Skip to main content
Topic solved
This topic has been marked as solved and requires no further attention.
Topic: LUKS+LVM won't boot: "Cryptodisk module not loaded" (Read 742 times) previous topic - next topic
0 Members and 2 Guests are viewing this topic.

LUKS+LVM won't boot: "Cryptodisk module not loaded"

Hello to you all. I have tried Artix with OpenRC on an plain disk and was reasonably happy with it (with Artix, not OpenRC) so I went ahead to do a regular install to encrypted disk with runit.
Installing with Calamares to my already partitioned lvm did not work (pc froze at 39% and 40% respectively).
Following official FDE Artix installation guide on the website did not work either.
I had the most success with following guide: https://forum.artixlinux.org/index.php/topic,4970.msg31908.html#msg31908 Couple of things had to be changed (install basestrap runit elogind-runit, grub-update, ...), but trying to boot up it always prompts me for the luks part password and then ends up with: "Cryptodisk module not loaded".
I did follow this troubleshooting: https://bbs.archlinux.org/viewtopic.php?id=288876 but to no avail. The thing is it's not even trying to decrypt it (that would take a few seconds), but showing the error message straight away and going to grub-rescue. Also the UUID it's trying to decrypt is malformed in the error message, but not in the prompt.


Background:
Installation iso: artix-plasma-runit-20240818-x86_64.iso
lsblk:
'NAME            MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
nvme0n1         259:0    0 238.5G  0 disk 
|-nvme0n1p1     259:1    0  72.9G  0 part 
| `-lvm         254:0    0  72.8G  0 crypt
|   |-main-root 254:1    0    20G  0 lvm   /
|   |-main-swap 254:2    0     8G  0 lvm  
|   `-main-home 254:3    0  44.8G  0 lvm   /home
|-nvme0n1p2     259:2    0   300M  0 part 
|-nvme0n1p4     259:3    0  55.7G  0 part 
|-nvme0n1p6     259:4    0  92.6G  0 part 
`-nvme0n1p7     259:5    0    17G  0 part  '

mkinit:
'...
HOOKS=(base udev autodetect modconf kms encrypt keyboard keymap consolefont block lvm2 filesystems fsck)
...'

grub:
'GRUB_DEFAULT="0"
GRUB_TIMEOUT="3"
GRUB_DISTRIBUTOR="Artix"
GRUB_CMDLINE_LINUX_DEFAULT="mitigations=auto,nosmt mem_sleep_default=deep intel_pstate=enable cpufreq.default_gover>
# resume=UUID=48f548dd-a84f-4596-8480-8dcfc715306e
# GRUB_CMDLINE_LINUX="net.ifnames=0"
# CONFIG_LEGACY_TIOCSTI=n

GRUB_CMDLINE_LINUX="cryptdevice=UUID=d4601d39-0f94-407d-a750-a113241f5be0:lvm:allow-discards root=UUID=014a3a78-a5d>
GRUB_ENABLE_CRYPTODISK="y"
GRUB_ENABLE_CRYPTODISK=y

# Preload both GPT and MBR modules so that they are not missed
GRUB_PRELOAD_MODULES="part_gpt part_msdos luks cryptodisk"

# Uncomment to enable Hidden Menu, and optionally hide the timeout count
#GRUB_HIDDEN_TIMEOUT="5"
#GRUB_HIDDEN_TIMEOUT_QUIET="true"

# Uncomment to use basic console
GRUB_TERMINAL_INPUT="console"

# Uncomment to disable graphical terminal
#GRUB_TERMINAL_OUTPUT="console"

# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo
GRUB_GFXMODE="1024x768,800x600"

# Uncomment to allow the kernel use the same resolution used by grub
GRUB_GFXPAYLOAD_LINUX="keep"

# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
#GRUB_DISABLE_LINUX_UUID="true"

# Uncomment to disable generation of recovery mode menu entries
GRUB_DISABLE_RECOVERY="true"

# Uncomment and set to the desired menu colors.  Used by normal and wallpaper
# modes only.  Entries specified as foreground/background.
export GRUB_COLOR_NORMAL="light-blue/black"
export GRUB_COLOR_HIGHLIGHT="light-cyan/blue"

# Uncomment one of them for the gfx desired, a image background or a gfxtheme
GRUB_THEME="/usr/share/grub/themes/artix/theme.txt"

GRUB_SAVEDEFAULT="true"

GRUB_DISABLE_LINUX_RECOVERY="true"

# Probe for other installed operating systems
GRUB_DISABLE_OS_PROBER="false"'

Exact walkthrough I have slightly modified:
'/dev/nvme0n1p2 #300M,Don't make it smaller
/dev/nvme0n1p1

cryptsetup luksFormat /dev/nvme0n1p1
cryptsetup luksOpen /dev/nvme0n1p1 lvm

pvcreate /dev/mapper/lvm
vgcreate main /dev/mapper/lvm
lvcreate -L 20G main -n root
lvcreate -l 100%FREE main -n home
lvs

mkfs.ext4 /dev/mapper/main-root
mkfs.ext4 /dev/mapper/main-home


vgchange -a y main
mount /dev/mapper/main-root /mnt
mkdir /mnt/home
mount /dev/mapper/main-home /mnt/home

basestrap /mnt base base-devel runit elogind-runit cryptsetup lvm2 micro linux-hardened git efibootmgr

fstabgen -U /mnt >> /mnt/etc/fstab

artix-chroot /mnt
echo "host" > /etc/hostname
echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
locale-gen
echo "LANG=en_US.UTF-8" > /etc/locale.conf

# Edit /etc/mkinitcpio.conf
HOOKS=(base udev autodetect modconf kms encrypt keyboard keymap consolefont block lvm2 filesystems fsck)

mkinitcpio -P

# Edit /etc/sudoers
%wheel ALL=(ALL) ALL

useradd -m -G wheel f
passwd f

sudo su - f     
git clone https://aur.archlinux.org/paru-bin.git
cd paru-bin
makepkg -si
paru -S grub-improved-luks2-git --noconfirm
exit

# Edit /etc/default/grub
GRUB_CMDLINE_LINUX="cryptdevice=UUID=d4601d39-0f94-407d-a750-a113241f5be0:lvm root=UUID=014a3a78-a5d7-4154-b077-b11c8e13ff2a"
GRUB_ENABLE_CRYPTODISK=y

mkdir /boot/efi
mount /dev/nvme0n1p2 /boot/efi
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=grub /dev/nvme0n1 --recheck
grub-mkconfig -o /boot/grub/grub.cfg
update-grub

exit && reboot
'

Anyone has any lead on this please?

Re: LUKS+LVM won't boot: "Cryptodisk module not loaded"

Reply #1
There are small discrepancies in our GRUB files with you. Firstly, you have two lines with "grub_enable_cryptodisk". Secondly, in the line "grub_preload_moudules" I have only "Part_GPT PART_MSDOS". Thirdly, I would check and double -check all the specified UUID in your place, because the main errors for this configuration are just the wrong UUID.

After that, you can make grub-mkconfig, reinstall the bootloader and check if everything works. These are all thoughts on this score at the moment ...

Re: LUKS+LVM won't boot: "Cryptodisk module not loaded"

Reply #2
Quote
GRUB_CMDLINE_LINUX_DEFAULT="mitigations=auto,nosmt mem_sleep_default=deep intel_pstate=enable cpufreq.default_gover>
...
GRUB_CMDLINE_LINUX="cryptdevice=UUID=d4601d39-0f94-407d-a750-a113241f5be0:lvm:allow-discards root=UUID=014a3a78-a5d>
I don't know if this is a copying error, but "root=UUID=014a3a78-a5d>" doesn't seem right. The UUID should be way longer. Also, why is there a ">" at the end of those lines?

And, like Worm_Jim already said, there should only be one line with GRUB_ENABLE_CRYPTODISK=y

Re: LUKS+LVM won't boot: "Cryptodisk module not loaded"

Reply #3
Worm_Jim:  
Some guides said to put GRUB_ENABLE_CRYPTODISK="y", some GRUB_ENABLE_CRYPTODISK=y without quotes. So I did both. Could that be a problem?
The guides stated that 'cryptodisk' should be included in GRUB_PRELOAD_MODULES="part_gpt part_msdos luks cryptodisk". Does your Artix boot without it?
The error during booting actually goes like this:
1. "Enter passphrase for hd1,gpt1 (d460....5be0)"
2. I enter my pass.
3. "error: invalid passphrase
error: no such cryptodisk found
error: disk 'lvmid/N3mA2x-P5fe-...' not found
Entering rescue mode"
So something is malforming the UUID, because 'N3mA2x-P5fe-...' doesn't even look like regular UUID (I presume it should only have digits and letters a-d).

MaxLPM:
It is definitely a copying error (the ">" at the end of the lines is due to the copying error thanks to Konsole), the UUID seems correct in the original file. Also the line GRUB_CMDLINE_LINUX_DEFAULT= ends with 'quiet splash"' as expected.

I did try changing what both of you suggested but the problem persists.

Regarding the cryptdevice option, I first tried just 'cryptdevice=UUID=d460...5be0'. Then I noticed the ':lvm' should probably be there (didn't work), then I added the ':allow-discards' on top, didn't work either.

Also, I should state that my pass has digits in in (but I did try entering it with and without hitting NumLock first) and my algo is argon2id (but that shouldn't be a problem I think as the installation is using grub-improved-luks2-git AUR).

Re: LUKS+LVM won't boot: "Cryptodisk module not loaded"

Reply #4
Some guides said to put GRUB_ENABLE_CRYPTODISK="y", some GRUB_ENABLE_CRYPTODISK=y without quotes. So I did both. Could that be a problem?
Anything is possible...

The guides stated that 'cryptodisk' should be included in GRUB_PRELOAD_MODULES="part_gpt part_msdos luks cryptodisk". Does your Artix boot without it?
Yes, the systems boot fine without luks and cryptodisk.

So something is malforming the UUID, because 'N3mA2x-P5fe-...' doesn't even look like regular UUID (I presume it should only have digits and letters a-d).
It seems that the UUID of the disks can be found out directly in grub. The container can even be opened! But I don't know how, you can search.

Re: LUKS+LVM won't boot: "Cryptodisk module not loaded"

Reply #5
Quote
Then I noticed the ':lvm' should probably be there (didn't work), then I added the ':allow-discards' on top, didn't work either.
:lvm is just the name of the container that will be opened, and yes, it has to be there. Also, remove "allow-discards" for now

I think the contents of /boot/grub/grub.cfg could point to the reason the UUID gets malformed. Please post them

Edit: here's an interesting gentoo thread
Edit 2: Hm, looking at your HOOKS, it seems that "encrypt" is placed too early? Try changing it to the following:
Code: [Select]
HOOKS=(base udev autodetect modconf kms keyboard keymap consolefont block encrypt lvm2 filesystems fsck)
Then run "mkinitcpio -P" and update grub

Re: LUKS+LVM won't boot: "Cryptodisk module not loaded"

Reply #6
Progress!

Suspecting issues might be lying in the passphrase algo, I added two more passphrases. So I have one argon2id, one argon2i and one PBKDF2. Both argon ones produce this error but with the PBKDF2 I was able to decrypt the disk! I entered it once, then some error message popped up, then I was asked for the passphrase again (I entered the PBKDF2 again) and Artix did boot.

I thought I would try to reinstall the grub-improved-luks2-git AUR package as it might not have installed properly. However Artix only booted into a terminal with no DE and I cannot connect to Wifi to install grub-improved-luks2-git and a DE because when following Arch wiki for terminal-only connection advice, neither iw nor iwconfig commands work (command not found).

Re: LUKS+LVM won't boot: "Cryptodisk module not loaded"

Reply #7
Quote
neither iw nor iwconfig commands work (command not found).
Did you install a network manager beforehand? If not, chroot back into your system and install something
Quote
So I have one argon2id, one argon2i and one PBKDF2. Both argon ones produce this error but with the PBKDF2 I was able to decrypt the disk!
Hm, if I understand correctly, PBKDF2 should work without any tweaked grub packages like grub-improved-luks2. See here. So, if it worked for you anyway, try using the usual grub from the Artix repositories

Re: LUKS+LVM won't boot: "Cryptodisk module not loaded"

Reply #8
I'm not adding anythin to the thread but I tell ya, I was considering encrypting my drives as I did before Artix but from the readings, seems to be a bit of a task. So this thread interests me.

A questions though, the installer does not actually allow for this during install?
I did the base and don't recall that. Would be willing to nuke and pave if, for example, one of the community ISO's does.
Supercalifragilisticexpialidocious

Re: LUKS+LVM won't boot: "Cryptodisk module not loaded"

Reply #9
Did you install a network manager beforehand? If not, chroot back into your system and install something

I did try to install them (iw, NetworkManager, connman,  wpa_supplicant plus also gdm) in both the basestrap and artix-chroot. Still doesn't work.
"connmanctl enable wifi" ends with "net.connman not provided by any .service"
"iwconfig" ... "lo    no wireless extensions"
"iwlist lo scan" ... "device doesn't support scanning"

Quote
Hm, if I understand correctly, PBKDF2 should work without any tweaked grub packages like grub-improved-luks2. See here. So, if it worked for you anyway, try using the usual grub from the Artix repositories

The thing is that I would like to utilize the stronger argon2id cipher, but I cannot because it only boots with the PBKDF2 one. (The second passphrase prompt after grub menu does accept argon)

Quote
I'm not adding anythin to the thread but I tell ya, I was considering encrypting my drives as I did before Artix but from the readings, seems to be a bit of a task. So this thread interests me.

A questions though, the installer does not actually allow for this during install?
I did the base and don't recall that. Would be willing to nuke and pave if, for example, one of the community ISO's does.

I did test install with Plasma OpenRC LTS without encryption and installation was rather straight forward. Calamares allows for encryption, but it just fails during install (or while working on grub and bootloader at the end of install). The command walkthrough I followed did not I guess.

Re: LUKS+LVM won't boot: "Cryptodisk module not loaded"

Reply #10
"connmanctl enable wifi" ends with "net.connman not provided by any .service"

I suspect it might be some problem of runit not registering the service. But trying to link it with 'ln -s' and 'sudo sv up connman' does nothing.

Re: LUKS+LVM won't boot: "Cryptodisk module not loaded"

Reply #11
After recreating the installation process (this time with the official Artix FDE guide) I did run into this problem again. This time however, not even the PBKDF2 password works. The passwords are either rejected as wrong (even when they're correct) or the aforementioned problem arises.

I think the contents of /boot/grub/grub.cfg could point to the reason the UUID gets malformed. Please post them

I did notice one thing:
'nano /boot/grub/grub.cfg' ...
Code: [Select]
...
search --no-floppy --fs-uuid --set=root --hint='lvmid/Skoq3X-YmuA-Cg21-QxwM-VLok-2tlE-fbe34a/D070Hs-cZHS-AdLj-0fPz-HuX1-W2K8-fcyL2o'  f1e7328e-ad52-4e4c-ae7b-2c758e69da12
...
...
the "Skoq3X..." UUID is mentioned multiple times in this file and that the same one that appears in the error message, even though the '/etc/default/grub' contains specifically 'cryptdevice=UUID=0f951dae-7d77-4ac8-b61a-fc0d91b39e8c:lvm root=UUID=f1e7328e-ad52-4e4c-ae7b-2c758e69da12'. No mention of the Skoq3X...

Out of curiosity I also ran ' cat /etc/crypttab' ...
Code: [Select]
# <name>               <device>                         <password> <options>
lvm                   UUID=0f951dae-7d77-4ac8-b61a-fc0d91b39e8c     none
It includes the UUID of the LUKS drive but not the one of the root lvm within. Not sure if that is correct.

 

Re: LUKS+LVM won't boot: "Cryptodisk module not loaded"

Reply #12
Success! I solved it, though I had to use my own brain here. (Note to self and others who come here)

The step where I should have updated grub with 'grub-mkconfig -o /boot/grub/grub.cfg' was wrong, because it's actually not mounted in /boot, but rather /boot/efi! And indeed doing 'grub-mkconfig -o /boot/EFI/grub/grub.cfg' actually did the trick and I can boot now.