Slackware on lvm+luks

keeneadt · 05-24-2020, 06:58 AM

Hey, folks.
I've just installed Slackware according to this notes. My setup is elilo + full disk encryption (lvm on luks). What I did:
1. Created two partitions: 512M ESP Fat32 (/dev/sdb1) and 250G raw for LUKS (/dev/sdb2).
2. Created and opened luks.
3. Created physical, group and logical volumes (root, swap, home).
4. Installed Slackware and elilo with new efi record.
5. Without rebooting after installation was finished I chrooted and used

Code:

/usr/share/mkinitrd/mkinitrd_command_generator.sh -a '-o /boot/efi/EFI/Slackware/initrd.gz | tail -1 | sh

to create initrd.gz.
6. Checked if /boot/vmlinuz-generic-5.4.41 and /boot/efi/EFI/Slackware/vmlinuz are the same.
7. Just in case copied /boot/efi/EFI/Slackware/initrd.gz to /boot/initrd.gz

So my final config setup looks like this

Code:

cat /boot/efi/EFI/Slackware/elilo.conf
chooser=simple
delay=1
timeout=1
#
image=vmlinuz
        label=vmlinuz
        initrd=initrd.gz
        read-only
        append="root=/dev/mapper/luksvg-root vga=normal ro"

ls -l /boot/efi/EFI/Slackware
elilo.conf  elilo.efi  initrd.gz  vmlinuz

Seems like everything is OK, but when I try to boot into installation
1. initrd.gz loads from /boot (not from /boot/efi/EFI/Slackware).
2. All modules loads without a problem (I see insmod /lib/modules/5.4.41/... on display).
3. Error

Code:

LUKS device /dev/sdb2 unavailable for unlocking!
...
No /sbin/init found on rootdev...

As far as I can tell this error caused by inability to decrypt /dev/sdb2 which is partition with luks+lvm.

My questions are:
1. Why loads /boot/initrd.gz when in elilo.conf I have initrd.gz not in /boot, but in elilo dir (/boot/efi/EFI/Slackware)?
2. Since initrd.gz in /boot and in /boot/efi/EFI/Slackware are the same and they have been created by mkinitrd_command_generator, why the problem with decryption appears?
3. How to fix it?

Alien Bob · 05-24-2020, 07:07 AM

Is your LUKS device still called /dev/sdb2 when you are booting that computer?
If it is, did you perform a full installation of Slackware or did you skip packages?
To try whether cryptsetup in your initrd works, reboot, and then after getting the error message you will be dropped to a shell prompt. Type "cryptsetup" to see if that command is working at all, or whether it is missing any libraries.

keeneadt · 05-24-2020, 07:24 AM

Thanks for reply.
In emergency shell (let's call it this way) I executed

Code:

ls /dev

and did't found /dev/sdb. The only block device I found is /dev/sda which is my hdd (media storage) with no distributions installed.
No, I did not perform a full installation. I skipped kernel sources, KDE and XFCE packages.
Cryptsetup works in emergency shell.

Alien Bob · 05-24-2020, 07:34 AM

Is that /dev/sdb an external USB drive? If so, it may be too slow to be recognized in time as a storage device.
The mkinitrd command has a "wait" parameter, for instance adding "-w 10" will cause the init process to wait 10 seconds which could be sufficient for the USB subsystem to recognize your disk. Like so:

Code:

/usr/share/mkinitrd/mkinitrd_command_generator.sh -r -a '-w 10 -o /boot/efi/EFI/Slackware/initrd.gz' | sh

keeneadt · 05-24-2020, 07:47 AM

It's external sata ssd, that is connected via usb3. I've just tried to make initrd with your command, but it doesn't take any effect, except +10 seconds to boot time. I've tried 30 seconds as well - still no result.

If it matters, I've installed arch with lvm+luks on this devices exactly in the same manner. That time I didn't experience any problems.

keeneadt · 05-24-2020, 08:02 AM

Btw, even with -w 30 I don't see sdb device in /dev. It looks working (led is flashing). In UEFI I can see this disk. Actually, last time initrd.gz was loaded from a proper location - /boot/efi/EFI/Slackware, therefore sdb was recognized on boot.

Alien Bob · 05-24-2020, 08:47 AM

There's also the possibility that your initrd does not have the modules to support USB storage. That would explain why you never see the device nodes appear.

keeneadt · 05-24-2020, 08:52 AM

Hmm... I unpluged ssd from box and connected it to m/b sata. It was identified as sdb, however, I still get this error when I try to boot.

keeneadt · 05-24-2020, 09:43 AM

Does anybody have experience with installing Slackware on lvm+luks? Does it work?

keeneadt · 05-24-2020, 11:10 AM

Two more unsuccessful attempts to install Slackware on lvm+luks. This time I've tried to install on sata ssd and m2 ssd. Both times I get exactly the same error but with different partitions. Looks like notes I mentioned doesn't cover some necessary step or Slackware (at least current) doesn't support working from encrypted device.

z80 · 05-24-2020, 11:28 AM

Luks and LVM works fine here.
However, I use lilo and a manually created initrd.

My mkinitrd command looks like this:

Code:

mkinitrd -c -k 5.4.42 -f ext2,ext4 -r /dev/cryptvg/root -C /dev/sda2 -L -d de

/etc/lilo.conf looks like this:

Code:

append=" vt.default_utf8=0"
boot = /dev/sda
bitmap = /boot/slack.bmp
bmp-colors = 255,0,255,0,255,0
bmp-table = 60,6,1,16
bmp-timer = 65,27,0,255
prompt
timeout = 100
change-rules
  reset
vga=normal

image = /boot/vmlinuz
  initrd = /boot/initrd.gz
  root = /dev/cryptvg/root
  label = Linux
  read-only

image = /boot/vmlinuz-rescue
  initrd = /boot/initrd-rescue.gz
  root = /dev/cryptvg/root
  label = Rescue
  append = " single"
  read-only

khronosschoty · 05-24-2020, 11:35 AM

Quote:

Originally Posted by keeneadt

Does anybody have experience with installing Slackware on lvm+luks? Does it work?

I've been using luks+lvm for years now (with Slackware64-current and Slackware64-14.2 and in one case Slackware-14.2).

keeneadt · 05-24-2020, 11:46 AM

Don't know what to say. Could be an issue of current iso I used. Will try with another one later.

Alien Bob · 05-24-2020, 12:32 PM

The error you get is generated when "cryptsetup isLuks /dev/sdb2" returns false. I.e. your disk partition is not recognized as a LUKS volume.
Did you do something out of the ordinary when formatting /dev/sdb2 as a LUKS volume?

Edit - well if your /dev/sdb is not visible at all, my remark is irrelevant.

keeneadt · 05-24-2020, 12:40 PM

Quote:

Originally Posted by Alien Bob

Did you do something out of the ordinary when formatting /dev/sda2 as a LUKS volume?

It's /dev/sdb in my case. No, nothing out of what is written in the notes.

Code:

boot
> root

cfdisk /dev/sdb
gpt
/dev/sdb1 ESP 512M
/dev/sdb2 Linux filesystem 250G

cryptsetup -s 512 -y luksFormat /dev/sdb2
cryptsetup open /dev/sdb2 luksslack0

pvcreate /dev/mapper/luksslack0
vgcreate luksvg0 /dev/mapper/luksslack0
lvcreate -L 8G -n swap luksvg0
lvcreate -L 40G -n root luksvg0
lvcreate -l 100%FREE -n home luksvg0

mkswap /dev/luksvg0/swap

setup

The rest I've already described.