[solved] Encrypted root partition decrypts, not recognised on boot

Similar Messages

• [solved] kernel 2.6.27 - open LUKS encrypted root partition fails

  Hi,
  after updating to kernel 2.6.27 the passphrase for my LUKS encrypted root partition does not work anymore.
  I get this error messages:
  Enter LUKS passphrase:
  device-mapper: table: 254:0 crypt: Error allocating crypto tfm
  device-mapper: ioctl: error adding target to table
  device-mapper: ioctl: device doesn't appear to be in the dev hash table.
  Command failed: No key available with this passphrase.
  Enter LUKS passphrase:
  With a old (2.6.25) vanilla kernel it works.
  any ideas?
  EDIT
  Solved.
  The Problem was that I had this line in my mkinitcpio.conf to get rid of the padlock-error-message at boot.
  #CRYPTO_MODULES="aes_i586 aes_generic sha256_generic"
  With kernel 2.6.27 there are new / more modules needed to open the LUKS encryptet root partition.
  So I removed the line from mkinitcpio.conf and deletet the padlock modules in /lib/modules/2.6.27-ARCH before regenarating the initrd image.
  Thanks to GerBra for the tip.
  Last edited by SiD (2008-10-22 11:41:56)

  I'm not shure, but think ... yes.

• [SOLVED] Encrypted root on USB drive problem

  Hi,
  I have encrypted root on external USB harddrive. On one machine it works just fine, LUKS ask for password and system starts.
  On second it does not work. I tryed nearly all possible combinations of modules and hooks. I can also access my usb drive if I use break=y. I am using current kernel & utils, I definitely use right paths...
  Machine is an Dell with Intel chipset. My USB drive is like this:
    /dev/sdb1 - big fat32
    /dev/sdb2 - ext2 boot with Grub, kernel and initrd image
    /dev/sdb3 - root fs, reiserfs encrypted with LUKS
  I made little debuging and it seems that encrypt hook was launched, but did not make anything. Before I digg deeper I wonder that someone had same problem, or can give me advice.
  Kernel panic screenshot:
  PS: how can I put busybox to initrd image? echo * sucks.
  Thanks
  Last edited by Trained.Monkey (2007-10-10 09:42:13)

  I solved, problem is that encrypt is running BEFORE usb drive is fully initialized. Encrypted partition is not found and not used.
  Solotion:
  put sleep 5 at beggining of encrypt hook. You must also add sleep binary at installer.

• [SOLVED] Encrypted root, /boot on USB, cryptkey issue

  Well to the topic. Followed this guide.
  Usb flash drive with GRUB and a keyfile on it. Encrypted root.
  grub.cfg
  linux /vmlinuz-linux root=UUID=<uuid> ro cryptdevice=/dev/disk/by-id/<id>:luks cryptkey=/dev/disk/by-uuid/<uuid>:ext2:/key ipv6.disable=1 quiet
  echo 'Loading initial ramdisk ...'
  initrd /initramfs-linux.img
  mkinitcpio.conf
  MODULES="ata_generic ata_piix nls_cp437 ext2 i915"
  HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck consolefont"
  Result: "Meh can't read a keyfile. Please input a passphrase om nom nom."
  Tried:
  1. Quadruple-checked UUID's, used /dev/sdX instead of them.
  2. Using different modules, like nls_utf8, removing ata_* stuff.
  3. Playing with <path> and <keyfile> strings, slashes, e t c.
  4. A barrel roll.
  Is it actually possible to make that filesystem key reading work? If not, how can I get physical offset of keyfile in a filesystem?
  UPDATE:
  Trouble in device detection speed. Any other usb media get's recognized instantly, while the one I booted from is slow like hell.
  Last edited by wfoojjaec (2013-08-14 14:37:11)

  Marked as solved.
  It seems that origin of a bug was somewhere in a kernel. After a recent update, done today of a 'linux' package a /boot usb device is properly recognized after about 5 seconds passed from poweron (instead of a full initialization at ~270 sec and hanging udev before).
  A hack with fstab & noauto is not required now. <_<

• External HD not recognised upon boot up

  I have been using a LaCie Ext HD for years. The back up software is Super Duper which has been working fine.
  Recently when booting up, neither the installed LaCie device nor the BackUp icon is opened.
  I have tried unplugging and rebooting etc but nothing seems to work.
  Any suggestions from you experts out there please.

  OK. Mine is MacMini OS 10.4.11 (not Intel)
  Am booting from my Mini. Ext device is not loading.
  LaCie BackUp is supposedly Bootable.
  Connection is by Firewire. I really do not know what Port.
  Following your post have tried shutting down and re-booting holding down Key O (thinks, should I have read 'ZERO'?).
  Booted up with usual desk top (No LaCie) Checked in Preferences and confirmed SU disc is the Mac OS10.
  Here's hoping.
  NN.

• Issues with installing and booting encrypted root partition.

  Hello all,
  I am trying to install ArchLinux using the guide here:
  http://wiki.archlinux.org/index.php/LUKS_Encrypted_Root
  It all works fine until the very end when it comes to booting the system, The thing is that my method varies slightly from what is in the file.
  I am having my /boot on my usb drive, I also have my keys on my usb drive albeit on a different partition.
  I put into the menu.lst file:
  root (hd1,0)
  kernel /vmlinuz26 root=/dev/sda1 root ro cryptkey=/dev/sdb3:vfat:/sda1.key
  initrd /kernel26.img
  Everytime I try to boot I get the following error:
  Booting 'Arch Linux'
  root (hd1,0)
  kernel /vmlinuz26 root=/dev/sda1 root ro cryptkey=/dev/sdb3:vfat:/sda1.key
  Error 17: Cannot mount selected partition
  Press any key to continue
  I really hope someone here can help me.
  Thanks allot
  Last edited by constant (2009-03-16 15:28:26)

  OK thanks allot, Your correct my /boot is on /dev/sdb1. Through trial and error I found root(hd0,0) worked for me although I now get another error where it is just not booting, http://wiki.archlinux.org/index.php/Ins … _a_USB_key for those who have this issue in the future...
  As forum etiquette goes, Would it be considered bad here if I continued to discuss new issues in this thread or should I create a new one? I am not a leach nor am I the sort to do no research, It is just that some of this is a bit out of my area and often the errors to me seem rather non-descriptive, I do try my best to research for myself however as proven above I do miss things!
  Thanks allot zyghom, I really appreciate the help.
  Last edited by constant (2009-03-16 17:02:28)

• Windows partition will not open using Boot Camp on iMac 10.9.5

  OS:  27" desktop iMac, Maverick 10.9.5, 8 GB RAM
  HD Partions:  iMac OS X, Windows 7,  Boot Camp
  For some unknown reason I am having problems getting Windows 7 to open after starting up in Boot Camp, and it's getting progressively worse. After starting Boot Camp I select the Windows 7 partition and either click on that icon or press "Return/Enter". This is where everything freezes and I have to shut down and reboot again into Boot Camp to try again. Sometimes it works, other times not. I've already tried 8 times tonight but can't get into the Windows 7 partition. The OS X partition and everything else is working fine and I have all of my updates.
  Any help or suggestions is greatly appreciated.
  Thanks,
  Dennis

  I am trying to boot into an existing W7. When I turned on the computer this morning I booted straight into Boot Camp and then successfully went into W7 with no problems, never going into the OS X partition. I later rebooted straight into OS X (the default startup) and read your comments.
  I entered the four lines of commands you suggested in Terminal and this is what I got...
  dennisetonsimac:~ denedg$
  dennisetonsimac:~ denedg$ diskutil list
  /dev/disk0
     #:                       TYPE NAME                    SIZE       IDENTIFIER
     0:      GUID_partition_scheme                        *1.0 TB     disk0
     1:                        EFI EFI                     209.7 MB   disk0s1
     2:                  Apple_HFS Macintosh HD            837.0 GB   disk0s2
     3:                 Apple_Boot Recovery HD             650.0 MB   disk0s3
     4:       Microsoft Basic Data BOOTCAMP                162.3 GB   disk0s4
  /dev/disk1
     #:                       TYPE NAME                    SIZE       IDENTIFIER
     0:     FDisk_partition_scheme                        *500.1 GB   disk1
     1:               Windows_NTFS FreeAgent GoFlex Drive  500.1 GB   disk1s1
  /dev/disk2
     #:                       TYPE NAME                    SIZE       IDENTIFIER
     0:      GUID_partition_scheme                        *500.1 GB   disk2
     1:                        EFI EFI                     209.7 MB   disk2s1
     2:                  Apple_HFS Time Machine Backups    499.8 GB   disk2s2
  dennisetonsimac:~ denedg$
  dennisetonsimac:~ denedg$ diskutil cs list
  No CoreStorage logical volume groups found
  dennisetonsimac:~ denedg$ sudo gpt -vv -r show /dev/disk0
  WARNING: Improper use of the sudo command could lead to data loss
  or the deletion of important system files. Please double-check your
  typing when using sudo. Type "man sudo" for more information.
  To proceed, enter your password, or type Ctrl-C to abort.
  Password:
  Sorry, try again.
  Password:
  gpt show: /dev/disk0: mediasize=1000204886016; sectorsize=512; blocks=1953525168
  gpt show: /dev/disk0: Suspicious MBR at sector 0
  gpt show: /dev/disk0: Pri GPT at sector 1
  gpt show: /dev/disk0: Sec GPT at sector 1953525167
         start        size  index  contents
             0           1         MBR
             1           1         Pri GPT header
             2          32         Pri GPT table
            34           6        
            40      409600      1  GPT part - C12A7328-F81F-11D2-BA4B-00A0C93EC93B
        409640  1634773168      2  GPT part - 48465300-0000-11AA-AA11-00306543ECAC
    1635182808     1269544      3  GPT part - 426F6F74-0000-11AA-AA11-00306543ECAC
    1636452352   317071360      4  GPT part - EBD0A0A2-B9E5-4433-87C0-68B6B72699C7
    1953523712        1423        
    1953525135          32         Sec GPT table
    1953525167           1         Sec GPT header
  dennisetonsimac:~ denedg$ sudo fdisk /dev/disk0
  Password:
  Sorry, try again.
  Password:
  Disk: /dev/disk0 geometry: 121601/255/63 [1953525168 sectors]
  Signature: 0xAA55
           Starting       Ending
  #: id  cyl  hd sec -  cyl  hd sec [     start -       size]
  1: EE 1023 254  63 - 1023 254  63 [         1 -     409639] <Unknown ID>
  2: AF 1023 254  63 - 1023 254  63 [    409640 - 1634773168] HFS+       
  3: AB 1023 254  63 - 1023 254  63 [1635182808 -    1269544] Darwin Boot
  *4: 07 1023 254  63 - 1023 254  63 [1636452352 -  317071360] HPFS/QNX/AUX
  dennisetonsimac:~ denedg$

• [SOLVED (mysteriously)] Arch on USB not recognized during boot

  Hi there,
  I hope, someone can help me with my problem, I have been searching and trying different things for quite some time now, without success.
  I treated myself a new Notebook, Acer Aspire S7 and wanted to run Arch on it. However I am new to Linux and want to try it out on an USB-Stick, to keep the factory install of Win8 intact. (Also, this notebook does not have such a great HDD capacity) Additionally I want to have full disk encryption.
  So I followed the Beginner's Guide with modifications described here and here
  When it came to install the bootloader I chose Grub for EFI.
  I then removed the USB-Stick with the live-Arch, which I used for installation and rebooted and it worked!
  However: As soon as I completely shut down and boot again, the USB-Stick with my installation is no longer recognized. If i boot the live-Arch again, reinstall Grub and then reboot, it again works.
  Here is something, I found strange. This is the output of efibootmgr:
  BootCurrent: 0000
  Timeout: 0 seconds
  BootOrder: 2001,0003,0002,2002,2003
  Boot0000* USB HDD: KingstonDataTraveler 2.0
  Boot0001* Intel HDD0
  Boot0002* Windows Boot Manager
  Boot0003* arch_grub
  Boot2001* EFI USB Device
  Boot2002* EFI DVD/CDROM
  Boot2003* EFI Network
  BootCurrent is 0000, but that number does not appear in the Boot-Order list. Could that be something?
  Well, I hope someone has an idea. I will happily share any information about my setup with you, just ask.
  Thanks,
  Max
  Last edited by MaxT (2014-04-07 08:35:20)

  Sorry for digging that threat up again. I just wanted to share with you the solution to the problem I was having. Perhaps it will save someone else some frustration.
  The Acer Aspire S7 has a dongle that goes in the display port and provides an ethernet and an VGA port. It was that dongle that prevented the USB stick with the Arch installation from being recognized. Done attached -> USB stick was ignored, dongle detached -> it worked.
  I have no idea, why that is the case, but maybe this info is helpful for someone.
  Cheers,
  Max

• [Solved] Alsa Sound Card Numbering Not Persistant Between Boots

  Hello,
  I'm having trouble with alsa and my multiple sound cards. Sometimes when I boot, I get the following output from "aplay -l"
  **** List of PLAYBACK Hardware Devices ****
  card 0: SB [HDA ATI SB], device 0: ALC889A Analog [ALC889A Analog]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
  card 0: SB [HDA ATI SB], device 1: ALC889A Digital [ALC889A Digital]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
  card 2: Generic [HD-Audio Generic], device 3: HDMI 0 [HDMI 0]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
  However, I also see this after other boots:
  **** List of PLAYBACK Hardware Devices ****
  card 1: SB [HDA ATI SB], device 0: ALC889A Analog [ALC889A Analog]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
  card 1: SB [HDA ATI SB], device 1: ALC889A Digital [ALC889A Digital]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
  card 2: Generic [HD-Audio Generic], device 3: HDMI 0 [HDMI 0]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
  Because the card numbering is not consistant, I'm having a great deal of trouble (if the card is 0, then I don't need an asoundrc, but if it's 1, I do). It also breaks my volume panel applet for the alsa card number to often change (volumeicon - from the AUR). Is there a way to force a certain device to always be card number 0?
  Thanks for any help.
  -Sean
  Last edited by szim90 (2012-01-15 02:01:54)

  Thank you for your response, karol.
  I ran 'udevadm info -a -p /sys/class/sound/card1/' as was able to get the following information:
  looking at device '/devices/pci0000:00/0000:00:14.2/sound/card1':
  KERNEL=="card1"
  SUBSYSTEM=="sound"
  DRIVER==""
  ATTR{id}=="SB"
  ATTR{number}=="1"
  looking at parent device '/devices/pci0000:00/0000:00:14.2':
  KERNELS=="0000:00:14.2"
  SUBSYSTEMS=="pci"
  DRIVERS=="snd_hda_intel"
  ATTRS{vendor}=="0x1002"
  ATTRS{device}=="0x4383"
  ATTRS{subsystem_vendor}=="0x1458"
  ATTRS{subsystem_device}=="0xa102"
  ATTRS{class}=="0x040300"
  ATTRS{irq}=="16"
  ATTRS{local_cpus}=="00000000,0000000f"
  ATTRS{local_cpulist}=="0-3"
  ATTRS{numa_node}=="0"
  ATTRS{dma_mask_bits}=="64"
  ATTRS{consistent_dma_mask_bits}=="64"
  ATTRS{broken_parity_status}=="0"
  ATTRS{msi_bus}==""
  looking at parent device '/devices/pci0000:00':
  KERNELS=="pci0000:00"
  SUBSYSTEMS==""
  DRIVERS==""
  I'm completely new to writing udev rules; would the proper procedure be to write something like this:
  DEVPATH=="/devices/pci0000:00/0000:00:14.2/sound/card*" ATTRS{number}="0"
  or will that happen too late in the boot process (after the card has already been assigned a number)?
  Perhaps it would be easier to work through alsa itself? I know I can get sound consistantly by calling out the card in asoundrc:
  pcm.!default { type hw card SB }
  ctl.!default { type hw card SB }
  But this seems to disable dmix (software mixing). Is there a way to re-enable dmix from the asoundrc (and would that be easier than trying to work in udev)?
  Regards,
  Sean

• [SOLVED] PCMCIA CF card is not available on boot

  Hi,
  I'm newbie here and have one big problem with Arch
  I have big (16 gb) CF card and CF->PCMCIA adapter.
  But here is a problem - card has not been detected on boot until I reinsert it after boot is finished.
  Can anybody advice me how to fix it?
  Archlinux is freshly updated with latest packages and kernel.
  Last edited by LocDog (2009-05-31 14:17:01)

  Add ide-cs to MODULES in /etc/mkinitcpio.conf and rebuild the image with mkinitcpio -p kernel26,

• [PPC] new install fails to boot: root partition not found

  Hi,
  new ArchPPC installation on a iMac G3. It does not boot further than initramfs because root partition is not found. I get something like:
  Root device /dev/sda4 doesn't exist
  Attempting to created it
  ERROR: unable to determine major/minor number of root device /dev/sda4
  then I get a dropbox recovery console but keyboard doesn't work.
  I chroot in the installed system to change mkinicpio pata hook to ide, regenerated initramfs but that didn't help.
  Any guidance to diagnose and solve this issue would be greatly appreciated.

  Hi, sorry I just realized you replied to my thread.
  I don't have my mac at the moment, but I must have done something like :
  - boot the live CD
  - get the output of lsmod
  - copy this output to mkinitcpio.conf (the one that's on your HD), remove the autodetect hook
  - chroot into your HD setup
  - regenerate initramfs
  - update yaboot (is this really mandatory?)
  - exit chroot and reboot.

• Encrypted root fails without udev in initramfs

  I'm trying to decrease my boot time on my new machine. After testing, I found the two biggest time-wasters on my system were Xorg and the initramfs. I can't do much about X, because I'm by no means highly skilled with code and I'd rather not use my inexpert skills to dissect and strip the Xorg binary. My focus, therefore, has been on removing udev from the initramfs to make it load faster.
  I have tried this before, manually specifying the drivers and modules I need in the MODULES array and removing all hooks except base, encrypt, and fsck. My root partition is encrypted, but I may not even need the encrypt hook since I specify the dm_crypt and cryptsetup module/binary in the proper arrays. When I try and boot this, however, it hangs and then drops me to a prompt with the error "/dev/mapper/root not found." Here is my mkinitcpio.conf:
  # vim:set ft=sh
  # MODULES
  # The following modules are loaded before any boot hooks are
  # run. Advanced users may wish to specify all system modules
  # in this array. For instance:
  # MODULES="piix ide_disk reiserfs"
  MODULES="sd_mod ata_piix jfs dm_crypt"
  # BINARIES
  # This setting includes any additional binaries a given user may
  # wish into the CPIO image. This is run last, so it may be used to
  # override the actual binaries included by a given hook
  # BINARIES are dependency parsed, so you may safely ignore libraries
  BINARIES="fsck.jfs fsck cryptsetup"
  # FILES
  # This setting is similar to BINARIES above, however, files are added
  # as-is and are not parsed in any way. This is useful for config files.
  FILES=""
  # HOOKS
  # This is the most important setting in this file. The HOOKS control the
  # modules and scripts added to the image, and what happens at boot time.
  # Order is important, and it is recommended that you do not change the
  # order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for
  # help on a given hook.
  # 'base' is _required_ unless you know precisely what you are doing.
  # 'udev' is _required_ in order to automatically load modules
  # 'filesystems' is _required_ unless you specify your fs modules in MODULES
  # Examples:
  ## This setup specifies all modules in the MODULES setting above.
  ## No raid, lvm2, or encrypted root is needed.
  # HOOKS="base"
  ## This setup will autodetect all modules for your system and should
  ## work as a sane default
  # HOOKS="base udev autodetect block filesystems"
  ## This setup will generate a 'full' image which supports most systems.
  ## No autodetection is done.
  # HOOKS="base udev block filesystems"
  ## This setup assembles a pata mdadm array with an encrypted root FS.
  ## Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
  # HOOKS="base udev block mdadm encrypt filesystems"
  ## This setup loads an lvm2 volume group on a usb device.
  # HOOKS="base udev block lvm2 filesystems"
  ## NOTE: If you have /usr on a separate partition, you MUST include the
  # usr, fsck and shutdown hooks.
  HOOKS="base udev modconf keyboard encrypt fsck"
  # COMPRESSION
  # Use this to compress the initramfs image. By default, gzip compression
  # is used. Use 'cat' to create an uncompressed image.
  #COMPRESSION="gzip"
  #COMPRESSION="bzip2"
  #COMPRESSION="lzma"
  #COMPRESSION="xz"
  #COMPRESSION="lzop"
  COMPRESSION="cat"
  # COMPRESSION_OPTIONS
  # Additional options for the compressor
  #COMPRESSION_OPTIONS=""
  I'm assuming udev is needed to scan for the root device and/or find the encrypted partition for cryptsetup to unlock. Is there a way around this? I'd like to cut out udev, as it is the biggest time hog within initramfs.
  I heard something about static /dev folders, but I'm not entirely sure how to go about setting that up or if it will work with an encrypted root...
  EDIT:
  I looked more closely at the initramfs shell on my latest test. Without udev, the /dev folder is still populated with my drive partitions and cryptsetup (when run manually from within initramfs) will unlock my root partition just fine. It seems to me that cryptsetup is failing to run initially for some reason. Thoughts?
  Last edited by ParanoidAndroid (2013-06-18 21:51:11)

  The encrypt hook requires the udev hook.  If you had taken a look at the actual install file for the encrypt mkinitpcio hook, you would have seen that it functions by pulling in a few udev rules which are activated when the init script calles "udevadm trigger".  If you want your initramfs to decrypt your filesystem without udev, you are going to have to write your own hook.
  As a side note, I have tried using mdadm vs mdadm_udev, as well as udev vs no-udev/btrfs in my initramfs, and having udev is always faster.  I think if you are so concerned about boot time, the best way to do that is to use a mush more simplified set up.  But since you use encryption, it would seem that security must have some signifigance to you, so that may not be an option.  You have to understand that the time spend in the initramfs also includes the time it takes for you to enter your password to decrypt your partition (if you use a password). 
  One non-obvious thing you can do to potentially speed up your initramfs load time is to not compress it.  As far as compression is concerned, lzo is the fastest, and 3.9 brought some not insignifigant speed improvments.  But having it just read the whole thing uncompressed I have foudn to be consistently faster.
  Really though, I think the whole idea of speeding up boot time is not really something worth pursuing unless you have something that is making it horribly slow. What kind of time is systemd-analyze repotying anyway?  (BTW, systemd-analyze is not really a true representation of experienced boot time as it only records time it takes to get to userspace, which is not what most people think it is)

• Latest Initrd not recognising USB storage devices?

  Just installed 2.6.30 with all the necessary files. Everything seemed fine, except for one thing: my external USB hard drive is no longer recognised on boot. Here is my fstab and my mkinitcpio.conf.
  # /etc/fstab: static file system information
  # <file system> <dir> <type> <options> <dump> <pass>
  none /dev/pts devpts defaults 0 0
  none /dev/shm tmpfs rw,noexec,nosuid 0 0
  #/dev/cdrom /media/cd auto ro,user,noauto,unhide 0 0
  #/dev/dvd /media/dvd auto ro,user,noauto,unhide 0 0
  #/dev/fd0 /media/fl auto user,noauto 0 0
  UUID=139cf76d-425a-4c40-a5b1-bbbf22533d9a /boot ext4 defaults 0 1
  UUID=4eddd177-23f6-49ab-a8ad-d3e1303133e0 / ext4 defaults 0 1
  UUID=ED83-B8D4 /media/flash vfat rw,user,noauto 0 0
  #UUID=ac46c6ae-d9eb-47d4-809b-19a2484b3133 /iomega ext4 rw,noexec,nosuid 0 1
  UUID=ac46c6ae-d9eb-47d4-809b-19a2484b3133 /media/iomega ext4 rw,user,noauto 0 0
  UUID=da9e741f-3525-47c6-8c7f-edf1ded00e7a swap swap defaults 0 0
  As you can see from this, I originally had my external usb drive mounted on /iomega @ boot. However, since that no longer works, I have changed it to /media/iomega and let HAL mount it automatically when I fire up GNOME (the same way I have my flash drive set up). I used the original line with 2.6.29 with no problems.
  The strange thing is, the device is there, because, when it fails, I go into single user mode, remount / read-write and then run mount -a and the device appears with no errors. If I change the line so it doesn't do an fsck on boot, it doesn't mount the device, but I do get an error saying the device is not there. I can then mount it manually at the command prompt.
  The device is shown in /etc/blkid.tab and in /dev/disk/by-uuid.
  # vim:set ft=sh
  # MODULES
  # The following modules are loaded before any boot hooks are
  # run. Advanced users may wish to specify all system modules
  # in this array. For instance:
  # MODULES="piix ide_disk reiserfs"
  MODULES=""
  # BINARIES
  # This setting includes, into the CPIO image, and additional
  # binaries a given user may wish. This is run first, so may
  # be used to override the actual binaries used in a given hook.
  # (Existing files are NOT overwritten is already added)
  # BINARIES are dependancy parsed, so you may safely ignore libraries
  BINARIES=""
  # FILES
  # This setting is similar to BINARIES above, however, files are added
  # as-is and are not parsed in anyway. This is useful for config files.
  # Some users may wish to include modprobe.conf for custom module options,
  # like so:
  # FILES="/etc/modprobe.conf"
  FILES=""
  # HOOKS
  # This is the most important setting in this file. The HOOKS control the
  # modules and scripts added to the image, and what happens at boot time.
  # Order is important, and it is recommended that you do not change the
  # order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for
  # help on a given hook.
  # 'base' is _required_ unless you know precisely what you are doing.
  # 'udev' is _required_ in order to automatically load modules
  # 'modload' may be used in place of 'udev', but is not recommended
  # 'filesystems' is _required_ unless you specify your fs modules in MODULES
  # Examples:
  # This setup specifies all modules in the MODULES setting above.
  # No raid, lvm2, or encrypted root is needed.
  # HOOKS="base"
  # This setup will autodetect all modules for your system and should
  # work as a sane default
  # HOOKS="base udev autodetect pata scsi sata filesystems"
  # This is identical to the above, except the old ide subsystem is
  # used for IDE devices instead of the new pata subsystem.
  # HOOKS="base udev autodetect ide scsi sata filesystems"
  # This setup will generate a 'full' image which supports most systems.
  # No autodetection is done.
  # HOOKS="base udev pata scsi sata usb filesystems"
  # This setup assembles an pata raid array with an encrypted root FS.
  # Note: See 'mkinitcpio -H raid' for more information on raid devices.
  # HOOKS="base udev pata raid encrypt filesystems"
  # This setup loads an lvm2 volume group on a usb device.
  # HOOKS="base udev usb lvm2 filesystems"
  HOOKS="base udev autodetect pata scsi sata usb keymap filesystems"
  # COMPRESSION
  # Use this to compress the initramfs image. With kernels earlier than
  # 2.6.30, only gzip is supported, which is also the default. Newer kernels
  # support gzip, bzip2 and lzma.
  #COMPRESSION="gzip"
  #COMPRESSION="bzip2"
  #COMPRESSION="lzma"
  This is essentially the same as I had it in 2.6.29. I did initially use LZMA, since that gives slightly faster compression & decompression, but changed it back in case it was a timing issue (and rebuilt initrd). No joy. I also tried usbdelay=10 on boot, but again no difference.
  This isn't exactly a "show-stopper", since the device functions normally otherwise and everything else is fine, but it is annoying. I would much rather have this device available automatically on boot, so that it gets checked when the max mount count comes up.

  This was the bug update I received today:
  FS#15282 - [mkinitcpio] Latest initrd not recognising usb storage devices?
  User who did this - Thomas Bächler (brain0)
  You can never rely on external hard drives to show up "in time".
  The difference was that adding the "usb" hook to mkinitcpio used to add a 6 second delay on boot by default, this doesn't happen anymore. I think external drives simply don't belong in fstab, because there's too many possible race conditions. If you insist, you can try to force the usb storage driver to scan for devices sooner after detection, see the delay_use parameter to the usb-storage module.
  You're going to have to modify the delay_use parameter to get it to work. Be prepared for race conditions, though. I didn't bother myself as it wasn't a show stopper for me, so I've advised that it can be closed as a non-bug.
  ETA: usbdelay=10 doesn't work as that flag is apparently no longer recognised for some reason.
  ETTA: I've always used UUID in the fstab because udev can remap devices on boot (I've had fstab not recognising devices because of this).
  In case some people don't know, to see what the uuid for a device is, use the following:
  sudo tune2fs -l <device-name>
  Last edited by jamesbannon (2009-06-28 18:30:23)

• [SOLVED] Encrypted install without LVM

  I always installed my encrypted systems without LVM, on Debian, Ubuntu and openSUSE. Basically my partition scheme is:
  /boot
  /swap
  /home
  I've been trying to run the system for 2 days without success.
  After install+reboot, a password is asked for the "main" disk (configured on /etc/default/grub) and then everything hangs. I press Ctrl+C then after being asked for the root password (and typing it) I can log in and manually mount the other partitions, but no DE can load.
  I'll put my install scheme so you can understand better, and, if requested, I can upload my conf files such as grub, mkinitcpio etc.
  Install process:
  # loadkeys br-abnt2
  # modprobe dm-crypt
  # cfdisk
  After creating all partitions:
  # cryptsetup -c twofish-xts-plain64 -y -s 512 luksFormat /dev/sdaX
  # cryptsetup luksOpen /dev/sdaX cr_sdaX
  # mkfs.ext4 /dev/mapper/cr_sdaX
  # mkswap /dev/mapper/cr_sda3
  # swapon /dev/mapper/cr_sda3
  # mkfs.ext4 /dev/sda1
  # mount /dev/mapper/cr_sda2 /mnt
  # mkdir /mnt/boot
  # mkdir /mnt/home
  # mount /dev/sda1 /mnt/boot
  # mount /dev/mapper/cr_sda4 /mnt/home
  # nano /etc/pacman.d/mirrorlist
  # pacstrap /mnt base base-devel
  # genfstab -L -p /mnt >> /mnt/etc/fstab
  # arch-chroot /mnt
  # nano /etc/locale.gen (same locales as the 1st time)
  # locale-gen
  # nano /etc/locale.conf
  # nano /etc/vconsole.conf (KEYMAP=br-abnt2)
  # ln -s /usr/share/zoneinfo/Brazil/East /etc/localtime
  # mkinitcpio -p linux
  # nano /etc/mkinitcpio.conf
  Now I edit '/etc/mkinitcpio.conf' and add 'keymap' and 'encrypt' to the HOOKS line, right before 'filesystems' and then rebuild the image.
  # echo junior > /etc/hostname
  # passwd
  # pacman -S grub
  # grub-install /dev/sda
  Now, in '/etc/default/grub' I edit the line 'GRUB_CMDLINE_LINUX=”"' to 'GRUB_CMDLINE_LINUX=”cryptdevice=/dev/sda2:main”' then I run:
  # grub-mkconfig -o /boot/grub/grub.cfg
  #exit
  #umount -R /mnt
  #reboot
  Now, after install, the system asks me for the /dev/sda2 password, it says it's clean, than hangs. I press Ctrl+C, it says I can continue/rescue/etc, I type my root password and then mount the other partitions.
  Funny thing is that it can't mount /home and after I mount it manually it tries to continue to boot, but hangs again. Then again I press Ctrl+C and I log in as root. I also isntalled xorg/nvidia/xfce to see if it loads after manually mounting the partitions but no success, I have to start it manually.
  So, if any of you successfuly installed Arch with an encrypted FS w/o a LVM = PLEASE!! HELP!
  Regards.
  Last edited by Amarildo (2013-09-25 17:00:25)

  mr.MikyMaus wrote:Do you have "root=/dev/mapper/cr_sda2" set as a kernel boot parameter?
  Yes, although I think the ro option should be changed to rw:
  GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:cryptroot root=/dev/mapper/cryptroot ro"
  I got to the point where it asks me for the / password and then for /home too, but it hangs there, home is not being mounted nor swap. I'm on the system now but as root and with xfce.
  For some reason I can't upload my files so I post them here.
  PS: The GRUB file (/etc/default/grub) was not posted entirely since I only edited the last line of what's being pasted here.
  GRUB
  GRUB_DEFAULT=0
  GRUB_TIMEOUT=5
  GRUB_DISTRIBUTOR="Arch"
  GRUB_CMDLINE_LINUX_DEFAULT="quiet"
  GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:cryptroot root=/dev/mapper/cryptroot rw"
  mkinitcpio.conf
  # vim:set ft=sh
  # MODULES
  # The following modules are loaded before any boot hooks are
  # run. Advanced users may wish to specify all system modules
  # in this array. For instance:
  # MODULES="piix ide_disk reiserfs"
  MODULES="dm_mod ext4"
  # BINARIES
  # This setting includes any additional binaries a given user may
  # wish into the CPIO image. This is run last, so it may be used to
  # override the actual binaries included by a given hook
  # BINARIES are dependency parsed, so you may safely ignore libraries
  BINARIES=""
  # FILES
  # This setting is similar to BINARIES above, however, files are added
  # as-is and are not parsed in any way. This is useful for config files.
  FILES=""
  # HOOKS
  # This is the most important setting in this file. The HOOKS control the
  # modules and scripts added to the image, and what happens at boot time.
  # Order is important, and it is recommended that you do not change the
  # order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for
  # help on a given hook.
  # 'base' is _required_ unless you know precisely what you are doing.
  # 'udev' is _required_ in order to automatically load modules
  # 'filesystems' is _required_ unless you specify your fs modules in MODULES
  # Examples:
  ## This setup specifies all modules in the MODULES setting above.
  ## No raid, lvm2, or encrypted root is needed.
  # HOOKS="base"
  ## This setup will autodetect all modules for your system and should
  ## work as a sane default
  # HOOKS="base udev autodetect block filesystems"
  ## This setup will generate a 'full' image which supports most systems.
  ## No autodetection is done.
  # HOOKS="base udev block filesystems"
  ## This setup assembles a pata mdadm array with an encrypted root FS.
  ## Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
  # HOOKS="base udev block mdadm encrypt filesystems"
  ## This setup loads an lvm2 volume group on a usb device.
  # HOOKS="base udev block lvm2 filesystems"
  ## NOTE: If you have /usr on a separate partition, you MUST include the
  # usr, fsck and shutdown hooks.
  HOOKS="base udev autodetect modconf block keymap encrypt filesystems keyboard fsck"
  # COMPRESSION
  # Use this to compress the initramfs image. By default, gzip compression
  # is used. Use 'cat' to create an uncompressed image.
  #COMPRESSION="gzip"
  #COMPRESSION="bzip2"
  #COMPRESSION="lzma"
  #COMPRESSION="xz"
  #COMPRESSION="lzop"
  # COMPRESSION_OPTIONS
  # Additional options for the compressor
  #COMPRESSION_OPTIONS=""
  crypttab
  # crypttab: mappings for encrypted partitions
  # Each mapped device will be created in /dev/mapper, so your /etc/fstab
  # should use the /dev/mapper/<name> paths for encrypted devices.
  # The Arch specific syntax has been deprecated, see crypttab(5) for the
  # new supported syntax.
  # NOTE: Do not list your root (/) partition here, it must be set up
  # beforehand by the initramfs (/etc/mkinitcpio.conf).
  # <name> <device> <password> <options>
  home_crypt /dev/mapper/cr_sda4 none luks,allow-discards
  # data1 /dev/hda3 /etc/mypassword2
  # data2 /dev/hda5 /etc/cryptfs.key
  swap_crypt /dev/sda3 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256
  # vol /dev/hdb7 none
  EDIT: Updated my files, but still /home is not being monted
  [root@junior ~]# cryptsetup status /dev/mapper/cryptroot
  /dev/mapper/cryptroot is active and is in use.
  type: LUKS1
  cipher: twofish-xts-plain64
  keysize: 512 bits
  device: /dev/sda2
  offset: 4101 sectors
  size: 125849109 sectors
  mode: read/write
  [root@junior ~]# cryptsetup status /dev/mapper/cr_sda4
  /dev/mapper/cr_sda4 is inactive.
  Last edited by Amarildo (2013-09-25 12:14:38)

• Encrypted root with btrfs

  So I'm trying to set up my system with /dev/sda1 as a 500mb boot partition and /dev/sda2 as a plain dm crypted btrfs partition.
  I've got it all set up and I can chroot into it. Everything is fine except it won't boot into a functional system
  i've installed mkinicpio-btrfs from aur and reran mkinitcpio.
  i can't figure out where the problem is. any ideas?
  FSTAB
  # /etc/fstab: static file system information
  # <file system> <dir> <type> <options> <dump> <pass>
  #### /dev/mapper/btrfs LABEL=btrfs
  ####UUID=78a05d43-f52a-4086-9255-5062e5fcbb94 / btrfs rw,relatime,space_cache,subvol=__active/rootvol 0 0
  #### /dev/mapper/btrfs LABEL=btrfs
  ####UUID=78a05d43-f52a-4086-9255-5062e5fcbb94 /home btrfs rw,relatime,space_cache,subvol=__active/home 0 0
  # /dev/mapper/btrfs LABEL=btrfs
  /dev/mapper/btrfs / btrfs rw,noatime,compress=lzo,discard,autodefrag,inode_cache,subvol=__active/rootvol 0 0
  /dev/sda2 /boot ext2 defaults 0 2
  # /dev/mapper/btrfs LABEL=btrfs
  /dev/mapper/btrfs /home btrfs rw,noatime,compress=lzo,discard,autodefrag,inode_cache,subvol=__active/home 0 0
  # /dev/mapper/btrfs LABEL=btrfs
  /dev/mapper/btrfs /mnt/defvol btrfs rw,noatime,compress=lzo,discard,autodefrag,inode_cache 0 0
  syslinux.cfg
  # Config file for Syslinux -
  # /boot/syslinux/syslinux.cfg
  # Comboot modules:
  # * menu.c32 - provides a text menu
  # * vesamenu.c32 - provides a graphical menu
  # * chain.c32 - chainload MBRs, partition boot sectors, Windows bootloaders
  # * hdt.c32 - hardware detection tool
  # * reboot.c32 - reboots the system
  # To Use: Copy the respective files from /usr/lib/syslinux to /boot/syslinux.
  # If /usr and /boot are on the same file system, symlink the files instead
  # of copying them.
  # If you do not use a menu, a 'boot:' prompt will be shown and the system
  # will boot automatically after 5 seconds.
  # Please review the wiki: https://wiki.archlinux.org/index.php/Syslinux
  # The wiki provides further configuration examples
  DEFAULT arch
  PROMPT 0 # Set to 1 if you always want to display the boot: prompt
  TIMEOUT 50
  # You can create syslinux keymaps with the keytab-lilo tool
  #KBDMAP de.ktl
  # Menu Configuration
  # Either menu.c32 or vesamenu32.c32 must be copied to /boot/syslinux
  UI menu.c32
  #UI vesamenu.c32
  # Refer to http://syslinux.zytor.com/wiki/index.php/Doc/menu
  MENU TITLE Arch Linux
  #MENU BACKGROUND splash.png
  MENU COLOR border 30;44 #40ffffff #a0000000 std
  MENU COLOR title 1;36;44 #9033ccff #a0000000 std
  MENU COLOR sel 7;37;40 #e0ffffff #20ffffff all
  MENU COLOR unsel 37;44 #50ffffff #a0000000 std
  MENU COLOR help 37;40 #c0ffffff #a0000000 std
  MENU COLOR timeout_msg 37;40 #80ffffff #00000000 std
  MENU COLOR timeout 1;37;40 #c0ffffff #00000000 std
  MENU COLOR msg07 37;40 #90ffffff #a0000000 std
  MENU COLOR tabmsg 31;40 #30ffffff #00000000 std
  # boot sections follow
  # TIP: If you want a 1024x768 framebuffer, add "vga=773" to your kernel line.
  LABEL arch
  MENU LABEL Arch Linux
  LINUX ../vmlinuz-linux
  APPEND root=/dev/mapper/btrfs cryptdevice=/dev/sda2:btrfs rw
  INITRD ../initramfs-linux.img
  LABEL archfallback
  MENU LABEL Arch Linux Fallback
  mkinitcpio.conf
  # vim:set ft=sh
  # MODULES
  # The following modules are loaded before any boot hooks are
  # run. Advanced users may wish to specify all system modules
  # in this array. For instance:
  # MODULES="piix ide_disk reiserfs"
  MODULES="crc32c"
  # BINARIES
  # This setting includes any additional binaries a given user may
  # wish into the CPIO image. This is run last, so it may be used to
  # override the actual binaries included by a given hook
  # BINARIES are dependency parsed, so you may safely ignore libraries
  BINARIES=""
  # FILES
  # This setting is similar to BINARIES above, however, files are added
  # as-is and are not parsed in any way. This is useful for config files.
  FILES=""
  # HOOKS
  # This is the most important setting in this file. The HOOKS control the
  # modules and scripts added to the image, and what happens at boot time.
  # Order is important, and it is recommended that you do not change the
  # order in which HOOKS are added. Run 'mkinitcpio -H <hook name>' for
  # help on a given hook.
  # 'base' is _required_ unless you know precisely what you are doing.
  # 'udev' is _required_ in order to automatically load modules
  # 'filesystems' is _required_ unless you specify your fs modules in MODULES
  # Examples:
  ## This setup specifies all modules in the MODULES setting above.
  ## No raid, lvm2, or encrypted root is needed.
  # HOOKS="base"
  ## This setup will autodetect all modules for your system and should
  ## work as a sane default
  # HOOKS="base udev autodetect block filesystems"
  ## This setup will generate a 'full' image which supports most systems.
  ## No autodetection is done.
  # HOOKS="base udev block filesystems"
  ## This setup assembles a pata mdadm array with an encrypted root FS.
  ## Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
  # HOOKS="base udev block mdadm encrypt filesystems"
  ## This setup loads an lvm2 volume group on a usb device.
  # HOOKS="base udev block lvm2 filesystems"
  ## NOTE: If you have /usr on a separate partition, you MUST include the
  # usr, fsck and shutdown hooks.
  HOOKS="base udev autodetect encrypt lvm2 modconf block filesystems keyboard fsck btrfs"
  # COMPRESSION
  # Use this to compress the initramfs image. By default, gzip compression
  # is used. Use 'cat' to create an uncompressed image.
  #COMPRESSION="gzip"
  #COMPRESSION="bzip2"
  #COMPRESSION="lzma"
  #COMPRESSION="xz"
  #COMPRESSION="lzop"
  #COMPRESSION="lz4"
  # COMPRESSION_OPTIONS
  # Additional options for the compressor
  #COMPRESSION_OPTIONS=""
  and this is what happens when i try to boot into it
  http://i.imgur.com/FeaBjvC.jpg
  -- mod edit: read the Forum Etiquette and only post thumbnails http://wiki.archlinux.org/index.php/For … s_and_Code [jwr] --

  falconindy wrote:You're not passing any subvol in your bootloader config.
  thanks that was the problem. it's running perfectly now. it's a great feeling diving into something deep in the command line and accomplishing it. making things work in arch is one of the most satisfying things ever.
  Strongly recommend against mkinitcpio-btrfs, BTW. Its unmaintained, archaic, and unnecessary for most folks. Device assembly can be done entirely with udev.
  so what do i need as far as hooks? just encrypt? or do i still need btrfs?
  and is it going to create problems? i've already done it. does it require a reformat and starting over? can i uninstall mkinitcpio-btrfs and just run mkinitcpio again? or should i just leave it be since it's working?
  edit: added rootflags=subvolume=__active/roovol
  Last edited by risho (2014-09-07 06:29:28)