LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 08-28-2015, 10:37 AM   #1
drgibbon
Senior Member
 
Registered: Nov 2014
Distribution: Slackware64 -current
Posts: 1,002

Rep: Reputation: 666Reputation: 666Reputation: 666Reputation: 666Reputation: 666Reputation: 666
Slackware 14.1 install with LUKS/LVM/GRUB


I'm installing Slackware64 14.1 on my X200 with libreboot, and I'm following the Slackware README_CRYPT.TXT instructions for disk encryption using LUKS and LVM. The setup is:
Code:
/dev/sda1 100MB /boot   (unencrypted boot partition)
/dev/sda2 240GB /    (this is a big LUKS block with LVM swap and / partitions).
Everything is fine there, but libreboot actually has GRUB loaded onto the firmware, and it looks for /boot/grub/libreboot_grub.cfg as a way to boot the system. My question is how do I generate the appropriate libreboot_grub.cfg file with
Code:
grub-mkconfig -o /boot/grub/libreboot_grub.cfg
That is, how do I tell GRUB about the kernel, initrd, LVM, and whatever else GRUB needs to boot? I've only installed Slackware with LILO/ELILO and GRUB seems pretty complicated in comparison.
 
Old 08-28-2015, 10:50 AM   #2
orbea
Senior Member
 
Registered: Feb 2015
Distribution: Slackware64-current
Posts: 1,946

Rep: Reputation: Disabled
Here are some links that might help if you took some time to read them.

http://www.jveweb.net/en/archives/20...ypted-lvm.html
http://blog.darknedgy.net/technology/2014/07/27/1/
http://www.funtoo.org/Rootfs_over_encrypted_lvm
http://libreboot.org/docs/gnulinux/index.html

Especially check out all the articles listed on the last link.
 
Old 08-28-2015, 07:21 PM   #3
drgibbon
Senior Member
 
Registered: Nov 2014
Distribution: Slackware64 -current
Posts: 1,002

Original Poster
Rep: Reputation: 666Reputation: 666Reputation: 666Reputation: 666Reputation: 666Reputation: 666
Thanks but the first and second links do not deal with GRUB, the funtoo link has something but it looks Funtoo specific (emerge grub2 with device-mapper support? better-initramfs/genkernel/boot-update?). I have read the last links already, but they deal with encrypting the entire OS and modifying the libreboot firmware which I do not want to do at present (actually cannot do).

What I'm after is the right way to generate /boot/grub/libreboot_grub.cfg from inside the Slackware install environment (after installing everything and doing a chroot /mnt and making the initram). I suppose trial and error will get me there eventually, but I was hoping someone might know the method for doing it.
 
Old 08-29-2015, 01:14 AM   #4
orbea
Senior Member
 
Registered: Feb 2015
Distribution: Slackware64-current
Posts: 1,946

Rep: Reputation: Disabled
The first two links deal with encrypting in slackware, try following them up to making an initrd.gz. The funtoo link provides an additional explanation that helps elaborate on the concept and the last links deal with libreboot and grub.

You can boot with something like:
Quote:
Booting your system

At this point, you will have finished the installation. At your GRUB payload, press C to get to the command line.

Do that:
grub> cryptomount -a
grub> set root='lvm/grubcrypt-trisquel'
grub> linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel cryptdevice=/dev/mapper/grubcrypt-trisquel:root
grub> initrd /initrd.img
grub> boot
http://libreboot.org/docs/gnulinux/e..._trisquel.html

You also don't have to flash the firmware:
Quote:
1st option: don't re-flash

By default, GRUB in libreboot is configured to scan all partitions on the main storage for /boot/grub/libreboot_grub.cfg or /grub/libreboot_grub.cfg(for systems where /boot is on a dedicated partition), and then use it automatically.

Simply create your custom GRUB configuration and save it to /boot/grub/libreboot_grub.cfg on the running system. The next time you boot, GRUB (in libreboot) will automatically switch to this configuration file. This means that you do not have to re-flash, recompile or otherwise modify libreboot at all!

Ideally, your distribution should automatically generate a libreboot_grub.cfg file that is written specifically under the assumption that it will be read and used on a libreboot system that uses GRUB as a payload. If your distribution does not do this, then you can try to add that feature yourself or politely ask someone involved with or otherwise knowledgeable about the distribution to do it for you. The libreboot_grub.cfg could either contain the full configuration, or it could chainload another GRUB ELF executable (built to be used as a coreboot payload) that is located in a partition on the main storage.

If you want to adapt a copy of the existing libreboot GRUB configuration and use that for the libreboot_grub.cfg file, then follow #tools, #rom and #extract_testconfig to get the grubtest.cfg. Rename grubtest.cfg to libreboot_grub.cfg and save it to /boot/grub/ on the running system where it is intended to be used. Modify the file at that location however you see fit, and then stop reading this guide (the rest of this page is irrelevant to you); in libreboot_grub.cfg on disk, if you are adapting it based on grub.cfg from CBFS then remove the check for libreboot_grub.cfg otherwise it will loop..

This is all well and good, but what should you actually put in your GRUB configuration file? Read grub_config.html for more information.
http://libreboot.org/docs/gnulinux/g...1_dont_reflash
 
Old 08-29-2015, 03:15 AM   #5
drgibbon
Senior Member
 
Registered: Nov 2014
Distribution: Slackware64 -current
Posts: 1,002

Original Poster
Rep: Reputation: 666Reputation: 666Reputation: 666Reputation: 666Reputation: 666Reputation: 666
Yep, I had done all those steps, and I can get into the Slack system that way. But my original question was how do I generate the appropriate /boot/grub/libreboot_grub.cfg file? That is the part that I cannot get working. The problem is that I cannot get to grips with Slackware+LUKS+LVM+GRUB. I've been reading but and it just doesn't make sense to me.
 
Old 08-29-2015, 10:54 PM   #6
drgibbon
Senior Member
 
Registered: Nov 2014
Distribution: Slackware64 -current
Posts: 1,002

Original Poster
Rep: Reputation: 666Reputation: 666Reputation: 666Reputation: 666Reputation: 666Reputation: 666
After a lot of playing around, I found out that this is not that hard at all. If you follow the instructions under "Combining LUKS and LVM" in the Slack docs on encryption, then at the end after you do:
Code:
chroot /mnt
$( /usr/share/mkinitrd/mkinitrd_command_generator.sh -r )
you can ignore the LILO part and instead
Code:
mkdir /boot/grub
grub-mkconfig -o /boot/grub/libreboot_grub.cfg
then edit the /boot/grub/libreboot_grub.cfg file and then just after the first echo 'Loading Linux 3.10.17 ...' change
Code:
linux /vmlinuz-huge-3.10.17 root=/dev/mapper/cryptvg-root ro
to
Code:
linux /vmlinuz-generic-3.10.17 root=/dev/mapper/cryptvg-root ro
and it should work. I was actually forgetting to put the unencrypted /boot partition in fstab during setup, and I think that was the problem. I suppose if you are running libreboot you would carry on with the FreeSlack stuff.

Btw, if you can edit your libreboot firmware grub file then you can follow their docs and probably encrypt everything, including /boot, because grub can unlock LUKS and handle LVM too.
 
Old 04-27-2016, 01:11 AM   #7
bsd1101
Member
 
Registered: Jul 2010
Location: Brooklyn NY
Distribution: Slackware 64
Posts: 31

Rep: Reputation: Disabled
have you tired full disk encryption.

I updated the grub.cfg within the rom and have a fully encrypted drive. My issue now is having to enter the luks password twice. Once on the grub menu and a second time during kernel boot. According to the instructions at the end here https://libreboot.org/docs/gnulinux/..._parabola.html it is possible to use a keyfile, but unless I'm misunderstanding it's not possible on Slackware because mkinitrd requires a separate fat partition with the file; and not one that can be stored locally.

So for this line

mkinitrd -c -k 4.4.8-smp -m ext4 -f ext4 -r /dev/cryptvg/root -C /dev/sdx2 -L -K LABEL=TRAVELSTICK:/keys/alien.luks

I can't do something like

mkinitrd -c -k 4.4.8-smp -m ext4 -f ext4 -r /dev/cryptvg/root -C /dev/sdx2 -L -K LABEL=root:/etc/keyfile
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
VFS: Kernel Panic with Slackware LUKS + LVM slack_ Slackware 8 09-06-2014 03:45 AM
[SOLVED] running slackware 13.37 off usb with LUKS and lvm with grub Dr.Thodt Slackware 7 12-07-2011 08:03 PM
Slackware 12.2 + RAID-1 + LVM + LUKS encrypted root gargamel Slackware 35 12-17-2009 11:25 AM
Slackware 12.1, LUKS, LVM on external HD. How? randomsel Slackware - Installation 7 06-26-2008 06:35 PM
Windows on LUKS LVM Post Slackware 12.1 Install -{Jester}- Slackware 4 05-23-2008 01:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 01:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration