Talk:Rootfs over encrypted lvm

From Funtoo
Revision as of 20:55, November 29, 2020 by Pnoecker (talk | contribs)
Jump to: navigation, search

probably need to setup /etc/conf.d/dmcrypt


from debian 10 vm known working config: mkultra@debian:~$ cat /etc/crypttab sda3_crypt UUID=6c0c8520-4caf-4189-be01-9e94b020959f none luks,discard mkultra@debian:~$ sudo lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 30G 0 disk ├─sda1 8:1 0 512M 0 part /boot/efi ├─sda2 8:2 0 244M 0 part /boot └─sda3 8:3 0 29.3G 0 part

 └─sda3_crypt          254:0    0 29.2G  0 crypt 
   ├─debian--vg-root   254:1    0 25.2G  0 lvm   /
   └─debian--vg-swap_1 254:2    0    4G  0 lvm   [SWAP]

mkultra@debian:~$ sudo blkid [sudo] password for mkultra: /dev/sda1: UUID="CFA9-ECD1" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="e0187031-4396-43e5-9fe0-a5dbf640792a" /dev/sda2: UUID="c8055dcc-11b8-400a-99ec-f6bdf9deb065" BLOCK_SIZE="1024" TYPE="ext2" PARTUUID="587f27f6-0ef7-4074-bc84-9444c4ff8515" /dev/sda3: UUID="6c0c8520-4caf-4189-be01-9e94b020959f" TYPE="crypto_LUKS" PARTUUID="4778e186-a613-4216-82a9-954b329e9446" /dev/mapper/sda3_crypt: UUID="FAYY8S-Ozqi-YDbD-cSIG-PG7B-XNzv-ukCbeA" TYPE="LVM2_member" /dev/mapper/debian--vg-root: UUID="437c29f6-d5a6-40cd-b845-8f8ad59cd917" BLOCK_SIZE="4096" TYPE="ext4" /dev/mapper/debian--vg-swap_1: UUID="ec44168e-e517-4284-bb9c-d8dff4c2a38a" TYPE="swap"

cat /boot/grub/grub.cfg menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-437c29f6-d5a6-40cd-b845-8f8ad59cd917' { load_video insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 set root='hd0,gpt2' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 c8055dcc-11b8-400a-99ec-f6bdf9deb065 else search --no-floppy --fs-uuid --set=root c8055dcc-11b8-400a-99ec-f6bdf9deb065 fi echo 'Loading Linux 5.9.0-3-amd64 ...' linux /vmlinuz-5.9.0-3-amd64 root=/dev/mapper/debian--vg-root ro quiet echo 'Loading initial ramdisk ...' initrd /initrd.img-5.9.0-3-amd64 }

from centos virtual machine known working config:

lsblk says: sda1 type:part /boot/efi sda2 type:part /boot sda3 type:part

  luks-28c13 type:crypt
     cl-root type:lvm /
     cl-swap type:lvm [swap]

grub.cfg set default_kernelopts="root=/dev/mapper/cl-root ro crashkernel=auto resume=/dev/mapper/cl-swap rd.lvm.lv=cl/root rd.luks.uuid=luks-28c13191-etc-f4 rd.lvm.lv=cl/swap rhgb "

/etc/crypttab luks-28c13191-etc-f4 UUID=28c13191-etc-f4 none discard

/etc/fstab says /dev/mapper/cl-root / xfs uuid=omitted /boot uuid=omitted /boot/efi /dev/mapper/cl-swap swap swap

blkid says /dev/mapper/cl-root: type="xfs" /dev/mapper/luks-28c13191 TYPE="LVM2_member" /dev/sda3 TYPE="crypto_LUKS" /dev/sda1 type vfat /dev/sda2 /dev/mapper/cl-swap: TYPE="swap"