Guix doesn't boot with LUKS root partition

  • Done
  • quality assurance status badge
Details
4 participants
  • Eric Brown
  • Juraj Hlista
  • Maxim Cournoyer
  • Tobias Geerinckx-Rice
Owner
unassigned
Submitted by
Juraj Hlista
Severity
normal
J
J
Juraj Hlista wrote on 25 May 2021 11:24
(name . bug-guix@gnu.org)(address . bug-guix@gnu.org)
Ch1aeYT9yAXNErcfsR2GW7MQ2tuN-Q5xwJBSfaeJHp018scXt7aJS1ycqZykjhF2RSlf_JteX-uYsxpwJ9bPISZsi-HWpvvhYE6zFGv0vP0=@juraj.me
Hi,

I have Librem 14 (coreboot/seaBIOS) with Samsung 970 Evo Plus 2TB SSD. I installed Guix manually, the disk has MBR partition table and these partitions:

/dev/nvme0n1p1 - 1GB, Linux (83), bootable
/dev/nvme0n1p2 - 1.8TB, Linux (83)

The nvme0n1p1 (/boot) is unencrypted with ext4:
mkfs.ext4 -L system-boot /dev/nvme0n1p1

The nvme0n1p2 (/) is encrypted using LUKS and on top is ext4:
cryptsetup luksFormat /dev/nvme0n1p2
cryptsetup open /dev/nvme0n1p2 luks
mkfs.ext4 -L system-root /dev/mapper/luks

mount LABEL=system-root /mnt
mkdir /mnt/etc /mnt/boot
mount LABEL=system-boot /mnt/boot

herd start cow-store /mnt

The relevant part on /mnt/etc/config.scm:

(bootloader
(bootloader-configuration
(bootloader grub-bootloader)
(target "/dev/nvme0n1")))
(mapped-devices
(list (mapped-device
(source (uuid "..."))
(target "luks")
(type luks-device-mapping))))
(file-systems
(cons* (file-system
(mount-point "/")
(device "/dev/mapper/luks")
(type "ext4")
(dependencies mapped-devices))
%base-file-systems)))

guix system init /mnt/etc/config.scm /mnt

Installation is without any errors. After rebooting grub asks for a password to decrypt LUKS partition, then gives me the boot menu. When I hit enter, the laptop gets stuck, I can't do ctrl+alt+f3,f4... only ctrl+alt+del works.

Attached are pictures from grub.

I also tried to use unencrypted root partition (basically the same as above, but without LUKS) and it works.

Thanks,
J
Attachment: grub1.jpeg
Attachment: grub2.jpeg
T
T
Tobias Geerinckx-Rice wrote on 25 May 2021 13:19
(name . Juraj Hlista)(address . juraj@juraj.me)
87v977m574.fsf@nckx
Juraj,

Juraj Hlista ???
Toggle quote (4 lines)
> mount LABEL=system-root /mnt
> mkdir /mnt/etc /mnt/boot
> mount LABEL=system-boot /mnt/boot

Guix System doesn't support a separate /boot partition. See

I'll leave this bug unmerged with that one until we're sure that's
your only issue:

Toggle quote (3 lines)
> I also tried to use unencrypted root partition (basically the
> same as above, but without LUKS) and it works.

Also with separate /boot? If so, maybe GRUB happens to look in
the wrong right place (/ instead of /boot), or something else is
going on.

Kind regards,

T G-R
-----BEGIN PGP SIGNATURE-----

iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCYKzdLw0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15zYUBAK1/yyxkTv8ibKMLl5sSYOSZjVWm3qht7l2EIAkH
xp/+AQCFH5rT+6vWF2PNYeLybjqpUMqhSdI+LzXV52xsp/bUDg==
=sjiw
-----END PGP SIGNATURE-----

J
J
Juraj Hlista wrote on 25 May 2021 14:12
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)
XXF75OAGklMD4JMUCnDKwrCiBwoKN5H3kb-u56MxVbNkbt6uaH3TOjz1SBle7db7jriupH7Cp2vnBrFpNI_Xgv-ANBPvcdN_HgArFqbeUUU=@juraj.me
I installed Guix again, there is just single 2TB encrypted partition with ext4 on top.

When booting, there is a prompt asking for a password to decrypt the partition, then there is the boot menu. When hitting enter the laptop gets stuck again just like before.

Seems like an issue with grub?


??????? Original Message ???????
On Tuesday, May 25, 2021 1:19 PM, Tobias Geerinckx-Rice <me@tobias.gr> wrote:

Toggle quote (19 lines)
> Juraj,
>
> Juraj Hlista ???
>
> > mount LABEL=system-root /mnt
> > mkdir /mnt/etc /mnt/boot
> > mount LABEL=system-boot /mnt/boot
>
> Guix System doesn't support a separate /boot partition. Seehttp://issues.guix.gnu.org/48172.
>
> I'll leave this bug unmerged with that one until we're sure that's your only issue:
>
> > I also tried to use unencrypted root partition (basically the > same as above, but without LUKS) and it works.
>
> Also with separate /boot? If so, maybe GRUB happens to look in the wrong right place (/ instead of /boot), or something else is going on.
>
> Kind regards,
>
> T G-R
J
J
Juraj Hlista wrote on 25 May 2021 19:19
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)
P3RMn6APfBcK9l0jAJ8vZt5FxnuYQvKYnkrXY8YNKx2cOawD-dYAwxN1sEUgw9TrBA3L1qDXC6gil6dgGKOGpszum3jAlSVGcOhwGGKLkjM=@juraj.me
I tried to install Guix on unencrypted partition as well and it works.

So to sum up my issue:

/dev/nvme0n1p1 - 1.8TB, Linux (83)

cryptsetup luksFormat /dev/nvme0n1p1
cryptsetup open /dev/nvme0n1p1 luks
mkfs.ext4 -L system /dev/mapper/luks

mount LABEL=system /mnt
mkdir /mnt/etc

herd start cow-store /mnt

(bootloader
(bootloader-configuration
(bootloader grub-bootloader)
(target "/dev/nvme0n1")))
(mapped-devices
(list (mapped-device
(source (uuid "..."))
(target "luks")
(type luks-device-mapping))))
(file-systems
(cons* (file-system
(mount-point "/")
(device "/dev/mapper/luks")
(type "ext4")
(dependencies mapped-devices))
%base-file-systems)))

guix system init /mnt/etc/config.scm /mnt
reboot

After inserting password to decrypt, I hit enter in boot menu, laptop freezes.

Attached are pictures from GRUB.


Best Regards,
J


??????? Original Message ???????
On Tuesday, May 25, 2021 2:12 PM, Juraj Hlista <juraj@juraj.me> wrote:

Toggle quote (24 lines)
> I installed Guix again, there is just single 2TB encrypted partition with ext4 on top.
>
> When booting, there is a prompt asking for a password to decrypt the partition, then there is the boot menu. When hitting enter the laptop gets stuck again just like before.
>
> Seems like an issue with grub?
>
> ??????? Original Message ???????
> On Tuesday, May 25, 2021 1:19 PM, Tobias Geerinckx-Rice me@tobias.gr wrote:
>
> > Juraj,
> > Juraj Hlista ???
> >
> > > mount LABEL=system-root /mnt
> > > mkdir /mnt/etc /mnt/boot
> > > mount LABEL=system-boot /mnt/boot
> >
> > Guix System doesn't support a separate /boot partition. Seehttp://issues.guix.gnu.org/48172.
> > I'll leave this bug unmerged with that one until we're sure that's your only issue:
> >
> > > I also tried to use unencrypted root partition (basically the > same as above, but without LUKS) and it works.
> >
> > Also with separate /boot? If so, maybe GRUB happens to look in the wrong right place (/ instead of /boot), or something else is going on.
> > Kind regards,
> > T G-R
J
J
Juraj Hlista wrote on 26 May 2021 11:23
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)
A-FMJWPyQ9pY5oarPu_iaj1iYbDxlYjjRioDg0DjB2GgBBErHMlTOvaYs07zcTX0CMiDmk_0ky8PjE3-9I6Kwht7cQmy6IlIaHUz1VqYNjU=@juraj.me
There has been some progress. I added this line:

(initrd-modules (cons* "i915" %base-initrd-modules))

to the config and it solved the issue with freezing the laptop.

Not sure how the i915 module is related to LUKS though.

Best Regards,
J

??????? Original Message ???????
On Tuesday, May 25, 2021 7:19 PM, Juraj Hlista <juraj@juraj.me> wrote:

Toggle quote (66 lines)
> I tried to install Guix on unencrypted partition as well and it works.
>
> So to sum up my issue:
>
> /dev/nvme0n1p1 - 1.8TB, Linux (83)
>
> cryptsetup luksFormat /dev/nvme0n1p1
> cryptsetup open /dev/nvme0n1p1 luks
> mkfs.ext4 -L system /dev/mapper/luks
>
> mount LABEL=system /mnt
> mkdir /mnt/etc
>
> herd start cow-store /mnt
>
> (bootloader
> (bootloader-configuration
> (bootloader grub-bootloader)
> (target "/dev/nvme0n1")))
> (mapped-devices
> (list (mapped-device
> (source (uuid "..."))
> (target "luks")
> (type luks-device-mapping))))
> (file-systems
> (cons* (file-system
> (mount-point "/")
> (device "/dev/mapper/luks")
> (type "ext4")
> (dependencies mapped-devices))
> %base-file-systems)))
>
> guix system init /mnt/etc/config.scm /mnt
> reboot
>
> After inserting password to decrypt, I hit enter in boot menu, laptop freezes.
>
> Attached are pictures from GRUB.
>
> Best Regards,
> J
>
> ??????? Original Message ???????
> On Tuesday, May 25, 2021 2:12 PM, Juraj Hlista juraj@juraj.me wrote:
>
> > I installed Guix again, there is just single 2TB encrypted partition with ext4 on top.
> > When booting, there is a prompt asking for a password to decrypt the partition, then there is the boot menu. When hitting enter the laptop gets stuck again just like before.
> > Seems like an issue with grub?
> > ??????? Original Message ???????
> > On Tuesday, May 25, 2021 1:19 PM, Tobias Geerinckx-Rice me@tobias.gr wrote:
> >
> > > Juraj,
> > > Juraj Hlista ???
> > >
> > > > mount LABEL=system-root /mnt
> > > > mkdir /mnt/etc /mnt/boot
> > > > mount LABEL=system-boot /mnt/boot
> > >
> > > Guix System doesn't support a separate /boot partition. Seehttp://issues.guix.gnu.org/48172.
> > > I'll leave this bug unmerged with that one until we're sure that's your only issue:
> > >
> > > > I also tried to use unencrypted root partition (basically the > same as above, but without LUKS) and it works.
> > >
> > > Also with separate /boot? If so, maybe GRUB happens to look in the wrong right place (/ instead of /boot), or something else is going on.
> > > Kind regards,
> > > T G-R
E
E
Eric Brown wrote on 8 Jun 2021 19:24
(name . Juraj Hlista)(address . juraj@juraj.me)
874ke8tgl4.fsf@ericcbrown.com
Juraj Hlista <juraj@juraj.me> writes:

Toggle quote (87 lines)
> There has been some progress. I added this line:
>
> (initrd-modules (cons* "i915" %base-initrd-modules))
>
> to the config and it solved the issue with freezing the laptop.
>
> Not sure how the i915 module is related to LUKS though.
>
> Best Regards,
> J
>
> ??????? Original Message ???????
> On Tuesday, May 25, 2021 7:19 PM, Juraj Hlista <juraj@juraj.me> wrote:
>
>> I tried to install Guix on unencrypted partition as well and it works.
>>
>> So to sum up my issue:
>>
>> /dev/nvme0n1p1 - 1.8TB, Linux (83)
>>
>> cryptsetup luksFormat /dev/nvme0n1p1
>> cryptsetup open /dev/nvme0n1p1 luks
>> mkfs.ext4 -L system /dev/mapper/luks
>>
>> mount LABEL=system /mnt
>> mkdir /mnt/etc
>>
>> herd start cow-store /mnt
>>
>> (bootloader
>> (bootloader-configuration
>> (bootloader grub-bootloader)
>> (target "/dev/nvme0n1")))
>> (mapped-devices
>> (list (mapped-device
>> (source (uuid "..."))
>> (target "luks")
>> (type luks-device-mapping))))
>> (file-systems
>> (cons* (file-system
>> (mount-point "/")
>> (device "/dev/mapper/luks")
>> (type "ext4")
>> (dependencies mapped-devices))
>> %base-file-systems)))
>>
>> guix system init /mnt/etc/config.scm /mnt
>> reboot
>>
>> After inserting password to decrypt, I hit enter in boot menu, laptop freezes.
>>
>> Attached are pictures from GRUB.
>>
>> Best Regards,
>> J
>>
>> ??????? Original Message ???????
>> On Tuesday, May 25, 2021 2:12 PM, Juraj Hlista juraj@juraj.me wrote:
>>
>> > I installed Guix again, there is just single 2TB encrypted partition with ext4 on top.
>> > When booting, there is a prompt asking for a password to decrypt
>> > the partition, then there is the boot menu. When hitting enter the
>> > laptop gets stuck again just like before.
>> > Seems like an issue with grub?
>> > ??????? Original Message ???????
>> > On Tuesday, May 25, 2021 1:19 PM, Tobias Geerinckx-Rice me@tobias.gr wrote:
>> >
>> > > Juraj,
>> > > Juraj Hlista ???
>> > >
>> > > > mount LABEL=system-root /mnt
>> > > > mkdir /mnt/etc /mnt/boot
>> > > > mount LABEL=system-boot /mnt/boot
>> > >
>> > > Guix System doesn't support a separate /boot partition. Seehttp://issues.guix.gnu.org/48172.
>> > > I'll leave this bug unmerged with that one until we're sure that's your only issue:
>> > >
>> > > > I also tried to use unencrypted root partition (basically the
>> > > > > same as above, but without LUKS) and it works.
>> > >
>> > > Also with separate /boot? If so, maybe GRUB happens to look in
>> > > the wrong right place (/ instead of /boot), or something else is
>> > > going on.
>> > > Kind regards,
>> > > T G-R


In my experience, missing video drivers will cause the system to freeze
right when switching to GUI mode.

You may try to append:
nomodeset nosplash

to the grub configuration and get past it, but you will be in "console
mode" but at least you can take steps to get drivers.

Two passwords: it's a wonderful idea. One for GRUB, which may contain
secrets, and then one to unlock the disk.
T
T
Tobias Geerinckx-Rice wrote on 8 Jun 2021 23:39
(name . Juraj Hlista)(address . juraj@juraj.me)
87wnr46npf.fsf@nckx
Juraj Hlista ???
Toggle quote (2 lines)
> Not sure how the i915 module is related to LUKS though.

Not, all all. You should see the same apparent ‘freeze’ when
booting the system without LUKS with ‘--repl’ on the kernel
command line.

Linux prompts for the LUKS passphrase early, and (obviously :-)
before the root file system is mounted. The kernel needs to
display this prompt. The root file system contains all drivers.
See the deadlock?

Adding i915 to the initrd will ensure that it is loaded before the
initrd tries to mount / and asks you for the passphrase, so
everything will work fine. Building i915 into the kernel would
have the same effect.

Kind regards,

T G-R
-----BEGIN PGP SIGNATURE-----

iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCYL/jfA0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15r8sBAPVRI2IiDSH8RXcTp0y8177pSCPD3OKsXNrW01VS
0KhyAQDiubs74czhNn96dUQ8+RepPL0movl3x+GDHvRpZUYVBQ==
=o4/O
-----END PGP SIGNATURE-----

M
M
Maxim Cournoyer wrote on 24 Aug 2021 06:11
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)
877dgbtrbo.fsf@gmail.com
Hello,

Tobias Geerinckx-Rice <me@tobias.gr> writes:

Toggle quote (15 lines)
> Juraj Hlista ???
>> Not sure how the i915 module is related to LUKS though.
>
> Not, all all. You should see the same apparent ‘freeze’ when booting
> the system without LUKS with ‘--repl’ on the kernel command line.
>
> Linux prompts for the LUKS passphrase early, and (obviously :-) before
> the root file system is mounted. The kernel needs to display this
> prompt. The root file system contains all drivers. See the deadlock?
>
> Adding i915 to the initrd will ensure that it is loaded before the
> initrd tries to mount / and asks you for the passphrase, so
> everything will work fine. Building i915 into the kernel would have
> the same effect.

Seems this issue was about not having a required video driver in the
init RAM disk, rather than LUKS support.

Closing.

Glad you got it solved!

Maxim
Closed
?