GNU bug report logs - #48649
Guix doesn't boot with LUKS root partition

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 48649 in the body.
You can then email your comments to 48649 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Juraj Hlista <juraj <at> juraj.me>
To: "bug-guix <at> gnu.org" <bug-guix <at> gnu.org>
Subject: Guix doesn't boot with LUKS root partition
Date: Tue, 25 May 2021 09:24:39 +0000

[Message part 1 (text/plain, inline)]

Hi,

I have Librem 14 (coreboot/seaBIOS) with Samsung 970 Evo Plus 2TB SSD. I installed Guix manually, the disk has MBR partition table and these partitions:

/dev/nvme0n1p1 - 1GB, Linux (83), bootable
/dev/nvme0n1p2 - 1.8TB, Linux (83)

The nvme0n1p1 (/boot) is unencrypted with ext4:
mkfs.ext4 -L system-boot /dev/nvme0n1p1

The nvme0n1p2 (/) is encrypted using LUKS and on top is ext4:
cryptsetup luksFormat /dev/nvme0n1p2
cryptsetup open /dev/nvme0n1p2 luks
mkfs.ext4 -L system-root /dev/mapper/luks

mount LABEL=system-root /mnt
mkdir /mnt/etc /mnt/boot
mount LABEL=system-boot /mnt/boot

herd start cow-store /mnt

The relevant part on /mnt/etc/config.scm:

(bootloader
  (bootloader-configuration
    (bootloader grub-bootloader)
    (target "/dev/nvme0n1")))
(mapped-devices
  (list (mapped-device
          (source (uuid "..."))
          (target "luks")
          (type luks-device-mapping))))
(file-systems
  (cons* (file-system
           (mount-point "/")
           (device "/dev/mapper/luks")
           (type "ext4")
           (dependencies mapped-devices))
         %base-file-systems)))

guix system init /mnt/etc/config.scm /mnt

Installation is without any errors. After rebooting grub asks for a password to decrypt LUKS partition, then gives me the boot menu. When I hit enter, the laptop gets stuck, I can't do ctrl+alt+f3,f4... only ctrl+alt+del works.

Attached are pictures from grub.

I also tried to use unencrypted root partition (basically the same as above, but without LUKS) and it works.

Thanks,
J

[grub1.jpeg (image/jpeg, attachment)]

[grub2.jpeg (image/jpeg, attachment)]

Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: Juraj Hlista <juraj <at> juraj.me>
Cc: 48649 <at> debbugs.gnu.org, bug-guix <at> gnu.org
Subject: Re: bug#48649: Guix doesn't boot with LUKS root partition
Date: Tue, 25 May 2021 13:19:11 +0200

[Message part 1 (text/plain, inline)]

Juraj,

Juraj Hlista 写道：
> mount LABEL=system-root /mnt
> mkdir /mnt/etc /mnt/boot
> mount LABEL=system-boot /mnt/boot

Guix System doesn't support a separate /boot partition.  See 
<http://issues.guix.gnu.org/48172>.

I'll leave this bug unmerged with that one until we're sure that's 
your only issue:

> I also tried to use unencrypted root partition (basically the 
> same as above, but without LUKS) and it works.

Also with separate /boot?  If so, maybe GRUB happens to look in 
the wrong right place (/ instead of /boot), or something else is 
going on.

Kind regards,

T G-R

[signature.asc (application/pgp-signature, inline)]

Message #14 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Juraj Hlista <juraj <at> juraj.me>
To: Tobias Geerinckx-Rice <me <at> tobias.gr>
Cc: "48649 <at> debbugs.gnu.org" <48649 <at> debbugs.gnu.org>,
 "bug-guix <at> gnu.org" <bug-guix <at> gnu.org>
Subject: Re: bug#48649: Guix doesn't boot with LUKS root partition
Date: Tue, 25 May 2021 12:12:43 +0000

I installed Guix again, there is just single 2TB encrypted partition with ext4 on top.

When booting, there is a prompt asking for a password to decrypt the partition, then there is the boot menu. When hitting enter the laptop gets stuck again just like before.

Seems like an issue with grub?


‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, May 25, 2021 1:19 PM, Tobias Geerinckx-Rice <me <at> tobias.gr> wrote:

> Juraj,
>
> Juraj Hlista 写道：
>
> > mount LABEL=system-root /mnt
> > mkdir /mnt/etc /mnt/boot
> > mount LABEL=system-boot /mnt/boot
>
> Guix System doesn't support a separate /boot partition. Seehttp://issues.guix.gnu.org/48172.
>
> I'll leave this bug unmerged with that one until we're sure that's your only issue:
>
> > I also tried to use unencrypted root partition (basically the > same as above, but without LUKS) and it works.
>
> Also with separate /boot? If so, maybe GRUB happens to look in the wrong right place (/ instead of /boot), or something else is going on.
>
> Kind regards,
>
> T G-R

Message #20 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Juraj Hlista <juraj <at> juraj.me>
To: Tobias Geerinckx-Rice <me <at> tobias.gr>
Cc: "48649 <at> debbugs.gnu.org" <48649 <at> debbugs.gnu.org>,
 "bug-guix <at> gnu.org" <bug-guix <at> gnu.org>
Subject: Re: bug#48649: Guix doesn't boot with LUKS root partition
Date: Tue, 25 May 2021 17:19:24 +0000

[Message part 1 (text/plain, inline)]

I tried to install Guix on unencrypted partition as well and it works.

So to sum up my issue:

/dev/nvme0n1p1 - 1.8TB, Linux (83)

cryptsetup luksFormat /dev/nvme0n1p1
cryptsetup open /dev/nvme0n1p1 luks
mkfs.ext4 -L system /dev/mapper/luks

mount LABEL=system /mnt
mkdir /mnt/etc

herd start cow-store /mnt

(bootloader
  (bootloader-configuration
    (bootloader grub-bootloader)
    (target "/dev/nvme0n1")))
(mapped-devices
  (list (mapped-device
          (source (uuid "..."))
          (target "luks")
          (type luks-device-mapping))))
(file-systems
  (cons* (file-system
           (mount-point "/")
           (device "/dev/mapper/luks")
           (type "ext4")
           (dependencies mapped-devices))
         %base-file-systems)))

guix system init /mnt/etc/config.scm /mnt
reboot

After inserting password to decrypt, I hit enter in boot menu, laptop freezes.

Attached are pictures from GRUB.


Best Regards,
J


‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, May 25, 2021 2:12 PM, Juraj Hlista <juraj <at> juraj.me> wrote:

> I installed Guix again, there is just single 2TB encrypted partition with ext4 on top.
>
> When booting, there is a prompt asking for a password to decrypt the partition, then there is the boot menu. When hitting enter the laptop gets stuck again just like before.
>
> Seems like an issue with grub?
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Tuesday, May 25, 2021 1:19 PM, Tobias Geerinckx-Rice me <at> tobias.gr wrote:
>
> > Juraj,
> > Juraj Hlista 写道：
> >
> > > mount LABEL=system-root /mnt
> > > mkdir /mnt/etc /mnt/boot
> > > mount LABEL=system-boot /mnt/boot
> >
> > Guix System doesn't support a separate /boot partition. Seehttp://issues.guix.gnu.org/48172.
> > I'll leave this bug unmerged with that one until we're sure that's your only issue:
> >
> > > I also tried to use unencrypted root partition (basically the > same as above, but without LUKS) and it works.
> >
> > Also with separate /boot? If so, maybe GRUB happens to look in the wrong right place (/ instead of /boot), or something else is going on.
> > Kind regards,
> > T G-R

[grub-console-2.jpeg (image/jpeg, attachment)]

[grub-console-3.jpeg (image/jpeg, attachment)]

[grub-console-1.jpeg (image/jpeg, attachment)]

Message #26 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Juraj Hlista <juraj <at> juraj.me>
To: Tobias Geerinckx-Rice <me <at> tobias.gr>
Cc: "48649 <at> debbugs.gnu.org" <48649 <at> debbugs.gnu.org>,
 "bug-guix <at> gnu.org" <bug-guix <at> gnu.org>
Subject: Re: bug#48649: Guix doesn't boot with LUKS root partition
Date: Wed, 26 May 2021 09:23:20 +0000

There has been some progress. I added this line:

(initrd-modules (cons* "i915" %base-initrd-modules))

to the config and it solved the issue with freezing the laptop.

Not sure how the i915 module is related to LUKS though.

Best Regards,
J

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, May 25, 2021 7:19 PM, Juraj Hlista <juraj <at> juraj.me> wrote:

> I tried to install Guix on unencrypted partition as well and it works.
>
> So to sum up my issue:
>
> /dev/nvme0n1p1 - 1.8TB, Linux (83)
>
> cryptsetup luksFormat /dev/nvme0n1p1
> cryptsetup open /dev/nvme0n1p1 luks
> mkfs.ext4 -L system /dev/mapper/luks
>
> mount LABEL=system /mnt
> mkdir /mnt/etc
>
> herd start cow-store /mnt
>
> (bootloader
> (bootloader-configuration
> (bootloader grub-bootloader)
> (target "/dev/nvme0n1")))
> (mapped-devices
> (list (mapped-device
> (source (uuid "..."))
> (target "luks")
> (type luks-device-mapping))))
> (file-systems
> (cons* (file-system
> (mount-point "/")
> (device "/dev/mapper/luks")
> (type "ext4")
> (dependencies mapped-devices))
> %base-file-systems)))
>
> guix system init /mnt/etc/config.scm /mnt
> reboot
>
> After inserting password to decrypt, I hit enter in boot menu, laptop freezes.
>
> Attached are pictures from GRUB.
>
> Best Regards,
> J
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Tuesday, May 25, 2021 2:12 PM, Juraj Hlista juraj <at> juraj.me wrote:
>
> > I installed Guix again, there is just single 2TB encrypted partition with ext4 on top.
> > When booting, there is a prompt asking for a password to decrypt the partition, then there is the boot menu. When hitting enter the laptop gets stuck again just like before.
> > Seems like an issue with grub?
> > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> > On Tuesday, May 25, 2021 1:19 PM, Tobias Geerinckx-Rice me <at> tobias.gr wrote:
> >
> > > Juraj,
> > > Juraj Hlista 写道：
> > >
> > > > mount LABEL=system-root /mnt
> > > > mkdir /mnt/etc /mnt/boot
> > > > mount LABEL=system-boot /mnt/boot
> > >
> > > Guix System doesn't support a separate /boot partition. Seehttp://issues.guix.gnu.org/48172.
> > > I'll leave this bug unmerged with that one until we're sure that's your only issue:
> > >
> > > > I also tried to use unencrypted root partition (basically the > same as above, but without LUKS) and it works.
> > >
> > > Also with separate /boot? If so, maybe GRUB happens to look in the wrong right place (/ instead of /boot), or something else is going on.
> > > Kind regards,
> > > T G-R

Message #32 received at 48649 <at> debbugs.gnu.org (full text, mbox):

From: Eric Brown <ecbrown <at> ericcbrown.com>
To: Juraj Hlista <juraj <at> juraj.me>
Cc: 48649 <at> debbugs.gnu.org, Tobias Geerinckx-Rice <me <at> tobias.gr>
Subject: Re: bug#48649: Guix doesn't boot with LUKS root partition
Date: Tue, 08 Jun 2021 12:24:23 -0500

Juraj Hlista <juraj <at> juraj.me> writes:

> There has been some progress. I added this line:
>
> (initrd-modules (cons* "i915" %base-initrd-modules))
>
> to the config and it solved the issue with freezing the laptop.
>
> Not sure how the i915 module is related to LUKS though.
>
> Best Regards,
> J
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Tuesday, May 25, 2021 7:19 PM, Juraj Hlista <juraj <at> juraj.me> wrote:
>
>> I tried to install Guix on unencrypted partition as well and it works.
>>
>> So to sum up my issue:
>>
>> /dev/nvme0n1p1 - 1.8TB, Linux (83)
>>
>> cryptsetup luksFormat /dev/nvme0n1p1
>> cryptsetup open /dev/nvme0n1p1 luks
>> mkfs.ext4 -L system /dev/mapper/luks
>>
>> mount LABEL=system /mnt
>> mkdir /mnt/etc
>>
>> herd start cow-store /mnt
>>
>> (bootloader
>> (bootloader-configuration
>> (bootloader grub-bootloader)
>> (target "/dev/nvme0n1")))
>> (mapped-devices
>> (list (mapped-device
>> (source (uuid "..."))
>> (target "luks")
>> (type luks-device-mapping))))
>> (file-systems
>> (cons* (file-system
>> (mount-point "/")
>> (device "/dev/mapper/luks")
>> (type "ext4")
>> (dependencies mapped-devices))
>> %base-file-systems)))
>>
>> guix system init /mnt/etc/config.scm /mnt
>> reboot
>>
>> After inserting password to decrypt, I hit enter in boot menu, laptop freezes.
>>
>> Attached are pictures from GRUB.
>>
>> Best Regards,
>> J
>>
>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>> On Tuesday, May 25, 2021 2:12 PM, Juraj Hlista juraj <at> juraj.me wrote:
>>
>> > I installed Guix again, there is just single 2TB encrypted partition with ext4 on top.
>> > When booting, there is a prompt asking for a password to decrypt
>> > the partition, then there is the boot menu. When hitting enter the
>> > laptop gets stuck again just like before.
>> > Seems like an issue with grub?
>> > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>> > On Tuesday, May 25, 2021 1:19 PM, Tobias Geerinckx-Rice me <at> tobias.gr wrote:
>> >
>> > > Juraj,
>> > > Juraj Hlista 写道：
>> > >
>> > > > mount LABEL=system-root /mnt
>> > > > mkdir /mnt/etc /mnt/boot
>> > > > mount LABEL=system-boot /mnt/boot
>> > >
>> > > Guix System doesn't support a separate /boot partition. Seehttp://issues.guix.gnu.org/48172.
>> > > I'll leave this bug unmerged with that one until we're sure that's your only issue:
>> > >
>> > > > I also tried to use unencrypted root partition (basically the
>> > > > > same as above, but without LUKS) and it works.
>> > >
>> > > Also with separate /boot? If so, maybe GRUB happens to look in
>> > > the wrong right place (/ instead of /boot), or something else is
>> > > going on.
>> > > Kind regards,
>> > > T G-R


In my experience, missing video drivers will cause the system to freeze
right when switching to GUI mode.

You may try to append:
nomodeset nosplash

to the grub configuration and get past it, but you will be in "console
mode" but at least you can take steps to get drivers.

Two passwords: it's a wonderful idea.  One for GRUB, which may contain
secrets, and then one to unlock the disk.

Message #35 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: Juraj Hlista <juraj <at> juraj.me>
Cc: "48649 <at> debbugs.gnu.org" <48649 <at> debbugs.gnu.org>,
 "bug-guix <at> gnu.org" <bug-guix <at> gnu.org>
Subject: Re: bug#48649: Guix doesn't boot with LUKS root partition
Date: Tue, 08 Jun 2021 23:39:08 +0200

[Message part 1 (text/plain, inline)]

Juraj Hlista 写道：
> Not sure how the i915 module is related to LUKS though.

Not, all all.  You should see the same apparent ‘freeze’ when 
booting the system without LUKS with ‘--repl’ on the kernel 
command line.

Linux prompts for the LUKS passphrase early, and (obviously :-) 
before the root file system is mounted.  The kernel needs to 
display this prompt.  The root file system contains all drivers. 
See the deadlock?

Adding i915 to the initrd will ensure that it is loaded before the 
initrd tries to mount / and asks you for the passphrase, so 
everything will work fine.  Building i915 into the kernel would 
have the same effect.

Kind regards,

T G-R

[signature.asc (application/pgp-signature, inline)]

Message #43 received at 48649-done <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Tobias Geerinckx-Rice <me <at> tobias.gr>
Cc: 48649-done <at> debbugs.gnu.org, Juraj Hlista <juraj <at> juraj.me>
Subject: Re: bug#48649: Guix doesn't boot with LUKS root partition
Date: Tue, 24 Aug 2021 00:11:23 -0400

Hello,

Tobias Geerinckx-Rice <me <at> tobias.gr> writes:

> Juraj Hlista 写道：
>> Not sure how the i915 module is related to LUKS though.
>
> Not, all all.  You should see the same apparent ‘freeze’ when booting
> the system without LUKS with ‘--repl’ on the kernel command line.
>
> Linux prompts for the LUKS passphrase early, and (obviously :-) before
> the root file system is mounted.  The kernel needs to display this
> prompt.  The root file system contains all drivers. See the deadlock?
>
> Adding i915 to the initrd will ensure that it is loaded before the
> initrd tries to mount / and asks you for the passphrase, so 
> everything will work fine.  Building i915 into the kernel would have
> the same effect.

Seems this issue was about not having a required video driver in the
init RAM disk, rather than LUKS support.

Closing.

Glad you got it solved!

Maxim

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.