Skip to main content
Topic solved
This topic has been marked as solved and requires no further attention.
Topic: efibootmgr command for LVM on LUKS (Read 2256 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

efibootmgr command for LVM on LUKS

Hello. I am currently installing Artix Linux on a new laptop so I want to create a boot entry to directly boot kernel from UEFI. For my previous installations I was using efibootmgr to create EFISTUB. But unfortunately efibootmgr doesn't allow you to view command line arguments you've been using to create an existing boot entry.

My setup information:
  • unencrypted ESP (boot partition);
  • LVM with root (btrfs, I don't use btrfs subvolumes) and swap partitions on LUKS2;
  • boot partition contents: vmlinuz-linux-zen (loader), booster-linux-zen.img (initramfs image generated by booster), intel-ucode.img (intel CPU microcode update files image).

Currently I have the next command:
Code: [Select]
efibootmgr --create \
    --disk /dev/nvme0n1 --part 1 \
    --label "Artix Linux" \
    --loader /vmlinuz-linux-zen \
    --unicode 'cryptdevice=UUID={LUKS PARTITION UUID}:{DECRYPTED LVM PARTITION NAME} root=UUID={ROOT PARTITION UUID} \
    rd.luks.name={LUKS PARTITION UUID}={DECRYPTED LVM PARTITION NAME} \
    rw loglevel=3 quiet \
    initrd=\intel-ucode.img initrd=\booster-linux-zen.img'
I am going to use lsblk command to obtain UUIDs.

It seems booster doesn't need any additional configuration in /etc/booster.yaml because Arch wiki says it supports LUKS out of the box (https://wiki.archlinux.org/title/Booster#Encryption).
However it seems booster needs additional systemd-boot originated kernel parameters like rd.luks.name (https://man.archlinux.org/man/booster.1#BOOT_TIME_KERNEL_PARAMETERS).
I've created a related github discussion in booster repository (https://github.com/anatol/booster/discussions/307).

Tell me, please, if I am wrong somewhere.
 

Re: efibootmgr command for LVM on LUKS

Reply #1
Here is the answer.

My /etc/booster.yaml
Code: [Select]
universal: false
compression: zstd
mount_timeout: 0s
strip: true
vconsole: false
enable_lvm: true
You shouldn't forget
Code: [Select]
enable_lvm: true
I also highly recommend setting mount_timeout to some big number or disabling it (just as I did by setting it's value to 0s) in case you use a passphrase to unlock your encrypted partition.

And efibootmgr command
Code: [Select]
efibootmgr --create --disk /dev/nvme0n1 --part 1 --label "Artix Linux" --loader /vmlinuz-linux-zen --unicode 'cryptdevice=UUID={ENCRYPTED PARTITION UUID}:{DECRYPTED PARTITION NAME} rd.luks.name={ENCRYPTED PARTITION UUID}={DECRYPTED PARTITION NAME} root=UUID={ROOT LVM SUBVOLUME UUID} rootfstype=btrfs rw loglevel=3 quiet initrd=\intel-ucode.img initrd=\booster-linux-zen.img'
You better write it as a single line of code (just as I did).
It turned out rd.luks.name parameter is essential for booster. I am not sure whether it also requires cryptdevice or not but I left it just in case.