I'm not the right person to comment reliably on this, because I don't use systemd and do not use LVM, but until someone else chimes in I'll give it a go ... :-)
On Sunday, 16 June 2024 09:04:26 BST Alexander Puchmayr wrote:
Hi there,
I just tried to prepare my new laptop for UFEI+secureboot by creating a single unified kernel image including kernel,initrd,microcode,etc.
NB: The partition layout has a vfat/Efi partition and a luks encrypted lvm container holding SYS(Root), Data(home) and swap.
I added uki and ukify use flags to installkernel and systemd, checked the configuration again and configured the kernel by emerge --config sys-kernel/ gentoo-kernel.
Bulding the kernel image seems to work fine, the log messages say its creating a initrd using dracut, creating a efi file, signing it properly and even installs it under /boot/efi/EFI/Linux.
Why is the ESP mounted under /boot/efi, instead of /efi?
https://wiki.gentoo.org/wiki/EFI_System_Partition#Mount_point
When booting it, it loads the kernel and then seems to get stuck:
Timed out waiting for device /dev/gpt-auto-root
Dependency failed for File System Check in /dev/gpt-auto-root
Dependency failed for Root Partition
Dependency failed for Initrd Root File System
Dependency failed for Initrd Mountpoints Configured in the Real Root Dependency failed for Initrd Root Device
The gpt-auto-root is a script which tries to automatically detect and mount the root fs. Did you create your partition(s) with GPT and did you select the correct partition type "Linux Root (x86-64)" to make sure the partition GUID code for LUKS is correct according to the Discoverable Partitions Specification? If you used fdisk, you'll probably need to add the partition type GUID code manually, as advised in the Handbook. Press -i in fdisk to find out what it currently is set as.
Then it ends up in an emergency shell.
There's a log in /run/initramfs/rdsosreport.txt, which reveals that it
does
not find my encrypted lvm partition (LUKS encrypted lvm container holding SYS, DATA, SWAP, etc), which obviously needs to be setup first. Seems like some boot parameter is missing.
Did you configure dracut to include the necessary modules and to add the corresponding LUKS and LVM UUIDs?
https://wiki.gentoo.org/wiki/ Full_Disk_Encryption_From_Scratch#Initramfs_configuration
Checking systemd's USE flags: Relevant flags lvm + cryptsetup + boot + secureboot use flags are set
To me it looks like as if its missing information which partition to use for decrypting/mounting, and which lvm volume to use as real-root.
Is this a dracut configuration? A systemd configruation? An installkernel configuration? Something else?
Thanks
Alex
I think this is a dracut configuration issue, because systemd's 'kernel- install' setup is relatively straight forward:
https://wiki.gentoo.org/wiki/Installkernel#Systemd_kernel-install_.28USE.3D. 2Bsystemd.29
If the problem is with dracut as I suspect, you may find 'sys-kernel/ugrd' easier than dracut for your type of installation, but dracut should work too if correctly configured.
HTH.
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 546 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 147:53:38 |
| Calls: | 10,383 |
| Calls today: | 8 |
| Files: | 14,054 |
| D/L today: |
2 files (1,861K bytes) |
| Messages: | 6,417,737 |