boot sequence runs cryptsetup only after mount of rootfs

Post Reply
brandonmalbow
Posts: 1
Joined: Wed May 04, 2022 4:06 pm
languages_spoken: english
ODROIDs: HC1, HC2, HC4
Has thanked: 0
Been thanked: 0
Contact:

boot sequence runs cryptsetup only after mount of rootfs

Post by brandonmalbow »

My goal is to have full disc encryption for my odorid hc 4 boards. Specifically my setup looks like this

Code: Select all

root@odroid:~# blkid 
/dev/mmcblk1p1: SEC_TYPE="msdos" LABEL_FATBOOT="BOOT" LABEL="BOOT" UUID="F702-39CB" TYPE="vfat" PARTUUID="03823826-01"
/dev/mmcblk1p2: LABEL="rootfs" UUID="e139ce78-9841-40fe-8823-96a304a09859" TYPE="ext4" PARTUUID="03823826-02"
/dev/sda1: UUID="a8d382e8-f4f2-43d3-bbf2-5c294732cef2" TYPE="crypto_LUKS" PARTUUID="b934a950-6971-a848-84f7-a552d97d1e1b"
/dev/mapper/chot: UUID="SlIQ8v-Sw36-HU03-bWFc-OTG3-2tbz-zIgHVz" TYPE="LVM2_member"
/dev/mapper/vghot-root: LABEL="root" UUID="84829975-7387-4fa5-b12c-e2044f62e278" TYPE="ext4"
/dev/mapper/vghot-hotstorage: LABEL="hotstorage" UUID="5491778f-c785-4a61-9d8c-ab84a48ba6be" TYPE="ext4"
where
- mmcblk1p1 contains (unencrpyted) boot and a keyfile to unlock the luks lvm
- mmcblk1p2 will be deleted once my setup runs successfully
- sda1 is a ssd containing the luks lvm chot
- vghot-root is a rsync copy of mmcblk1p2 and the target root fs

my crypttab is:

Code: Select all

root@odroid:~# cat /etc/crypttab 
# <target name>	<source device>		<key file>	<options>
chot UUID=a8d382e8-f4f2-43d3-bbf2-5c294732cef2 /media/boot/keyfile luks,initramfs
Using (unencrypted) mmcblk1p2 as rootfs runs smoothly and I am able to automatically unlock and mount the luks lvm via fstab as /newroot during boot.
Using (encrypted) vghot-root as rootfs, however, always stops with the message "Waiting for root device UUID=.....". I therefore assume that cryptsetup is not yet called, and vghot-root therefore not unlocked at the moment of this mount call.
The attached journalctl.log of a boot-process from sd-card seems to support that assumption as it lists mounting the rootfs prior to the cryptsetup calls.

After three days of trial and error with initramfs and the boot.ini, I am out of ideas. Do you guys have any idea what I could try next? Where can I find documentation on the bootargs?

Below, I also attached the relevant part of the boot.ini including different options that I tried:

Code: Select all

# Boot Args
# working boot with sd-card rootfs and automount
setenv bootargs "root=UUID=e139ce78-9841-40fe-8823-96a304a09859 rootwait rw ${condev} ${amlogic} no_console_suspend fsck.repair=yes net.ifnames=0 elevator=noop hdmimode=${hdmimode} cvbsmode=576cvbs max_freq_a55=${max_freq_a55} maxcpus=${maxcpus} voutmode=${voutmode} ${cmode} disablehpd=${disablehpd} cvbscable=${cvbscable} overscan=${overscan} ${hid_quirks} monitor_onoff=${monitor_onoff} logo=osd0,loaded ${cec_enable} sdrmode=${sdrmode} enable_wol=${enable_wol}"

# the encrypted root device:

# setenv bootargs "root=UUID=84829975-7387-4fa5-b12c-e2044f62e278 rootwait rw ${condev} ${amlogic} no_console_suspend fsck.repair=yes net.ifnames=0 elevator=noop hdmimode=${hdmimode} cvbsmode=576cvbs max_freq_a55=${max_freq_a55} maxcpus=${maxcpus} voutmode=${voutmode} ${cmode} disablehpd=${disablehpd} cvbscable=${cvbscable} overscan=${overscan} ${hid_quirks} monitor_onoff=${monitor_onoff} logo=osd0,loaded ${cec_enable} sdrmode=${sdrmode} enable_wol=${enable_wol}"

# some kernel options that I found in other forums
# setenv bootargs "root=/dev/mapper/vghot-root cryptdevice=/dev/sda1:chot rootwait rw ${condev} ${amlogic} no_console_suspend fsck.repair=yes net.ifnames=0 elevator=noop hdmimode=${hdmimode} cvbsmode=576cvbs max_freq_a55=${max_freq_a55} maxcpus=${maxcpus} voutmode=${voutmode} ${cmode} disablehpd=${disablehpd} cvbscable=${cvbscable} overscan=${overscan} ${hid_quirks} monitor_onoff=${monitor_onoff} logo=osd0,loaded ${cec_enable} sdrmode=${sdrmode} enable_wol=${enable_wol}"
# setenv bootargs "root=/dev/mapper/vghot-root cryptdevice=/dev/sda1:vghot rootwait rw ${condev} ${amlogic} no_console_suspend fsck.repair=yes net.ifnames=0 elevator=noop hdmimode=${hdmimode} cvbsmode=576cvbs max_freq_a55=${max_freq_a55} maxcpus=${maxcpus} voutmode=${voutmode} ${cmode} disablehpd=${disablehpd} cvbscable=${cvbscable} overscan=${overscan} ${hid_quirks} monitor_onoff=${monitor_onoff} logo=osd0,loaded ${cec_enable} sdrmode=${sdrmode} enable_wol=${enable_wol}"
# setenv bootargs "cryptopts=target=chot,source=/dev/sda1,lvm=vghot root=/dev/mapper/vghot-root rootwait rw ${condev} ${amlogic} no_console_suspend fsck.repair=yes net.ifnames=0 elevator=noop hdmimode=${hdmimode} cvbsmode=576cvbs max_freq_a55=${max_freq_a55} maxcpus=${maxcpus} voutmode=${voutmode} ${cmode} disablehpd=${disablehpd} cvbscable=${cvbscable} overscan=${overscan} ${hid_quirks} monitor_onoff=${monitor_onoff} logo=osd0,loaded ${cec_enable} sdrmode=${sdrmode} enable_wol=${enable_wol}"
# setenv bootargs "rd.luks.uuid=a8d382e8-f4f2-43d3-bbf2-5c294732cef2 root=/dev/mapper/vghot-root rootwait rw ${condev} ${amlogic} no_console_suspend fsck.repair=yes net.ifnames=0 elevator=noop hdmimode=${hdmimode} cvbsmode=576cvbs max_freq_a55=${max_freq_a55} maxcpus=${maxcpus} voutmode=${voutmode} ${cmode} disablehpd=${disablehpd} cvbscable=${cvbscable} overscan=${overscan} ${hid_quirks} monitor_onoff=${monitor_onoff} logo=osd0,loaded ${cec_enable} sdrmode=${sdrmode} enable_wol=${enable_wol}"
Attachments
journal.log
(98.48 KiB) Downloaded 5 times

Post Reply

Return to “Ubuntu”

Who is online

Users browsing this forum: No registered users and 1 guest