prev_saved_entry=
    save_env prev_saved_entry
    set boot_once=true
    fi
    function savedefault {
    if [ -z "${boot_once}" ]; then
    saved_entry="${chosen}"
    save_env saved_entry
    fi
    function load_video {
    if [ x$feature_all_video_module = xy ]; then
    insmod all_video
    else
    insmod efi_gop
    insmod efi_uga
    insmod ieee1275_fb
    insmod vbe
    insmod vga
    insmod video_bochs
    insmod video_cirrus
    fi
    if loadfont unicode ; then
    set gfxmode=auto
    load_video
    insmod gfxterm
    set locale_dir=$prefix/locale
    set lang=en_US
    insmod gettext
    fi
    terminal_input console
    terminal_output gfxterm
    set timeout=5
    ### END /etc/grub.d/00_header ###
    ### BEGIN /etc/grub.d/10_linux ###
    menuentry 'Arch Linux, with Linux core repo kernel' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-core repo kernel-true-e084640b-9864-4667-84a4-9f5fb0a43483' {
    load_video
    set gfxpayload=keep
    insmod gzio
    insmod part_msdos
    insmod ext2
    set root='hd0,msdos1'
    if [ x$feature_platform_search_hint = xy ]; then
    search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 802f1bee-db08-4896-87df-97c3883f58be
    else
    search --no-floppy --fs-uuid --set=root 802f1bee-db08-4896-87df-97c3883f58be
    fi
    echo 'Loading Linux core repo kernel ...'
    linux /vmlinuz-linux root=/dev/mapper/main-root rw cryptdevice=/dev/sda2:main quiet
    echo 'Loading initial ramdisk ...'
    initrd /initramfs-linux.img
    menuentry 'Arch Linux, with Linux core repo kernel (Fallback initramfs)' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-core repo kernel-fallback-e084640b-9864-4667-84a4-9f5fb0a43483' {
    load_video
    set gfxpayload=keep
    insmod gzio
    insmod part_msdos
    insmod ext2
    set root='hd0,msdos1'
    if [ x$feature_platform_search_hint = xy ]; then
    search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 802f1bee-db08-4896-87df-97c3883f58be
    else
    search --no-floppy --fs-uuid --set=root 802f1bee-db08-4896-87df-97c3883f58be
    fi
    echo 'Loading Linux core repo kernel ...'
    linux /vmlinuz-linux root=/dev/mapper/main-root rw cryptdevice=/dev/sda2:main quiet
    echo 'Loading initial ramdisk ...'
    initrd /initramfs-linux-fallback.img
    ### END /etc/grub.d/10_linux ###
    ### BEGIN /etc/grub.d/20_linux_xen ###
    ### END /etc/grub.d/20_linux_xen ###
    ### BEGIN /etc/grub.d/30_os-prober ###
    ### END /etc/grub.d/30_os-prober ###
    ### BEGIN /etc/grub.d/40_custom ###
    # This file provides an easy way to add custom menu entries. Simply type the
    # menu entries you want to add after this comment. Be careful not to change
    # the 'exec tail' line above.
    ### END /etc/grub.d/40_custom ###
    ### BEGIN /etc/grub.d/41_custom ###
    if [ -f ${config_directory}/custom.cfg ]; then
    source ${config_directory}/custom.cfg
    elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
    source $prefix/custom.cfg;
    fi
    ### END /etc/grub.d/41_custom ###
    ### BEGIN /etc/grub.d/60_memtest86+ ###
    ### END /etc/grub.d/60_memtest86+ ###
    and my default/grub
    GRUB_DEFAULT=0
    GRUB_TIMEOUT=5
    GRUB_DISTRIBUTOR="Arch"
    GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=/dev/sda2:main quiet"
    GRUB_CMDLINE_LINUX=""
    # Preload both GPT and MBR modules so that they are not missed
    GRUB_PRELOAD_MODULES="part_gpt part_msdos"
    # Uncomment to enable Hidden Menu, and optionally hide the timeout count
    #GRUB_HIDDEN_TIMEOUT=5
    #GRUB_HIDDEN_TIMEOUT_QUIET=true
    # Uncomment to use basic console
    GRUB_TERMINAL_INPUT=console
    # Uncomment to disable graphical terminal
    #GRUB_TERMINAL_OUTPUT=console
    # The resolution used on graphical terminal
    # note that you can use only modes which your graphic card supports via VBE
    # you can see them in real GRUB with the command `vbeinfo'
    GRUB_GFXMODE=auto
    # Uncomment to allow the kernel use the same resolution used by grub
    GRUB_GFXPAYLOAD_LINUX=keep
    # Uncomment if you want GRUB to pass to the Linux kernel the old parameter
    # format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
    #GRUB_DISABLE_LINUX_UUID=true
    # Uncomment to disable generation of recovery mode menu entries
    GRUB_DISABLE_RECOVERY=true
    # Uncomment and set to the desired menu colors. Used by normal and wallpaper
    # modes only. Entries specified as foreground/background.
    #GRUB_COLOR_NORMAL="light-blue/black"
    #GRUB_COLOR_HIGHLIGHT="light-cyan/blue"
    # Uncomment one of them for the gfx desired, a image background or a gfxtheme
    #GRUB_BACKGROUND="/path/to/wallpaper"
    #GRUB_THEME="/path/to/gfxtheme"
    # Uncomment to get a beep at GRUB start
    #GRUB_INIT_TUNE="480 440 1"
    #GRUB_SAVEDEFAULT="true"
    vconsole.conf
    KEYMAP="de-latin1-nodeadkeys"
    Last edited by ziv667 (2013-11-27 12:18:03)

    ziv667 wrote:HOOKS="base udev autodetect modconf encrypt lvm2 block filesystems keyboard fsck"
    Where's the keymap hook?
    HOOKS="base udev autodetect modconf keymap encrypt lvm2 block filesystems keyboard fsck"

  • [SOLVED] Can't boot from LUKS - No key available with this passphrase

    The problem
    Latest kbd package responsible for your keyboard layout may break some LUKS installs depending on the password used, as there are some keymaps which are broken, resulting in the user not being able to enter the password correctly.
    Relevant bug report: https://bugs.archlinux.org/task/36689
    The fix
    Find an old live image with the old kbd package (I had success with 2012.11.01)
    Boot the image
    Change to your preferred keymap using
    loadkeys
    Open your encrypted device with
    cryptsetup luksOpen /path/to/device devicename
    Mount the device and any other relevant mount points (such as /boot) and perform a chroot with
    arch-chroot
    Revert the kbd package. The latest working version is 1.15.5-4. If you didn't clean your cache, you should have a working version under
    /var/cache/pacman/pkg
    If not, either try finding the package manually, or build it using ABS.
    Once the package is installed, confirm the keymap works by running loadkeys again and entering any keys that may have been problematic.
    While still under chroot, rebuild the initramfs with
    mkinitcpio -p linux
    If this goes without any problems, you should be able to reboot to a working system.
    Ever since I updated my system about a week ago, I cannot boot it anymore.
    The root filesystem encrypted and since the update, I can't unlock it on boot anymore. Typing in my passphrase, I get the error No key available with this passphrase.
    One thing that comes to mind is that the passphrase contains non-standard characters (Š for example), and I'm not sure if that's what might be causing problems?
    Any ideas or tips on how can I debug this?
    Another thing I've noticed is that if I drop into a recovery shell, the special characters on my keyboard aren't properly mapped. Š will print out C and it's hexdump seems invalid.
    Edit:
    Just noticed this thread: https://bbs.archlinux.org/viewtopic.php?id=148562
    Will try to unlock it from a live distro. It doesn't seem to want to unlock with Arch live as the keymap seems wrong there as well.
    Last edited by Mr. Pjer (2013-09-07 00:19:27)

    Here's the list. The update was done on 31/8.
    [2013-08-31 18:14] [PACMAN] Running 'pacman -Syu'
    [2013-08-31 18:14] [PACMAN] synchronizing package lists
    [2013-08-31 18:14] [PACMAN] starting full system upgrade
    [2013-08-31 18:34] [PACMAN] removed python2-distribute (0.6.45-1)
    [2013-08-31 18:34] [PACMAN] removed python-distribute (0.6.45-1)
    [2013-08-31 18:34] [ALPM-SCRIPTLET] ==> Appending keys from archlinux.gpg...
    [2013-08-31 18:34] [ALPM-SCRIPTLET] gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
    [2013-08-31 18:34] [ALPM-SCRIPTLET] gpg: depth: 0 valid: 1 signed: 5 trust: 0-, 0q, 0n, 0m, 0f, 1u
    [2013-08-31 18:34] [ALPM-SCRIPTLET] gpg: depth: 1 valid: 5 signed: 65 trust: 0-, 0q, 0n, 5m, 0f, 0u
    [2013-08-31 18:34] [ALPM-SCRIPTLET] gpg: depth: 2 valid: 65 signed: 3 trust: 65-, 0q, 0n, 0m, 0f, 0u
    [2013-08-31 18:34] [ALPM-SCRIPTLET] gpg: next trustdb check due at 2014-01-22
    [2013-08-31 18:34] [ALPM-SCRIPTLET] ==> Locally signing trusted keys in keyring...
    [2013-08-31 18:34] [ALPM-SCRIPTLET] -> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
    [2013-08-31 18:34] [ALPM-SCRIPTLET] -> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
    [2013-08-31 18:34] [ALPM-SCRIPTLET] -> Locally signing key 44D4A033AC140143927397D47EFD567D4C7EA887...
    [2013-08-31 18:34] [ALPM-SCRIPTLET] -> Locally signing key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
    [2013-08-31 18:34] [ALPM-SCRIPTLET] -> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
    [2013-08-31 18:34] [ALPM-SCRIPTLET] ==> Importing owner trust values...
    [2013-08-31 18:34] [ALPM-SCRIPTLET] ==> Disabling revoked keys in keyring...
    [2013-08-31 18:34] [ALPM-SCRIPTLET] -> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350...
    [2013-08-31 18:34] [ALPM-SCRIPTLET] ==> Updating trust database...
    [2013-08-31 18:34] [ALPM-SCRIPTLET] gpg: next trustdb check due at 2014-01-22
    [2013-08-31 18:34] [PACMAN] upgraded archlinux-keyring (20130525-2 -> 20130818-1)
    [2013-08-31 18:34] [ALPM-SCRIPTLET]
    [2013-08-31 18:34] [ALPM-SCRIPTLET] NOTE for argyllcms:
    [2013-08-31 18:34] [ALPM-SCRIPTLET] ----
    [2013-08-31 18:34] [ALPM-SCRIPTLET] ==> The documentaion is only available as html!
    [2013-08-31 18:34] [ALPM-SCRIPTLET] ==> You will find it in /usr/share/argyllcms/doc
    [2013-08-31 18:34] [ALPM-SCRIPTLET] ==> Color charts located in /usr/share/argyllcms/ref
    [2013-08-31 18:34] [ALPM-SCRIPTLET] ==> Since release 1.5.0 ColorHug support is enabled by default. The environment variable "ENABLE_COLORHUG" is not longer needed!
    [2013-08-31 18:34] [ALPM-SCRIPTLET] ==> Please add your argyllcms user to plugdev group! <==
    [2013-08-31 18:34] [PACMAN] upgraded argyllcms (1.5.1-2 -> 1.6.0-1)
    [2013-08-31 18:34] [PACMAN] upgraded linux-api-headers (3.8.4-1 -> 3.10.6-1)
    [2013-08-31 18:34] [ALPM-SCRIPTLET] Generating locales...
    [2013-08-31 18:34] [ALPM-SCRIPTLET] en_US.UTF-8... done
    [2013-08-31 18:34] [ALPM-SCRIPTLET] hr_HR.UTF-8... done
    [2013-08-31 18:34] [ALPM-SCRIPTLET] Generation complete.
    [2013-08-31 18:34] [PACMAN] upgraded glibc (2.17-6 -> 2.18-3)
    [2013-08-31 18:34] [PACMAN] upgraded bash (4.2.045-4 -> 4.2.045-5)
    [2013-08-31 18:34] [PACMAN] upgraded binutils (2.23.2-2 -> 2.23.2-3)
    [2013-08-31 18:34] [PACMAN] upgraded boost-libs (1.54.0-2 -> 1.54.0-3)
    [2013-08-31 18:34] [PACMAN] upgraded ca-certificates-java (20121112+nmu2-2 -> 20130815-1)
    [2013-08-31 18:34] [PACMAN] upgraded glib2 (2.36.3-3 -> 2.36.4-1)
    [2013-08-31 18:34] [PACMAN] upgraded wayland (1.2.0-1 -> 1.2.1-1)
    [2013-08-31 18:34] [PACMAN] upgraded gcc-libs (4.8.1-2 -> 4.8.1-3)
    [2013-08-31 18:34] [PACMAN] installed elfutils (0.155-1)
    [2013-08-31 18:34] [PACMAN] installed llvm-libs (3.3-1)
    [2013-08-31 18:34] [PACMAN] upgraded mesa (9.1.6-1 -> 9.2.0-1)
    [2013-08-31 18:34] [PACMAN] upgraded mesa-libgl (9.1.6-1 -> 9.2.0-1)
    [2013-08-31 18:34] [PACMAN] upgraded cairo (1.12.14-4 -> 1.12.16-1)
    [2013-08-31 18:34] [PACMAN] upgraded ttf-dejavu (2.33-4 -> 2.34-1)
    [2013-08-31 18:34] [PACMAN] upgraded chromium (28.0.1500.95-1 -> 29.0.1547.62-1)
    [2013-08-31 18:34] [PACMAN] upgraded curl (7.31.0-1 -> 7.32.0-1)
    [2013-08-31 18:34] [PACMAN] upgraded libarchive (3.1.2-1 -> 3.1.2-2)
    [2013-08-31 18:34] [PACMAN] upgraded cmake (2.8.11.2-1 -> 2.8.11.2-2)
    [2013-08-31 18:34] [PACMAN] upgraded cpupower (3.10-1 -> 3.10-2)
    [2013-08-31 18:34] [PACMAN] upgraded device-mapper (2.02.98-4 -> 2.02.100-1)
    [2013-08-31 18:34] [PACMAN] upgraded cryptsetup (1.6.1-2 -> 1.6.2-1)
    [2013-08-31 18:34] [PACMAN] upgraded poppler (0.24.0-1 -> 0.24.1-1)
    [2013-08-31 18:34] [PACMAN] upgraded cups-filters (1.0.35-4 -> 1.0.37-1)
    [2013-08-31 18:34] [PACMAN] installed python2-setuptools (1.0-1)
    [2013-08-31 18:34] [PACMAN] upgraded deluge (1.3.6-1 -> 1.3.6-3)
    [2013-08-31 18:34] [PACMAN] upgraded dhcpcd (6.0.4-1 -> 6.0.5-1)
    [2013-08-31 18:34] [PACMAN] upgraded python2-numpy (1.7.1-1 -> 1.7.1-2)
    [2013-08-31 18:34] [PACMAN] upgraded dispcalgui (1.2.7.0-1 -> 1.2.7.0-2)
    [2013-08-31 18:34] [PACMAN] upgraded ffmpeg (1:2.0-2 -> 1:2.0.1-1)
    [2013-08-31 18:34] [PACMAN] upgraded gtk3 (3.8.2-1 -> 3.8.4-1)
    [2013-08-31 18:34] [PACMAN] upgraded file-roller (3.8.3-1 -> 3.8.4-1)
    [2013-08-31 18:34] [PACMAN] upgraded gcc (4.8.1-2 -> 4.8.1-3)
    [2013-08-31 18:34] [PACMAN] upgraded gettext (0.18.3-1 -> 0.18.3.1-1)
    [2013-08-31 18:34] [PACMAN] upgraded libtiff (4.0.3-2 -> 4.0.3-3)
    [2013-08-31 18:34] [PACMAN] upgraded ghostscript (9.07-2 -> 9.09-1)
    [2013-08-31 18:34] [PACMAN] upgraded librsvg (2.37.0-2 -> 1:2.37.0-1)
    [2013-08-31 18:34] [PACMAN] upgraded libmng (1.0.10-4 -> 2.0.2-2)
    [2013-08-31 18:34] [PACMAN] upgraded gimp (2.8.6-1 -> 2.8.6-2)
    [2013-08-31 18:34] [PACMAN] upgraded perl (5.18.0-1 -> 5.18.1-1)
    [2013-08-31 18:34] [PACMAN] upgraded perl-error (0.17020-1 -> 0.17021-1)
    [2013-08-31 18:34] [PACMAN] upgraded git (1.8.3.4-1 -> 1.8.4-1)
    [2013-08-31 18:34] [PACMAN] upgraded glew (1.10.0-1 -> 1.10.0-2)
    [2013-08-31 18:34] [PACMAN] upgraded glfw (3.0.1-2 -> 3.0.2-1)
    [2013-08-31 18:34] [PACMAN] upgraded glm (0.9.4.4-1 -> 0.9.4.5-1)
    [2013-08-31 18:34] [PACMAN] upgraded gnupg (2.0.20-2 -> 2.0.21-1)
    [2013-08-31 18:34] [PACMAN] upgraded gpgme (1.4.2-2 -> 1.4.3-1)
    [2013-08-31 18:35] [PACMAN] upgraded grails (2.2.3-1 -> 2.2.4-1)
    [2013-08-31 18:35] [PACMAN] upgraded groff (1.22.2-3 -> 1.22.2-5)
    [2013-08-31 18:35] [PACMAN] upgraded gstreamer (1.0.9-1 -> 1.0.10-1)
    [2013-08-31 18:35] [PACMAN] upgraded gst-plugins-base-libs (1.0.9-1 -> 1.0.10-1)
    [2013-08-31 18:35] [PACMAN] upgraded imagemagick (6.8.6.4-1 -> 6.8.6.9-1)
    [2013-08-31 18:35] [PACMAN] upgraded intel-dri (9.1.6-1 -> 9.2.0-1)
    [2013-08-31 18:35] [PACMAN] upgraded iputils (20121221-2 -> 20121221-3)
    [2013-08-31 18:35] [PACMAN] upgraded isl (0.12-1 -> 0.12.1-1)
    [2013-08-31 18:35] [PACMAN] upgraded kbd (1.15.5-4 -> 2.0.0-1)
    [2013-08-31 18:35] [PACMAN] upgraded kdelibs (4.10.5-2 -> 4.11.0-1)
    [2013-08-31 18:35] [PACMAN] upgraded kmod (14-1 -> 15-1)
    [2013-08-31 18:35] [PACMAN] upgraded lib32-glibc (2.17-5 -> 2.18-3)
    [2013-08-31 18:35] [PACMAN] upgraded lib32-gcc-libs (4.8.1-2 -> 4.8.1-3)
    [2013-08-31 18:35] [PACMAN] upgraded libbsd (0.5.2-2 -> 0.6.0-1)
    [2013-08-31 18:35] [PACMAN] upgraded libfm (1.1.1-1 -> 1.1.2-1)
    [2013-08-31 18:35] [PACMAN] upgraded libgdiplus (2.10.9-1 -> 2.10.9-2)
    [2013-08-31 18:35] [PACMAN] upgraded libreoffice-en-GB (4.0.4-1 -> 4.0.5-1)
    [2013-08-31 18:35] [PACMAN] upgraded libreoffice-common (4.0.4-2 -> 4.0.5-1)
    [2013-08-31 18:35] [PACMAN] upgraded libreoffice-base (4.0.4-2 -> 4.0.5-1)
    [2013-08-31 18:35] [PACMAN] upgraded libreoffice-calc (4.0.4-2 -> 4.0.5-1)
    [2013-08-31 18:35] [PACMAN] upgraded libreoffice-draw (4.0.4-2 -> 4.0.5-1)
    [2013-08-31 18:35] [PACMAN] upgraded libreoffice-gnome (4.0.4-2 -> 4.0.5-1)
    [2013-08-31 18:35] [PACMAN] upgraded libreoffice-impress (4.0.4-2 -> 4.0.5-1)
    [2013-08-31 18:35] [PACMAN] upgraded libreoffice-kde4 (4.0.4-2 -> 4.0.5-1)
    [2013-08-31 18:35] [PACMAN] upgraded libreoffice-math (4.0.4-2 -> 4.0.5-1)
    [2013-08-31 18:35] [PACMAN] upgraded libreoffice-postgresql-connector (4.0.4-2 -> 4.0.5-1)
    [2013-08-31 18:35] [PACMAN] upgraded libreoffice-sdk (4.0.4-2 -> 4.0.5-1)
    [2013-08-31 18:35] [PACMAN] upgraded libreoffice-sdk-doc (4.0.4-2 -> 4.0.5-1)
    [2013-08-31 18:35] [PACMAN] upgraded libwpd (0.9.6-1 -> 0.9.9-1)
    [2013-08-31 18:35] [PACMAN] upgraded libreoffice-writer (4.0.4-2 -> 4.0.5-1)
    [2013-08-31 18:35] [PACMAN] upgraded libsamplerate (0.1.8-1 -> 0.1.8-2)
    [2013-08-31 18:35] [PACMAN] upgraded libwbclient (4.0.8-1 -> 4.0.9-1)
    [2013-08-31 18:35] [ALPM-SCRIPTLET] >>> Updating module dependencies. Please wait ...
    [2013-08-31 18:35] [ALPM-SCRIPTLET] >>> Generating initial ramdisk, using mkinitcpio. Please wait...
    [2013-08-31 18:35] [ALPM-SCRIPTLET] ==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default'
    [2013-08-31 18:35] [ALPM-SCRIPTLET] -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux.img
    [2013-08-31 18:35] [ALPM-SCRIPTLET] ==> Starting build: 3.10.10-1-ARCH
    [2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [base]
    [2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [udev]
    [2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [autodetect]
    [2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [modconf]
    [2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [block]
    [2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [keymap]
    [2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [encrypt]
    [2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [filesystems]
    [2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [keyboard]
    [2013-08-31 18:35] [ALPM-SCRIPTLET] ==> Generating module dependencies
    [2013-08-31 18:35] [ALPM-SCRIPTLET] ==> Creating gzip initcpio image: /boot/initramfs-linux.img
    [2013-08-31 18:35] [ALPM-SCRIPTLET] ==> Image generation successful
    [2013-08-31 18:35] [ALPM-SCRIPTLET] ==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'fallback'
    [2013-08-31 18:35] [ALPM-SCRIPTLET] -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-fallback.img -S autodetect
    [2013-08-31 18:35] [ALPM-SCRIPTLET] ==> Starting build: 3.10.10-1-ARCH
    [2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [base]
    [2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [udev]
    [2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [modconf]
    [2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [block]
    [2013-08-31 18:35] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: aic94xx
    [2013-08-31 18:35] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: bfa
    [2013-08-31 18:35] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: smsmdtv
    [2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [keymap]
    [2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [encrypt]
    [2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [filesystems]
    [2013-08-31 18:35] [ALPM-SCRIPTLET] -> Running build hook: [keyboard]
    [2013-08-31 18:35] [ALPM-SCRIPTLET] ==> Generating module dependencies
    [2013-08-31 18:35] [ALPM-SCRIPTLET] ==> Creating gzip initcpio image: /boot/initramfs-linux-fallback.img
    [2013-08-31 18:35] [ALPM-SCRIPTLET] ==> Image generation successful
    [2013-08-31 18:35] [PACMAN] upgraded linux (3.10.5-1 -> 3.10.10-1)
    [2013-08-31 18:35] [PACMAN] upgraded linux-headers (3.10.5-1 -> 3.10.10-1)
    [2013-08-31 18:35] [PACMAN] upgraded logrotate (3.8.5-1 -> 3.8.6-1)
    [2013-08-31 18:35] [ALPM] warning: /etc/lvm/lvm.conf installed as /etc/lvm/lvm.conf.pacnew
    [2013-08-31 18:35] [PACMAN] upgraded lvm2 (2.02.98-4 -> 2.02.100-1)
    [2013-08-31 18:35] [PACMAN] upgraded maven (3.0.5-1 -> 3.1.0-1)
    [2013-08-31 18:35] [PACMAN] upgraded net-snmp (5.7.2-7 -> 5.7.2-8)
    [2013-08-31 18:36] [PACMAN] upgraded nodejs (0.10.15-1 -> 0.10.17-1)
    [2013-08-31 18:36] [PACMAN] upgraded obex-data-server (0.4.6-7 -> 0.4.6-8)
    [2013-08-31 18:36] [PACMAN] upgraded openresolv (3.5.5-1 -> 3.5.6-1)
    [2013-08-31 18:36] [ALPM] warning: /etc/pacman.d/mirrorlist installed as /etc/pacman.d/mirrorlist.pacnew
    [2013-08-31 18:36] [PACMAN] upgraded pacman-mirrorlist (20130626-1 -> 20130830-1)
    [2013-08-31 18:36] [PACMAN] upgraded pcmanfm (1.1.1-1 -> 1.1.2-1)
    [2013-08-31 18:36] [ALPM] warning: /etc/php/php.ini installed as /etc/php/php.ini.pacnew
    [2013-08-31 18:36] [PACMAN] upgraded php (5.4.17-1 -> 5.5.3-1)
    [2013-08-31 18:36] [PACMAN] upgraded php-pear (5.4.17-1 -> 5.5.3-1)
    [2013-08-31 18:36] [PACMAN] upgraded poppler-glib (0.24.0-1 -> 0.24.1-1)
    [2013-08-31 18:36] [PACMAN] installed python-setuptools (1.0-1)
    [2013-08-31 18:36] [PACMAN] upgraded python-pip (1.4-1 -> 1.4.1-2)
    [2013-08-31 18:36] [PACMAN] upgraded python2-markupsafe (0.18-1 -> 0.18-2)
    [2013-08-31 18:36] [PACMAN] upgraded python2-mako (0.8.1-1 -> 0.8.1-2)
    [2013-08-31 18:36] [PACMAN] upgraded python2-pip (1.4-1 -> 1.4.1-2)
    [2013-08-31 18:36] [PACMAN] upgraded python2-zope-interface (4.0.5-1 -> 4.0.5-2)
    [2013-08-31 18:36] [PACMAN] upgraded sqlite (3.7.17-1 -> 3.8.0.1-1)
    [2013-08-31 18:36] [PACMAN] upgraded qt4 (4.8.5-1 -> 4.8.5-2)
    [2013-08-31 18:36] [PACMAN] upgraded redshift (1.7-6 -> 1.7-7)
    [2013-08-31 18:36] [PACMAN] upgraded reiserfsprogs (3.6.23-1 -> 3.6.24-1)
    [2013-08-31 18:36] [PACMAN] upgraded run-parts (4.3.4-1 -> 4.4-1)
    [2013-08-31 18:36] [PACMAN] upgraded smbclient (4.0.8-1 -> 4.0.9-1)
    [2013-08-31 18:36] [PACMAN] upgraded samba (4.0.8-1 -> 4.0.9-1)
    [2013-08-31 18:36] [PACMAN] upgraded serf (1.2.1-1 -> 1.3.0-1)
    [2013-08-31 18:36] [PACMAN] upgraded smartmontools (6.1-3 -> 6.2-1)
    [2013-08-31 18:36] [PACMAN] upgraded subversion (1.8.1-1 -> 1.8.1-2)
    [2013-08-31 18:36] [PACMAN] upgraded vim-runtime (7.3.1287-1 -> 7.4.0-2)
    [2013-08-31 18:36] [PACMAN] upgraded vim (7.3.1287-1 -> 7.4.0-2)
    [2013-08-31 18:36] [PACMAN] upgraded wicd (1.7.2.4-7 -> 1.7.2.4-9)
    [2013-08-31 18:36] [PACMAN] upgraded wicd-gtk (1.7.2.4-7 -> 1.7.2.4-9)
    [2013-08-31 18:36] [ALPM-SCRIPTLET] >>> This driver now uses SNA as the default acceleration method. You can
    [2013-08-31 18:36] [ALPM-SCRIPTLET] still fall back to UXA if you run into trouble. To do so, save a file
    [2013-08-31 18:36] [ALPM-SCRIPTLET] with the following content as /etc/X11/xorg.conf.d/20-intel.conf :
    [2013-08-31 18:36] [ALPM-SCRIPTLET] Section "Device"
    [2013-08-31 18:36] [ALPM-SCRIPTLET] Identifier "Intel Graphics"
    [2013-08-31 18:36] [ALPM-SCRIPTLET] Driver "intel"
    [2013-08-31 18:36] [ALPM-SCRIPTLET] Option "AccelMethod" "uxa"
    [2013-08-31 18:36] [ALPM-SCRIPTLET] EndSection
    [2013-08-31 18:36] [PACMAN] upgraded xf86-video-intel (2.21.14-1 -> 2.21.15-1)
    [2013-08-31 18:36] [PACMAN] upgraded xorg-xset (1.2.2-2 -> 1.2.3-1)
    I've just tried rebuilding the initramfs. It goes through without errors, but still won't accept my password on boot.

  • [SOLVED]Grub fails to open dm-crypt+LUKS volume on boot(Waiting 10s..)

    I know there are quite a few solved posts like these but it's usually because of "mkinitcpio -p linux" not being regenerated.
    My problem is after boot Grub says:
    running hook [udev]
    running hook [encrypt]
    Waiting 10 seconds for device /dev/disk/by-uuid/d1d0825c-25d1-4cbe-811f-725d9ef8d034>...
    ERROR: device 'UUID=d1d0825c-25d1-4cbe-811f-725d9ef8d034' not found. Skipping fsck.
    ERROR: Unable to find root device 'UUID=d1d0825c-25d1-4cbe-811f-725d9ef8d034'.
    Here are all the files that I think would be needed for this:
    /etc/fstab
    # /etc/fstab: static file system information
    # <file system> <dir> <type> <options> <dump> <pass>
    #/dev/mapper/cryptroot / ext4 rw,realtime,data=ordered 0 1
    UUID=d1d0825c-25d1-4cbe-811f-725d9ef8d034 / ext4 rw,relatime,data=ordered 0 1
    #/dev/sda5 /boot ext4 rw,relatime,data=ordered 0 2
    UUID=d04b37b1-4dfb-451c-b582-b9d95ca8fe22 /boot ext4 rw,relatime,data=ordered 0 2
    lsblk
    NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
    sda 8:0 0 298.1G 0 disk
    ├─sda1 8:1 0 100M 0 part
    ├─sda2 8:2 0 97.6G 0 part
    ├─sda3 8:3 0 1K 0 part
    ├─sda5 8:5 0 300M 0 part
    ├─sda6 8:6 0 50G 0 part
    │ └─cryptroot 254:1 0 50G 0 crypt /
    ├─sda7 8:7 0 1G 0 part
    └─sda8 8:8 0 149.1G 0 part
    sdb 8:16 1 29.3G 0 disk
    ├─sdb1 8:17 1 558M 0 part
    └─sdb2 8:18 1 31M 0 part
    sdc 8:32 1 15G 0 disk
    └─sdc1 8:33 1 15G 0 part /mnt/usb
    sr0 11:0 1 1024M 0 rom
    loop0 7:0 0 240.9M 1 loop
    loop1 7:1 0 1.5G 1 loop
    └─arch_root-image 254:0 0 1.5G 0 dm /etc/resolv.conf
    loop2 7:2 0 1.5G 0 loop
    └─arch_root-image 254:0 0 1.5G 0 dm /etc/resolv.conf
    blkid
    /dev/sda1: LABEL="System Reserved" UUID="3A481C2D481BE703" TYPE="ntfs" PARTUUID="850a6169-01"
    /dev/sda2: UUID="EE3443C234438D11" TYPE="ntfs" PARTUUID="850a6169-02"
    /dev/sda5: UUID="d04b37b1-4dfb-451c-b582-b9d95ca8fe22" TYPE="ext4" PARTUUID="850a6169-05"
    /dev/sda6: UUID="691c218e-658f-47ff-8296-6b266b2c06c9" TYPE="crypto_LUKS" PARTUUID="850a6169-06"
    /dev/sdb1: UUID="2014-07-03-18-41-56-00" LABEL="ARCH_201407" TYPE="iso9660" PTUUID="6039e1c4" PTTYPE="dos" PARTUUID="6039e1c4-01"
    /dev/sdb2: SEC_TYPE="msdos" LABEL="ARCHISO_EFI" UUID="3B47-A69A" TYPE="vfat" PARTUUID="6039e1c4-02"
    /dev/loop0: TYPE="squashfs"
    /dev/loop1: UUID="5857fcdc-02d9-4d16-aeb5-00d786995ffc" TYPE="ext4"
    /dev/loop2: UUID="5857fcdc-02d9-4d16-aeb5-00d786995ffc" TYPE="ext4"
    /dev/mapper/arch_root-image: UUID="5857fcdc-02d9-4d16-aeb5-00d786995ffc" TYPE="ext4"
    /dev/mapper/cryptroot: UUID="d1d0825c-25d1-4cbe-811f-725d9ef8d034" TYPE="ext4"
    /dev/sdc1: UUID="86D3-3C7E" TYPE="vfat" PARTUUID="c3072e18-01"
    /dev/sda7: PARTUUID="850a6169-07"
    /dev/sda8: PARTUUID="850a6169-08"
    /etc/default/grub
    GRUB_DEFAULT=0
    GRUB_TIMEOUT=5
    GRUB_DISTRIBUTOR="Arch"
    GRUB_CMDLINE_LINUX_DEFAULT="quiet"
    GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda6:cryptroot"
    # Preload both GPT and MBR modules so that they are not missed
    GRUB_PRELOAD_MODULES="part_gpt part_msdos"
    # Uncomment to enable Hidden Menu, and optionally hide the timeout count
    #GRUB_HIDDEN_TIMEOUT=5
    #GRUB_HIDDEN_TIMEOUT_QUIET=true
    # Uncomment to use basic console
    GRUB_TERMINAL_INPUT=console
    # Uncomment to disable graphical terminal
    #GRUB_TERMINAL_OUTPUT=console
    # The resolution used on graphical terminal
    # note that you can use only modes which your graphic card supports via VBE
    # you can see them in real GRUB with the command `vbeinfo'
    GRUB_GFXMODE=auto
    # Uncomment to allow the kernel use the same resolution used by grub
    GRUB_GFXPAYLOAD_LINUX=keep
    # Uncomment if you want GRUB to pass to the Linux kernel the old parameter
    # format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
    #GRUB_DISABLE_LINUX_UUID=true
    # Uncomment to disable generation of recovery mode menu entries
    GRUB_DISABLE_RECOVERY=true
    # Uncomment and set to the desired menu colors. Used by normal and wallpaper
    # modes only. Entries specified as foreground/background.
    #GRUB_COLOR_NORMAL="light-blue/black"
    #GRUB_COLOR_HIGHLIGHT="light-cyan/blue"
    # Uncomment one of them for the gfx desired, a image background or a gfxtheme
    #GRUB_BACKGROUND="/path/to/wallpaper"
    #GRUB_THEME="/path/to/gfxtheme"
    # Uncomment to get a beep at GRUB start
    #GRUB_INIT_TUNE="480 440 1"
    #GRUB_SAVEDEFAULT="true"
    /boot/grub/grub.cfg
    # DO NOT EDIT THIS FILE
    # It is automatically generated by grub-mkconfig using templates
    # from /etc/grub.d and settings from /etc/default/grub
    ### BEGIN /etc/grub.d/00_header ###
    insmod part_gpt
    insmod part_msdos
    if [ -s $prefix/grubenv ]; then
    load_env
    fi
    if [ "${next_entry}" ] ; then
    set default="${next_entry}"
    set next_entry=
    save_env next_entry
    set boot_once=true
    else
    set default="0"
    fi
    if [ x"${feature_menuentry_id}" = xy ]; then
    menuentry_id_option="--id"
    else
    menuentry_id_option=""
    fi
    export menuentry_id_option
    if [ "${prev_saved_entry}" ]; then
    set saved_entry="${prev_saved_entry}"
    save_env saved_entry
    set prev_saved_entry=
    save_env prev_saved_entry
    set boot_once=true
    fi
    function savedefault {
    if [ -z "${boot_once}" ]; then
    saved_entry="${chosen}"
    save_env saved_entry
    fi
    function load_video {
    if [ x$feature_all_video_module = xy ]; then
    insmod all_video
    else
    insmod efi_gop
    insmod efi_uga
    insmod ieee1275_fb
    insmod vbe
    insmod vga
    insmod video_bochs
    insmod video_cirrus
    fi
    if loadfont unicode ; then
    set gfxmode=auto
    load_video
    insmod gfxterm
    set locale_dir=$prefix/locale
    set lang=en_US
    insmod gettext
    fi
    terminal_input console
    terminal_output gfxterm
    if [ x$feature_timeout_style = xy ] ; then
    set timeout_style=menu
    set timeout=5
    # Fallback normal timeout code in case the timeout_style feature is
    # unavailable.
    else
    set timeout=5
    fi
    ### END /etc/grub.d/00_header ###
    ### BEGIN /etc/grub.d/10_linux ###
    menuentry 'Arch Linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-d1d0825c-25d1-4cbe-811f-725d9ef8d034' {
    load_video
    set gfxpayload=keep
    insmod gzio
    insmod part_msdos
    insmod cryptodisk luks gcry_rijndael gcry_rijndael gcry_sha1
    insmod ext2
    set root='cryptouuid/691c218e658f47ff82966b266b2c06c9'
    if [ x$feature_platform_search_hint = xy ]; then
    search --no-floppy --fs-uuid --set=root --hint='cryptouuid/691c218e658f47ff82966b266b2c06c9' d1d0825c-25d1-4cbe-811f-725d9ef8d034
    else
    search --no-floppy --fs-uuid --set=root d1d0825c-25d1-4cbe-811f-725d9ef8d034
    fi
    echo 'Loading Linux linux ...'
    linux /boot/vmlinuz-linux root=UUID=d1d0825c-25d1-4cbe-811f-725d9ef8d034 rw cryptdevice=/dev/sda6:cryptroot quiet
    echo 'Loading initial ramdisk ...'
    initrd /boot/initramfs-linux.img
    submenu 'Advanced options for Arch Linux' $menuentry_id_option 'gnulinux-advanced-d1d0825c-25d1-4cbe-811f-725d9ef8d034' {
    menuentry 'Arch Linux, with Linux linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-advanced-d1d0825c-25d1-4cbe-811f-725d9ef8d034' {
    load_video
    set gfxpayload=keep
    insmod gzio
    insmod part_msdos
    insmod cryptodisk luks gcry_rijndael gcry_rijndael gcry_sha1
    insmod ext2
    set root='cryptouuid/691c218e658f47ff82966b266b2c06c9'
    if [ x$feature_platform_search_hint = xy ]; then
    search --no-floppy --fs-uuid --set=root --hint='cryptouuid/691c218e658f47ff82966b266b2c06c9' d1d0825c-25d1-4cbe-811f-725d9ef8d034
    else
    search --no-floppy --fs-uuid --set=root d1d0825c-25d1-4cbe-811f-725d9ef8d034
    fi
    echo 'Loading Linux linux ...'
    linux /boot/vmlinuz-linux root=UUID=d1d0825c-25d1-4cbe-811f-725d9ef8d034 rw cryptdevice=/dev/sda6:cryptroot quiet
    echo 'Loading initial ramdisk ...'
    initrd /boot/initramfs-linux.img
    menuentry 'Arch Linux, with Linux linux (fallback initramfs)' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-fallback-d1d0825c-25d1-4cbe-811f-725d9ef8d034' {
    load_video
    set gfxpayload=keep
    insmod gzio
    insmod part_msdos
    insmod cryptodisk luks gcry_rijndael gcry_rijndael gcry_sha1
    insmod ext2
    set root='cryptouuid/691c218e658f47ff82966b266b2c06c9'
    if [ x$feature_platform_search_hint = xy ]; then
    search --no-floppy --fs-uuid --set=root --hint='cryptouuid/691c218e658f47ff82966b266b2c06c9' d1d0825c-25d1-4cbe-811f-725d9ef8d034
    else
    search --no-floppy --fs-uuid --set=root d1d0825c-25d1-4cbe-811f-725d9ef8d034
    fi
    echo 'Loading Linux linux ...'
    linux /boot/vmlinuz-linux root=UUID=d1d0825c-25d1-4cbe-811f-725d9ef8d034 rw cryptdevice=/dev/sda6:cryptroot quiet
    echo 'Loading initial ramdisk ...'
    initrd /boot/initramfs-linux-fallback.img
    ### END /etc/grub.d/10_linux ###
    ### BEGIN /etc/grub.d/20_linux_xen ###
    ### END /etc/grub.d/20_linux_xen ###
    ### BEGIN /etc/grub.d/30_os-prober ###
    ### END /etc/grub.d/30_os-prober ###
    ### BEGIN /etc/grub.d/40_custom ###
    # This file provides an easy way to add custom menu entries. Simply type the
    # menu entries you want to add after this comment. Be careful not to change
    # the 'exec tail' line above.
    ### END /etc/grub.d/40_custom ###
    ### BEGIN /etc/grub.d/41_custom ###
    if [ -f ${config_directory}/custom.cfg ]; then
    source ${config_directory}/custom.cfg
    elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
    source $prefix/custom.cfg;
    fi
    ### END /etc/grub.d/41_custom ###
    ### BEGIN /etc/grub.d/60_memtest86+ ###
    ### END /etc/grub.d/60_memtest86+ ###
    Things I tried:
    Replace this line in grub.cfg with
    linux /boot/vmlinuz-linux root=UUID=d1d0825c-25d1-4cbe-811f-725d9ef8d034 rw cryptdevice=UUID=d1d0825c-25d1-4cbe-811f-725d9ef8d034:cryptroot quiet
    Do mkinitcpio -p linux but the hook ecrypt is there, so I assume it's a grub issue.
    In
    /etc/default/grub
    replace GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda6:cryptroot" with actual UUID, etc.
    Grub config was made with
    grub-mkconfig -o /boot/grub/grub.cfg
    Grub was installed with
    grub-install --target=i386-pc --recheck /dev/sda
    Last edited by shape (2014-07-21 15:23:05)

    Welcome to the forum :-)
    Please remember to mark the thread as solved https://bbs.archlinux.org/viewtopic.php?id=130309
    When posting configs, code or command output, please use [ code ] tags, not [ quote ] tags https://bbs.archlinux.org/help.php#bbcode
    like this
    It makes the code more readable and - in case of longer listings - more convenient to scroll through.

  • Splashy stopped working after update, whole computer freezes instead o

    I update by "pacman -Syu" yesterday, and when I started up my computer today (no restart yesterday) it freezes where everything should start loading.
    I get the splash image I have choosen with splashy, but it doesn't load anything, it just stops there.
    If I remove "quiet splash" from the kernel bootline everything works fine again, except that I don't have any boot splash.
    I'm running x86_64 version of Arch on my laptop (Acer Aspire TimelineX 3820TG).
    This is what pacman.log says got updated:
    [2011-05-07 11:55] Running 'pacman -S network-manager-applet'
    [2011-05-07 11:56] upgraded network-manager-applet (0.8.998-2 -> 0.8.999-1)
    [2011-05-07 12:09] Running 'pacman -Syy'
    [2011-05-07 12:09] synchronizing package lists
    [2011-05-07 12:09] Running 'pacman -Syu'
    [2011-05-07 12:09] synchronizing package lists
    [2011-05-07 12:09] starting full system upgrade
    [2011-05-07 12:12] upgraded binutils (2.21-6 -> 2.21-7)
    [2011-05-07 12:12] upgraded run-parts (3.4.1-1 -> 3.4.4-1)
    [2011-05-07 12:12] upgraded coreutils (8.11-1 -> 8.12-1)
    [2011-05-07 12:12] Updating certificates. This might take a while...
    [2011-05-07 12:12] upgraded ca-certificates (20090814+nmu2-1 -> 20110421-3)
    [2011-05-07 12:12] upgraded dcron (4.4-2 -> 4.5-2)
    [2011-05-07 12:12] upgraded gcc-libs (4.6.0-3 -> 4.6.0-4)
    [2011-05-07 12:12] upgraded lib32-gcc-libs (4.6.0-3 -> 4.6.0-4)
    [2011-05-07 12:12] upgraded nspluginwrapper (1.3.0-4 -> 1.3.2-1)
    [2011-05-07 12:12] upgraded flashplugin (10.2.159.1-1 -> 10.2.159.1-2)
    [2011-05-07 12:12] upgraded gcc (4.6.0-3 -> 4.6.0-4)
    [2011-05-07 12:12] upgraded git (1.7.5-1 -> 1.7.5.1-1)
    [2011-05-07 12:12] upgraded libtool (2.4-2 -> 2.4-3)
    [2011-05-07 12:12] upgraded imagemagick (6.6.9.4-1 -> 6.6.9.8-1)
    [2011-05-07 12:12] upgraded pciutils (3.1.7-3 -> 3.1.7-4)
    [2011-05-07 12:12] upgraded udev (167-1 -> 167-2)
    [2011-05-07 12:12] warning: /etc/rc.conf installed as /etc/rc.conf.pacnew
    [2011-05-07 12:12] upgraded initscripts (2011.02.1-1 -> 2011.04.1-2)
    [2011-05-07 12:12] warning: /etc/mkinitcpio.conf installed as /etc/mkinitcpio.conf.pacnew
    [2011-05-07 12:12] upgraded mkinitcpio (0.6.8-2 -> 0.6.11-1)
    [2011-05-07 12:12] >>> Updating module dependencies. Please wait ...
    [2011-05-07 12:12] >>> MKINITCPIO SETUP
    [2011-05-07 12:12] >>> ----------------
    [2011-05-07 12:12] >>> If you use LVM2, Encrypted root or software RAID,
    [2011-05-07 12:12] >>> Ensure you enable support in /etc/mkinitcpio.conf .
    [2011-05-07 12:12] >>> More information about mkinitcpio setup can be found here:
    [2011-05-07 12:12] >>> [url]http://wiki.archlinux.org/index.php/Mkinitcpio[/url]
    [2011-05-07 12:12]
    [2011-05-07 12:12] >>> Generating initial ramdisk, using mkinitcpio. Please wait...
    [2011-05-07 12:12] ==> Building image "default"
    [2011-05-07 12:12] ==> Running command: /sbin/mkinitcpio -k 2.6.38-ARCH -c /etc/mkinitcpio.conf -g /boot/kernel26.img
    [2011-05-07 12:12] :: Begin build
    [2011-05-07 12:12] :: Parsing hook [base]
    [2011-05-07 12:12] :: Parsing hook [udev]
    [2011-05-07 12:12] :: Parsing hook [autodetect]
    [2011-05-07 12:12] :: Parsing hook [pata]
    [2011-05-07 12:12] :: Parsing hook [scsi]
    [2011-05-07 12:12] :: Parsing hook [sata]
    [2011-05-07 12:12] :: Parsing hook [filesystems]
    [2011-05-07 12:12] :: Parsing hook [splashy]
    [2011-05-07 12:12] :: Generating module dependencies
    [2011-05-07 12:12] :: Generating image '/boot/kernel26.img'...SUCCESS
    [2011-05-07 12:12] ==> SUCCESS
    [2011-05-07 12:12] ==> Building image "fallback"
    [2011-05-07 12:12] ==> Running command: /sbin/mkinitcpio -k 2.6.38-ARCH -c /etc/mkinitcpio.conf -g /boot/kernel26-fallback.img -S autodetect
    [2011-05-07 12:12] :: Begin build
    [2011-05-07 12:12] :: Parsing hook [base]
    [2011-05-07 12:12] :: Parsing hook [udev]
    [2011-05-07 12:12] :: Parsing hook [pata]
    [2011-05-07 12:12] :: Parsing hook [scsi]
    [2011-05-07 12:13] :: Parsing hook [sata]
    [2011-05-07 12:13] :: Parsing hook [filesystems]
    [2011-05-07 12:13] :: Parsing hook [splashy]
    [2011-05-07 12:13] :: Generating module dependencies
    [2011-05-07 12:13] :: Generating image '/boot/kernel26-fallback.img'...SUCCESS
    [2011-05-07 12:13] ==> SUCCESS
    [2011-05-07 12:13] upgraded kernel26 (2.6.38.4-1 -> 2.6.38.5-1)
    [2011-05-07 12:13] upgraded libgcrypt (1.4.6-2 -> 1.4.6-3)
    [2011-05-07 12:13] upgraded libidn (1.19-1 -> 1.22-1)
    [2011-05-07 12:13] upgraded libxcb (1.7-1 -> 1.7-2)
    [2011-05-07 12:13] upgraded openssh (5.8p1-1 -> 5.8p2-1)
    [2011-05-07 12:13] upgraded python2-cairo (1.8.10-1 -> 1.10.0-1)
    [2011-05-07 12:13] upgraded qt (4.7.2-6 -> 4.7.3-1)
    [2011-05-07 12:13] >>> The kernel-mode plugin has a new place.
    [2011-05-07 12:13] >>> It's now located under /usr/lib/rp-pppoe/rp-pppoe.so
    [2011-05-07 12:13] >>> Change LINUX_PLUGIN to the new path in your /etc/ppp/pppoe.conf
    [2011-05-07 12:13] upgraded rp-pppoe (3.10-5 -> 3.10-6)
    [2011-05-07 12:13] upgraded rxvt-unicode (9.10-1 -> 9.11-1)
    [2011-05-07 12:13] upgraded sudo (1.8.1-1 -> 1.8.1.p1-1)
    [2011-05-07 12:13] upgraded tzdata (2011e-1 -> 2011g-1)
    [2011-05-07 12:13] upgraded usbutils (002-1 -> 002-2)
    [2011-05-07 12:13] upgraded xfsprogs (3.1.4-1 -> 3.1.5-1)
    Anyone who has any idea?
    Moderator Edit:  Changed 'quote' tags to 'code' tags (ewaller)
    Last edited by ewaller (2011-06-08 15:43:58)

    Same problem here, Splashy is broken, I had to go back with previous mkinitcpio to get it working again.
    Progress bar is frozen, I have to go with CTRL+ALT+F7 to get to my login screen.
    @ ennui : removing the hook in /etc/mkinitcpio.conf and the line SPLASH="splashy" in /etc/rc.conf, then running mkinitcpio -p kernel26 as root should do the job.
    Last edited by whiterabbit (2011-05-31 12:39:11)

  • Mkinitcpio prays there's no "splashy" hook (but splashy IS installed)

    I just followed the wiki page for installing splashy, but there's something not working because it tells me this:
    [root@LTS-Arch ltsmash]# mkinitcpio -p kernel26
    ==> Building image "default"
    ==> Running command: /sbin/mkinitcpio -k 2.6.23-ARCH -c /etc/mkinitcpio.conf -g /boot/kernel26.img
    :: Begin build
    :: Parsing hook [base]
    :: Parsing hook [udev]
    :: Parsing hook [autodetect]
    :: Parsing hook [pata]
    :: Parsing hook [scsi]
    :: Parsing hook [sata]
    :: Parsing hook [usbinput]
    :: Parsing hook [keymap]
    :: Parsing hook [filesystems]
    FATAL: Hook 'splashy' can not be found.
    ==> FAIL
    NOTE: Forget about this crap, i built the package but forgot to install it via pacman xD

    (Apologies for butting in wiclee.)
    The effect is usually caused by trouble with the Segoe UI fonts on your system. Unfortunately it's a bit trickier to deal with on Windows 7 systems than Vista or XP. (The "Vortical" instructions which can fix it for almost all folks on Vista and XP aren't applicable to Windows 7.)
    Try having a look through the following (unfortunately very long) topic. It contains a lot of information on the Windows 7 variants of this, and possible methods for fixing the various Segoe UI-related issues that might be in play:
    iTunes 10.1 Missing Text

  • [SOLVED]Udev: How to easily automount usb/storage devices?...

    Hello there everyone, first time posting here.
    So as for my question, I recently finished up my preferred install for arch but I have just one problem. Can't seem to get Udev working right.
    Before I was using debian with the same Udev automount rules posted in the wiki actually. Then I tried the same ones migrating to arch but they don't seem to work. After searching for my netbook, getting the runaround, then searching for an alternative method and getting the same it's getting kind of annoying. So here I am.
    I'm running Arch with LXDE and all default DE components(PCmanFM, openbox, etc). I don't have HAL installed, only udisks and udev as PnP support. Any help?
    (Also in specific, I was using the second rule in the Udev wiki page. The one with LUKS support)
    (Ah, nevermind is was just a tiny bit of a syntax error. A little bit more googling helped me find the answer)
    Last edited by jjsullivan (2011-02-10 09:03:33)

    v43 wrote:i'll tell you anyway
    my choice was autofs (+hal). no volume managers.
    it works like a charm with thunar (and pcmanfm too).
    Its nice that you told anyway, solved my problem

  • [solved]How to unlock LUKS using keyfile on usbdrive during boot?

    Hi all,
    I would like some advise for booting encrypted partitions using kefiles on a flashdrive. I'm setting up a Intel Atom based homeserver, and and want my data to be encrypted in case the server gets stolen. To save some encryption overhead I prefer to leave root unencrypted and only encrypt /home, and if this works, later on /var, /tmp and swap as well. My plan is to have a keyfile on a flash thumbdrive, and only have the thumbdrive plugged in while booting.
    I have read the dm-crypt wiki page, but it assumes an encrypted root, and this approach won't work in my situation, where only non-root mountpoints are encrypted. If i put 'ASK' in /etc/crypttab I get prompted for the passphrase and the LUKS container unlocks and mounts fine. I can also unlock the LUKS container manually using the keyfile that I created. However when I put the path to the keyfile in /etc/crypttab instead of 'ASK', and let the usbdrive automount using an udev rule the unlock at boot fails. It seems that my udev rule is only executed when I plug in a drive after booting, not when it is already plugged in during boot. How would I accomplish this? Mount it with fstab and automatically unmount it after booting, or some entirely different way?
    my /etc/fstab:
    none /dev/pts devpts defaults 0 0
    none /dev/shm tmpfs defaults 0 0
    /dev/sda1 / ext4 defaults 0 1
    /dev/sda2 swap swap defaults 0 0
    /dev/mapper/home /home ext4 defaults 0 1
    /etc/crypttab:
    home /dev/sda3 /media/usbhd-sdc1/keyfiles/arch_server_-_home.key
    /etc/udev/rules.d/01.usbdrive_automount.rules (sdb is a second, currently unused harddisk):
    KERNEL=="sd[b-z]", NAME:="%k", SYMLINK+="usbhd-%k", GROUP:="users", OPTIONS="last_rule"
    ACTION=="add", KERNEL=="sd[c-z][0-9]", SYMLINK+="usbhd-%k", GROUP:="users", NAME:="%k"
    ACTION=="add", KERNEL=="sd[c-z][0-9]", RUN+="/bin/mkdir -p /media/usbhd-%k"
    ACTION=="add", KERNEL=="sd[c-z][0-9]", PROGRAM=="/sbin/blkid -t %N", RESULT=="vfat", RUN+="/bin/mount -t vfat -o rw,noauto,flush,dirsync,noexec,nodev,noatime,dmask=000,fmask=111 /dev/%k /media/usbhd-%k", OPTIONS="last_rule"
    ACTION=="add", KERNEL=="sd[c-z][0-9]", RUN+="/bin/mount -t auto -o rw,noauto,async,dirsync,noexec,nodev,noatime /dev/%k /media/usbhd-%k", OPTIONS="last_rule"
    ACTION=="remove", KERNEL=="sd[c-z][0-9]", RUN+="/bin/umount -l /media/usbhd-%k"
    ACTION=="remove", KERNEL=="sd[c-z][0-9]", RUN+="/bin/rmdir /media/usbhd-%k", OPTIONS="last_rule"
    <edit>
    Okay I have found a solution. The trick was to make sure the usbstick gets mounted first, so the keyfile is available for the unlocking/mounting during boot. To do so I have added 'usb' to the hooks line in /etc/mkinitcpio.conf and recompiled the initramfs as described in the wiki link above.
    Next I changed my /etc/udev/rules.d/01.usbdrive_automount.rules a little so that the mountpoint of the usbdrive stays after unplugging it:
    KERNEL=="sd[b-z]", NAME:="%k", SYMLINK+="usbhd-%k", GROUP:="users", OPTIONS="last_rule"
    ACTION=="add", KERNEL=="sd[c-z][0-9]", SYMLINK+="usbhd-%k", GROUP:="users", NAME:="%k"
    ACTION=="add", KERNEL=="sd[c-z][0-9]", RUN+="/bin/mkdir -p /media/usbhd-%k"
    ACTION=="add", KERNEL=="sd[c-z][0-9]", PROGRAM=="/sbin/blkid -t %N", RESULT=="vfat", RUN+="/bin/mount -t vfat -o rw,noauto,flush,dirsync,noexec,nodev,noatime,dmask=000,fmask=111 /dev/%k /media/usbhd-%k", OPTIONS="last_rule"
    ACTION=="add", KERNEL=="sd[c-z][0-9]", RUN+="/bin/mount -t auto -o rw,noauto,async,dirsync,noexec,nodev,noatime /dev/%k /media/usbhd-%k", OPTIONS="last_rule"
    ACTION=="remove", KERNEL=="sd[c-z][0-9]", RUN+="/bin/umount -l /media/usbhd-%k", OPTIONS="last_rule"
    #ACTION=="remove", KERNEL=="sd[c-z][0-9]", RUN+="/bin/umount -l /media/usbhd-%k"
    #ACTION=="remove", KERNEL=="sd[c-z][0-9]", RUN+="/bin/rmdir /media/usbhd-%k", OPTIONS="last_rule"
    /etc/fstab:
    The usbdrive is put above the encrypted partition to make it get mounted first:
    none /dev/pts devpts defaults 0 0
    none /dev/shm tmpfs defaults 0 0
    /dev/sdc1 /media/usbhd-sdc1 ext2 defaults 0 0
    /dev/sda1 / ext4 defaults 0 1
    /dev/sda2 swap swap defaults 0 0
    /dev/mapper/home /home ext4 defaults 0 1
    /etc/crypttab:
    home /dev/sda3 /media/usbhd-sdc1/keyfiles/arch_server_-_luks.key
    So now I plug in the flashdrive, turn on the server, unplug the flashdrive and udev automatically unmounts the flashdrive while leaving the mountpoint /media/usbhd-sdc1 for the next boot.
    </edit>
    Last edited by rwd (2009-12-04 19:36:14)

    graysky wrote:@ratcheer - You can try now if it's a major pain in the balls by enabling [testing] and using the updated linux package.
    If you do enable testing make sure you aren't like myself: I'm not competent enough to enable testing..
    Edit:
    To elaborate a bit.  If you enable testing and then just do a "pacman -Syu" then you are going to pull in all sorts of packages you may not want and it may be complicated to get rid of later.  To avoid this I would enable testing, do this:
    sudo pacman -Syy
    sudo pacman -S testing/linux
    So it would pull in the absolute minimum that I wanted from testing.  Then I would disable the testing repository and pacman -Syy again.  That would convert the new linux package and packages it requires to manual packages.  E.g. they would be shown under "pacman -Qm"
    Because once you start pulling packages in from testing it is almost a one-way street.  As I instructed above, that is my gross understanding.  I don't use testing at all, it is supposed to be used if you are actively testing Arch and providing feedback while doing so.
    Last edited by headkase (2012-10-03 01:51:51)

  • [Solved] Silent LUKS boot

    [Synopsis] Create a hook as shown below to silence the kernel.
    I'd like to have a truly silent boot as in the Wiki but it only seems to address the login prompt.
    I would also like to get rid of the (USB) boot messages pollution of the the LUKS password prompt for my encrypted root. Is there some configuration of the initramfs required to accomplish this? If so, what exactly would that be?
    I should add that I boot the STUB EFI kernel so there's no bootloader as such.
    Last edited by KairiTech (2013-12-14 01:27:52)

    I created the hook shown below to silence the kernel and now the LUKS prompt is clean.
    /usr/lib/initcpio/hooks/hushkernel
    #!/usr/bin/ash
    # https://bbs.archlinux.org/viewtopic.php?pid=1312342#p1312342
    run_hook() {
    # http://unix.stackexchange.com/questions/44999/how-can-i-hide-messages-of-udev/45525#45525
    # The four values in printk denote: console_loglevel, default_message_loglevel, minimum_console_loglevel and default_console_loglevel respectively.
    # These values influence printk() behavior when printing or logging error messages. See 'man 2 syslog' for more info on the different loglevels.
    # • console_loglevel: messages with a higher priority than this will be printed to the console
    # • default_message_level: messages without an explicit priority will be printed with this priority
    # • minimum_console_loglevel: minimum (highest) value to which console_loglevel can be set
    # • default_console_loglevel: default value for console_loglevel
    #define KERN_EMERG "<0>" /* system is unusable */
    #define KERN_ALERT "<1>" /* action must be taken immediately */
    #define KERN_CRIT "<2>" /* critical conditions */
    #define KERN_ERR "<3>" /* error conditions */
    #define KERN_WARNING "<4>" /* warning conditions */
    #define KERN_NOTICE "<5>" /* normal but significant condition */
    #define KERN_INFO "<6>" /* informational */
    #define KERN_DEBUG "<7>" /* debug-level messages */
    echo "3 3 3 3" > /proc/sys/kernel/printk
    /usr/lib/initcpio/install/hushkernel
    #!/bin/ash
    build() {
    add_runscript
    help() {
    cat <<HELPEOF
    This hook will suppress kernel messages during the boot LUKS password prompt
    HELPEOF

  • Udev still recommended?

    Hello guys,
    what's the right way to have access to removable devices such as usb devices since udev seems not to work in the way I was used to as it is written in the wiki down here?
    I'm using dwm with simply coreutils in xterm and for some cases vifm as a term-based filemanager. So there's no way to do it with hal and a gui-based filemanager.
    So my question, is udev still the right thing to handle this task or are there any other perhaps better solutions?
    Best regards.
    Last edited by orschiro (2010-01-25 23:14:27)

    I guess the warning in the wiki is due to mkinitcpio 0.6 which will remove all the klibc-* stuff. Basically, you have to replace /.../vol_id with /sbin/blkid.
    For example, my updated udev file (mount to /media, use label if available, luks support) looks like this now:
    KERNEL!="sd[a-z]*", GOTO="media_by_label_auto_mount_end"
    ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="media_by_label_auto_mount_end"
    # Open luks partition if necessary
    PROGRAM=="/sbin/blkid -o value -s TYPE %N", RESULT=="crypto_LUKS", ENV{crypto}="mapper/", ENV{device}="/dev/mapper/%k"
    ENV{crypto}!="?*", ENV{device}="%N"
    ACTION=="add", ENV{crypto}=="?*", PROGRAM=="/usr/bin/xterm -display :0.0 -e 'echo Password for /dev/%k; /usr/sbin/cryptsetup luksOpen %N %k'"
    ACTION=="add", ENV{crypto}=="?*", TEST!="/dev/mapper/%k", GOTO="media_by_label_auto_mount_end"
    # Global mount options
    ACTION=="add", ENV{mount_options}="noatime,users"
    # Filesystem specific options
    ACTION=="add", PROGRAM=="/sbin/blkid -o value -s TYPE %E{device}", RESULT=="vfat|ntfs", ENV{mount_options}="%E{mount_options},utf8,gid=100,umask=002"
    # Get label
    ACTION=="add", PROGRAM=="/sbin/blkid -o value -s LABEL %E{device}", ENV{dir_name}="%c"
    # use basename to correctly handle labels such as ../mnt/foo
    ACTION=="add", PROGRAM=="/usr/bin/basename '%E{dir_name}'", ENV{dir_name}="%c"
    ACTION=="add", ENV{dir_name}!="?*", ENV{dir_name}="usbhd-%k"
    ACTION=="add", ENV{dir_name}=="?*", RUN+="/bin/mkdir -p '/media/%E{dir_name}'", RUN+="/bin/mount -o %E{mount_options} /dev/%E{crypto}%k '/media/%E{dir_name}'"
    ACTION=="remove", ENV{dir_name}=="?*", RUN+="/bin/umount -l '/media/%E{dir_name}'", RUN+="/bin/rmdir '/media/%E{dir_name}'"
    ACTION=="remove", ENV{crypto}=="?*", RUN+="/usr/sbin/cryptsetup luksClose %k"
    LABEL="media_by_label_auto_mount_end"
    However, I'm not sure if I should use blkid's cache or not (-p flag)...
    edit:
    Changelog
    20100303
    removed blkid's -p flag as it makes blkid always return the return code 0 even if there is no filesystem on that specifiy device / partition.
    20100205
    updated rules set. see http://bbs.archlinux.org/viewtopic.php? … 73#p702773
    Last edited by xduugu (2010-03-03 10:07:00)

Maybe you are looking for

  • Using AX with Linsys router and WEP security

    I have a Dell Inspiron 700m running XP. I use a Linksys wireless router for internet access. I have configured my AX to connect to the router and, with the WEP security turned off, it worked fine. However, when I turned WEP back on, reset the AX, and

  • Hard reset & tapping the center of the target

    My first problem is I can't find my instructions for my Tungsten E2, so please excuse my inability to use the appropriate words to describe functions, etc. My current problem is that the screen isn't reading my taps from my stylus.  I have tried to r

  • Oracle BI EE "complex" model problem

    Problem - we have 3 tables (star schema) - Sales_fact, Customer and Product - Sales_fact are divided by organizations and contains sales to organization external customers and sales between organisations. In Customer (divided by organization code) ta

  • Non Drop

    I am curious to know, if one of my cameraman has setup his cam in Non drop Frame, can it causes me problem when capturing? JVC 720p GY-HD100U using the JVC deck to capture.

  • Bridge Raw adds a blue color cast to every pic once opened in PS.

    This happens with every picture. Whether I make an edit in bridge raw or just open it in bridge raw.  Once I ask to open the image in photoshop the color cast is added.  Please notice the navigator window image is normal.  I have a new hard drive and