Am 08.08.2014 09:12, schrieb Amadeusz Żołnowski: > First of all I advise to call dracut like that: > > dracut -H '' <kernel-version> > > it will generate host-specific initramfs for specified kernel version in > default location. Later edit variable GRUB_CMDLINE_LINUX_DEFAULT in > /etc/default/grub and put there parameters you want. After that > regenerate grub2 config with grub2-mkconfig. > > I hope that helps. :-) Ok... it was a while now. But I managed to boot my system. The -H flag wasn't needed. I put the boot configuration Opts in grub, and not dracut. Just for the documentation of it I have this setup: In /etc/default/grub GRUB_CMDLINE_LINUX="rd.auto rd.luks rd.luks.crypttab rd.luks.uuid=83e0aaa5-a8ad-4435-afff-0d52b1071fc3 rd.lvm rd.lvm.vg=boromir rd.md=0 rd.dm" The only really needed option was rd.auto (maybe other options now implies rd.auto). But the problem was a conflict between my installation, Debian's dracut and Debian's cryptsetup. When I installed my system and encrypted my /dev/sda5, I gave the encrypted partition the name sda5_crypt. This value was written in /etc/crypttab. So for accessing the partition at boot-time what is done is: cryptsetup luksOpen /dev/sda5 sda5_crypt When booting /etc/init.d/cryptdisks* looks for sda5_crypt, if it is there, it won't do anything and boot will continue. If it is not there, it asks for the passphrase and try to decrypt it. The problem was that dracut, when calling "cryptsetup luksOpen" won't use the name given in /etc/crypttab, but "luks-<UUID of the partition>". When /etc/init.d/cryptdisk* comes in, there is no sda5_crypt present, so it tried to decrypt the partition again, which is not possible, because it is actually already in use. My solution for the problem was to rename the decrypt volume in /etc/crypttab from "sda5_crypt" to "luks-<UUID of /dev/sda5>". So I use the same name dracut uses when calling cryptsetup and the Debian-init-scripts finds the device. I think the elegant solution would be in dracut, which could have a boot option to the name of the decrypted device (or read it from /etc/crypttab when creating the image), or the cryptdisks-init-scripts which could see if the encrypted device is already decrypted, and not only look if the name is present. I hope this can help any one with a similar problem. Thanks for the help, Claudio PS - I'll fill then a bug-report/wish for both Debian-Packages so they are aware of the problem. -- +- .''`. ---| Dipl.-Inf. Univ. Claudio Clemens |-------| wheezy |-----+ | : :' : asturio at gmx (.) net GNU/Linux User #79942 | | `. `' http://asturio.gmxhome.de/begin.html | | `- "YE GODS, I HAVE FEET??!" <- Userfriendly | "I will take the ring, though I do not know the way" Frodo Baggins
Attachment:
signature.asc
Description: OpenPGP digital signature
