#"dracut warning could not boot /dev/mapper/crypt does not exist"

@low ginkgo

that warning is from grub, more or less

grub sets the root= based on your current root, in the chroot it is /dev/mapper/crypt

how is your command line set?

I think you should be giving dracut the uuid of the luks partition

https://wiki.gentoo.org/wiki/Full_Disk_Encryption_From_Scratch_Simplified#Initramfs_configuration
under the "embed cmdline parameters for rootfs decryption"

you may need to add the "root=UUID=x" line to your dracut conf, im used a label for mine

info on that root= was on the rootfs page but not the FDE page, fixing that

i think dracut ends up making a mapped volume named "luks-uuid" and if you forced it to use the name "crypt" as it was in the install, that may work

you shouldn't need to compile a custom kernel to use an initramfs with grub

you may need to edit your grub commandline too, you can see that in /boot/grub/grub.cfg i think

if you're interested, you can try to extract and embed your initramfs, i prefer to do that, so i can sign all of it and secure boot

its more advanced and you have to compile the kernel once, install the modules, build the initramfs, extract it, then compile the kernel again so it has the latest modules

but it results in a single file you can boot with, you don't even need grub at that point

here's my dracut conf:

add_dracutmodules+=" crypt "

# Omit the nvidia driver from the ramdisk, to avoid needing to regenerate
# the ramdisk on updates.
omit_drivers+=" nvidia nvidia-drm nvidia-modeset nvidia-uvm "

compress="zstd"

and my kernel cmdline:

root=/dev/mapper/data-root rd.luks=1 rd.luks.name=<uuid>=crypt rd.luks.options=discard rootfstype=btrfs rootflags=subvol=@,discard=async,noatime,defaults

?

Hm, so what does your CMDline look like now?

And what does dracut think it is

You might need to build without hostonly

Until you're self-hosting.

Well that's what the rd.luks.name bit is for

Let's see the output of a dracut too, please.

And finally, are you using the dist-kernel at this point?

Sorry, I'm kind of shotgunning solutions

Just thinking of all the pitfalls I've ever hit.

Try replacing the cryptdevice bit

rd.luks.name=uuid=crypt

That just helps rule out a weird kernel config

Also rd.luks.options

(you missed the s)

Oh right, also the cryptdevice syntax is probably wrong

I'm not 100% but I suspect

cryptdevice=/dev/mapper/nvme0n1p3:crypt ` should be /dev/

I.e. the mapper will put crypt under /dev/mapper - if you're giving it a device that will be /dev/nvme0n1p3

Oh right. 🙂

Are you familiar with wgetpaste?

You can emerge that, and then 'wgetpaste -c 'command''

To upload to a Pastebin

-s 0x0 for big pastes as it has an insane limit

You can also wgetpaste /path/to/file

Yeah that looks fine.

Let's see if it likes the other syntax I guess?

that should be the uuid of the luks container

sorry abouth the delay 😦

1 sec

For partitions:

# blkid -f

NAME             FSTYPE      FSVER    LABEL UUID                                   FSAVAIL FSUSE% MOUNTPOINTS
nvme0n1                                                                                           
|-nvme0n1p1      vfat        FAT32    BOOT  AFAT-UUID                                 3.6G    10% /boot
`-nvme0n1p2      crypto_LUKS 2              ABCDE                  
  `-crypt        LVM2_member LVM2 001       FGHIJ                
    `-data-root  btrfs                      KLMNO                                   204.7G    78% /var/lib/docker/btrfs
                                                                                                  /home
                                                                                                  /swap
                                                                                                  /

this kernel cmdline:

root=/dev/mapper/data-root rd.luks=1 rd.luks.name=ABCDE=crypt rd.luks.options=discard rootfstype=btrfs rootflags=subvol=@,discard=async,noatime,defaults

so that's luks over lvm

which seems to be what you've done

or even without lvm, device mapper will just be crpyt as root instead

can you show the actual config lines you're using, as well as your blkid -f?

you have 2 root=options

treat the kernel command line like it's a command line you pass to some program

other than that it looks mostly fine, you say the boot "didn't work" but what does that even mean?

if you're using dracut and it fails it should give you a recovery shell

you should be able to use that to manually mount things and check stuff out

there isn't really a 1 size fits all solution for an encrypted root filesystem, several pieces have to work together or it doen't boot, it's not really an easy task

i mean within the initramfs

when it fails it shouod give you a shell

it seems to be telling you that /dev/mapper/crypt is not mounted

so you didn't make the initramfs correctly and it'

s not decrypting your stuff

you can try to manually do it within the initramfs to see if its just misconfigured or missing components

it's probably not mountd there unless you told dracut to give the mapped volume a name

you're going to need to help yourself some and read the manual for dracut

if you aren't comfortable changing your initramfs paramaters an encrypted root filesystem probably isn't for you

every time you upgrade your kernel you're going to be mindful of this stuff or your system won't boot

nice, that is what i did too honestly

you can set up another partition that is encrypted, and then try to boot to that

you can also use something like KVM to direct boot a kernel/initramfs you amek