Skip to main content
Topic solved
This topic has been marked as solved and requires no further attention.
Topic: Initrd checks for btrfs before disks are encrypted (Read 796 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Initrd checks for btrfs before disks are encrypted

Hi,

I just got a new cool laptop (Dell XPS 13 2-in-1 7390) and after about 5 minutes testing out Windows I scraped the disks and installed Linux. First Kubuntu to get going and then Artix as the real OS.

Things works quite nicely and KDE shapes up well for a HDPI screen (4k on a 13" screen is a pain in the eye for us over 45, youngsters will learn eventually). The touch screen works well, zoom can now be adjusted per screen configuration etc.
I did have to do the wifi-fix mentioned at Arch Linux but that is about it.

The main disk partition is LUKS-encrypted with btrfs.

I have a similar setup on my old laptop and it works swell.

The one problem I have is that the initrd fails to load tings in relevant order; it scans for btrfs file systems and tries to mount root before the partition is opened with luks, thus it fails and I have to manually open and mount root in the escape shell.

I have used the same mkinitcopio-settings as my older laptop, the same order of e modules in the same order. And there it works flawless.

Any hints on how to control this before I switch to dracut?

Cheers,
Erik




I take full responsibility of my Linux systems - I just need some help from time to time.

Re: Initrd checks for btrfs before disks are encrypted

Reply #1
In general, to get rootfs encryption working, you need 3 things:
  1. The encryption key (default: /crypto_keyfile.bin) present and declared in /etc/mkinitcpio.conf
  2. The 'encrypt' hook in the hooks() array, probably before lvm2 and filesystems.
  3. A directive in grub.cfg (default cryptkey=rootfs:/crypto_keyfile.bin), that asks for the passphrase to decrypt the disk.
These are from mostly from memory, as I don't use encryption or BTRFS. I also vaguely remember that BTRFS+GRUB+LUKS combo was a hard nut to crack. Our graphical ISOs seem to correctly create encrypted setups (I tested many combinations last week), so you might want to install one in a VM and see how it's done by calamares.

The testing ISOs are accessible at https://download.artixlinux.org/testing-isos.php

 

Re: Initrd checks for btrfs before disks are encrypted

Reply #2
Yea, I did al of those and wen I verified that really did I realized I had misspelled the device-name.  Fixed that and now it works like a charm.

Sorry for bothering the forum   :-[

Root on BTRFS and LUKS actually works pretty well with luks encrypted disk with btrfs. Among other it is simple to have several Linuxes in different snapshots and I generally make a snapshot before upgrades.  This can become handy if the update fails, as with my gentoo upgrade right now. Fails after about 10 hours and is very difficult to resume. The 2:rd restart from scratch is completing right now and I would never have managed without snapshots, I would have corrupted my system and had to reinstall.

It is so handy that I don't see why not everyone does similar. The Linux Mint community did bring a similar mechanism recently.

The hiccup with btrfs and arch linux is that the btrfs controller device is missing during initrd that is used for raided btrfs. It just takes a few lines to fix this and to use raided btrfs on multiple luks encrypted devices will work as well.

Next step is to encrypt the boot partition :)
 
I take full responsibility of my Linux systems - I just need some help from time to time.