Comments on: encrypted root file system on LVM

By: Earl Ruby

Earl Ruby — Tue, 16 Jun 2009 15:06:17 +0000

You need to re-add it to menu.lst and re-run mkinitrd. If you updated your kernel and then rebooting failed, boot off the SUSE Live CD disk, fire up Gnome Terminal, and:

cryptsetup luksOpen /dev/sda2 root

Enter decrypt password. Then:

mount /dev/mapper/system-root /mnt mount /dev/mapper/system-usr /mnt/usr mount /dev/sda1 /mnt/boot for i in dev sys proc; do mount --bind /$i /mnt/$i; done chroot /mnt

Add “luks_root=/dev/sda2” to /boot/grub/menu.lst, then re-run mkinitrd.

To keep kernel updates from messing up your system again, add the string “luks_root=/dev/sda2” to the end of the DEFAULT_APPEND and FAILSAFE_APPEND lines in /etc/sysconfig/bootloader.

By: Earl Ruby

Earl Ruby — Tue, 16 Jun 2009 14:57:56 +0000

One step you need to add: People need to modify the /etc/sysconfig/bootloader configuration file and add the string “luks_root=/dev/sda2” to the end of both the DEFAULT_APPEND and FAILSAFE_APPEND lines, otherwise the next time the system updates the kernel it will not include this setting in /boot/grub/menu.lst file and the system fail to boot.

By: mapia

mapia — Tue, 28 Apr 2009 22:06:28 +0000

I can confirm that this is the only necesary change. My problem arose because I added an additional grub item and I forgot to specify the initrd. Beginner error sorry.

By: mapia

mapia — Tue, 28 Apr 2009 21:25:29 +0000

Sorry i think I expressed myself here a bit unprecise. I did not use the initial menu.lst instead I edited the newly created menu.lst file with the reference to the new kernel and added luks_root=/dev/sda3 (in my case) and luks=root. Still after the reboot I’m no more prompted for th eluks password

By: Ludwig Nussel

Ludwig Nussel — Tue, 28 Apr 2009 13:34:36 +0000

You can’t use the old menu.lst as the file name of the kernel has changed. You just need to add the luks_root=/dev/sda2 parameter in the new file again.

By: Ludwig Nussel

Ludwig Nussel — Tue, 28 Apr 2009 13:33:26 +0000

it’s a hack to trick mkinitrd into using luks (root_luks=1) for the device in the variable ‘luks_root’ (due to luks=root). See /lib/mkinitrd/scripts/setup-luks.sh

By: mapia

mapia — Tue, 28 Apr 2009 11:52:46 +0000

Since the latest kernel update my system is not booting anymore even after restoring menu.lst. Is it possible that the order of loading necesary files changed?

By: mapia

mapia — Tue, 28 Apr 2009 11:48:03 +0000

Hi,

can you explain a bit more in detail why
Create /etc/sysconfig/initrd with the following two lines:
root_luks=1
luks=root

is necesary and what it is doing. Is it just necesary for the making of the new initrd or also during the startup?

By: Ludwig Nussel

Ludwig Nussel — Thu, 09 Apr 2009 09:19:49 +0000

Additional note for those trying it: Beware of kernel updates. The luks_root option seems to get lost so check your menu.lst before rebooting:
https://bugzilla.novell.com/show_bug.cgi?id=490045

By: Andreas Stieger

Andreas Stieger — Tue, 31 Mar 2009 16:53:31 +0000

Works before leaving language/keyboard layout screen when you “modprobe dm-crypt” and “modprobe aes”. Doing it a screen later locked the disk device for some reason.