Comments on: encrypted root file system on LVM https://lizards.opensuse.org/2009/03/18/encrypted-root-file-system-on-lvm/ Blogs and Ramblings of the openSUSE Members Fri, 06 Mar 2020 17:50:09 +0000 hourly 1 By: Earl Ruby https://lizards.opensuse.org/2009/03/18/encrypted-root-file-system-on-lvm/#comment-1033 Tue, 16 Jun 2009 15:06:17 +0000 http://lizards.opensuse.org/?p=603#comment-1033 You need to re-add it to menu.lst and re-run mkinitrd. If you updated your kernel and then rebooting failed, boot off the SUSE Live CD disk, fire up Gnome Terminal, and:


cryptsetup luksOpen /dev/sda2 root

Enter decrypt password. Then:


mount /dev/mapper/system-root /mnt
mount /dev/mapper/system-usr /mnt/usr
mount /dev/sda1 /mnt/boot
for i in dev sys proc; do mount --bind /$i /mnt/$i; done
chroot /mnt

Add “luks_root=/dev/sda2” to /boot/grub/menu.lst, then re-run mkinitrd.

To keep kernel updates from messing up your system again, add the string “luks_root=/dev/sda2” to the end of the DEFAULT_APPEND and FAILSAFE_APPEND lines in /etc/sysconfig/bootloader.

]]>
By: Earl Ruby https://lizards.opensuse.org/2009/03/18/encrypted-root-file-system-on-lvm/#comment-1032 Tue, 16 Jun 2009 14:57:56 +0000 http://lizards.opensuse.org/?p=603#comment-1032 One step you need to add: People need to modify the /etc/sysconfig/bootloader configuration file and add the string “luks_root=/dev/sda2” to the end of both the DEFAULT_APPEND and FAILSAFE_APPEND lines, otherwise the next time the system updates the kernel it will not include this setting in /boot/grub/menu.lst file and the system fail to boot.

]]>
By: mapia https://lizards.opensuse.org/2009/03/18/encrypted-root-file-system-on-lvm/#comment-918 Tue, 28 Apr 2009 22:06:28 +0000 http://lizards.opensuse.org/?p=603#comment-918 I can confirm that this is the only necesary change. My problem arose because I added an additional grub item and I forgot to specify the initrd. Beginner error sorry.

]]>
By: mapia https://lizards.opensuse.org/2009/03/18/encrypted-root-file-system-on-lvm/#comment-917 Tue, 28 Apr 2009 21:25:29 +0000 http://lizards.opensuse.org/?p=603#comment-917 Sorry i think I expressed myself here a bit unprecise. I did not use the initial menu.lst instead I edited the newly created menu.lst file with the reference to the new kernel and added luks_root=/dev/sda3 (in my case) and luks=root. Still after the reboot I’m no more prompted for th eluks password

]]>
By: Ludwig Nussel https://lizards.opensuse.org/2009/03/18/encrypted-root-file-system-on-lvm/#comment-916 Tue, 28 Apr 2009 13:34:36 +0000 http://lizards.opensuse.org/?p=603#comment-916 You can’t use the old menu.lst as the file name of the kernel has changed. You just need to add the luks_root=/dev/sda2 parameter in the new file again.

]]>
By: Ludwig Nussel https://lizards.opensuse.org/2009/03/18/encrypted-root-file-system-on-lvm/#comment-915 Tue, 28 Apr 2009 13:33:26 +0000 http://lizards.opensuse.org/?p=603#comment-915 it’s a hack to trick mkinitrd into using luks (root_luks=1) for the device in the variable ‘luks_root’ (due to luks=root). See /lib/mkinitrd/scripts/setup-luks.sh

]]>
By: mapia https://lizards.opensuse.org/2009/03/18/encrypted-root-file-system-on-lvm/#comment-914 Tue, 28 Apr 2009 11:52:46 +0000 http://lizards.opensuse.org/?p=603#comment-914 Since the latest kernel update my system is not booting anymore even after restoring menu.lst. Is it possible that the order of loading necesary files changed?

]]>
By: mapia https://lizards.opensuse.org/2009/03/18/encrypted-root-file-system-on-lvm/#comment-913 Tue, 28 Apr 2009 11:48:03 +0000 http://lizards.opensuse.org/?p=603#comment-913 Hi,

can you explain a bit more in detail why
Create /etc/sysconfig/initrd with the following two lines:
root_luks=1
luks=root

is necesary and what it is doing. Is it just necesary for the making of the new initrd or also during the startup?

]]>
By: Ludwig Nussel https://lizards.opensuse.org/2009/03/18/encrypted-root-file-system-on-lvm/#comment-879 Thu, 09 Apr 2009 09:19:49 +0000 http://lizards.opensuse.org/?p=603#comment-879 Additional note for those trying it: Beware of kernel updates. The luks_root option seems to get lost so check your menu.lst before rebooting:
https://bugzilla.novell.com/show_bug.cgi?id=490045

]]>
By: Andreas Stieger https://lizards.opensuse.org/2009/03/18/encrypted-root-file-system-on-lvm/#comment-859 Tue, 31 Mar 2009 16:53:31 +0000 http://lizards.opensuse.org/?p=603#comment-859 Works before leaving language/keyboard layout screen when you “modprobe dm-crypt” and “modprobe aes”. Doing it a screen later locked the disk device for some reason.

]]>