3
1
The layout of my only disk is the following:
/dev/sda1 for the plaintext boot partition
/dev/sda2 for the encrypted root partition
My system is ArchLinux and I followed this guide to set up root encryption (no lvm, no raid). Here is what I did: ran cryptsetup
on /dev/sda2
and mapped it into /dev/mapper/cryptroot
My /etc/fstab
looks like this:
UUID=of /dev/mapper/cryptroot / ext4 rw,relatime,data=ordered,discard 0 1
UUID=of /dev/sda1 /boot ext4 rw,relatime,data=ordered,discard 0 2
In my /etc/default/grub
I altered one single line to be:
GRUB_CMDLINE_LINUX="cryptdevice=UUID of /dev/sda2:cryptroot:allow-discards"
In the /etc/mkinitcpio.conf
the hooks look like this:
HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck"
Finally, I did not forget to run mkinitcpio -p linux
and grub-mkconfig -o /boot/grub/grub.cfg
respectively.
I have enumerated my actions in such a brisk manner because I have previously been successful at configuring encryption for my root fs. So, in the end I get the following error:
ERROR: device *UUID of /dev/mapper/cryptroot* not found. Skipping fsck.
ERROR: unable to find root device *UUID of /dev/mapper/cryptroot*
You are being dropped into recovery shell
The weird thing is that it attempts to look for the unencrypted /dev/mapper/cryptroot
and yet it doesn't ask me for the password (which I created when cryptsetup
'ing on /dev/sda2
at the beginning). So, naturally it cannot find the unencrypted block device because it did not ask me for its password in the first place. Could you please tell me what have I configured wrong?
the ' - ' is intentional and forces password interogation short of a valid keyfile for a valid active keySlot – linuxdev2013 – 2015-05-30T20:04:27.663
1Thank you, but
crypttab
contains a comment "do not list your root (/) partition here, it must be set up beforehand by the initramfs (/etc/mkinitcpio.conf)" which I understand to be the reference to the fact that you have to add a hook. Do I misunderstand this comment? – alisianoi – 2015-05-30T20:05:39.690By the way, your current answer uses some hybrid of
– alisianoi – 2015-05-30T20:11:14.960/etc/fstab
and/etc/crypttab
syntax, see the example for/etc/crypttab
here/etc/crypttab
is located on the very root partition that fails to decrypt, so this can't be a solution to decrypt it. – regular – 2018-02-17T14:07:53.360