Forum Stats

  • 3,770,097 Users
  • 2,253,066 Discussions
  • 7,875,311 Comments

Discussions

UEK 5.4 luks1 root parition - not prompting for passphrase on boot

I'm having an issue when using the UEK 5.4 kernel not prompting for my LUKS1 passphrase on boot. When I use the 4.18 RHCK kernel then I am prompted for my passphrase.

I have two kernels installed:

  • 4.18.0 RHCK (this works and prompts for my luks1 passphrase on boot)
  • 5.4.17 UEK (this does not prompt for passphrase on boot)

I thought that my initramfs for 5.4.17 might not have the software necessary to support luks1 so I changed /etc/dracut.conf to contain

add_dracutmodules+=" crypt lvm "

and ran sudo dracut --regenerate-all -f followed by sudo grub2-mkconfig -o /boot/grub2/grub.cfg but this has not made a difference.

I have disabled plymouth and seem to be getting the same behaviour. I've noticed that the 5.4 kernel is Oracle's UEK and the 4.18 is RHCK. When I set the boot cmdline to rd.debug I can see dracut is waiting for the luks volume to be mounted.


My /etc/crypttab reads as follows

luks-c9c5815a-a8b9-4a28-911c-7f83b7961518 UUID=c9c5815a-a8b9-4a28-911c-7f83b7961518 none luks,discard

and /etc/fstab

#
# /etc/fstab
# Created by anaconda on Fri Oct 29 22:54:36 2021
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
/dev/mapper/luks-c9c5815a-a8b9-4a28-911c-7f83b7961518 /                       xfs     defaults,x-systemd.device-timeout=0 0 0
UUID=d5d6fe8b-a551-4e0c-9749-b853ebc4286e /boot                   ext4    defaults        1 2
UUID=BA99-B27D          /boot/efi               vfat    umask=0077,shortname=winnt 0 2
UUID=9b7647f5-611e-438d-9cb8-839ae45e17ad none                    swap    defaults        0 0

and /etc/grub2-efi.cfg

#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub2-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
set pager=1

if [ -f ${config_directory}/grubenv ]; then
  load_env -f ${config_directory}/grubenv
elif [ -s $prefix/grubenv ]; then
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="${saved_entry}"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
    saved_entry="${chosen}"
    save_env saved_entry
  fi
}

function load_video {
  if [ x$feature_all_video_module = xy ]; then
    insmod all_video
  else
    insmod efi_gop
    insmod efi_uga
    insmod ieee1275_fb
    insmod vbe
    insmod vga
    insmod video_bochs
    insmod video_cirrus
  fi
}

terminal_output console
if [ x$feature_timeout_style = xy ] ; then
  set timeout_style=menu
  set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
  set timeout=5
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/00_tuned ###
set tuned_params=""
set tuned_initrd=""
### END /etc/grub.d/00_tuned ###

### BEGIN /etc/grub.d/01_users ###
if [ -f ${prefix}/user.cfg ]; then
  source ${prefix}/user.cfg
  if [ -n "${GRUB2_PASSWORD}" ]; then
    set superusers="root"
    export superusers
    password_pbkdf2 root ${GRUB2_PASSWORD}
  fi
fi
### END /etc/grub.d/01_users ###

### BEGIN /etc/grub.d/08_fallback_counting ###
insmod increment
# Check if boot_counter exists and boot_success=0 to activate this behaviour.
if [ -n "${boot_counter}" -a "${boot_success}" = "0" ]; then
  # if countdown has ended, choose to boot rollback deployment,
  # i.e. default=1 on OSTree-based systems.
  if  [ "${boot_counter}" = "0" -o "${boot_counter}" = "-1" ]; then
    set default=1
    set boot_counter=-1
  # otherwise decrement boot_counter
  else
    decrement boot_counter
  fi
  save_env boot_counter
fi
### END /etc/grub.d/08_fallback_counting ###

### BEGIN /etc/grub.d/10_linux ###
insmod part_gpt
insmod ext2
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root  d5d6fe8b-a551-4e0c-9749-b853ebc4286e
else
  search --no-floppy --fs-uuid --set=root d5d6fe8b-a551-4e0c-9749-b853ebc4286e
fi
insmod part_gpt
insmod fat
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=boot  BA99-B27D
else
  search --no-floppy --fs-uuid --set=boot BA99-B27D
fi

# This section was generated by a script. Do not modify the generated file - all changes
# will be lost the next time file is regenerated. Instead edit the BootLoaderSpec files.
#
# The blscfg command parses the BootLoaderSpec files stored in /boot/loader/entries and
# populates the boot menu. Please refer to the Boot Loader Specification documentation
# for the files format: https://www.freedesktop.org/wiki/Specifications/BootLoaderSpec/.

# The kernelopts variable should be defined in the grubenv file. But to ensure that menu
# entries populated from BootLoaderSpec files that use this variable work correctly even
# without a grubenv file, define a fallback kernelopts variable if this has not been set.
#
# The kernelopts variable in the grubenv file can be modified using the grubby tool or by
# executing the grub2-mkconfig tool. For the latter, the values of the GRUB_CMDLINE_LINUX
# and GRUB_CMDLINE_LINUX_DEFAULT options from /etc/default/grub file are used to set both
# the kernelopts variable in the grubenv file and the fallback kernelopts variable.
if [ -z "${kernelopts}" ]; then
  set kernelopts="root=UUID=81c8af7a-3a0b-4934-801f-0d49f74b5798 ro crashkernel=auto resume=UUID=9b7647f5-611e-438d-9cb8-839ae45e17ad rd.luks.uuid=luks-c9c5815a-a8b9-4a28-911c-7f83b7961518 rhgb quiet "
fi

insmod blscfg
blscfg
### END /etc/grub.d/10_linux ###

### BEGIN /etc/grub.d/10_reset_boot_success ###
# Hiding the menu is ok if last boot was ok or if this is a first boot attempt to boot the entry
if [ "${boot_success}" = "1" -o "${boot_indeterminate}" = "1" ]; then
  set menu_hide_ok=1
else
  set menu_hide_ok=0 
fi
# Reset boot_indeterminate after a successful boot
if [ "${boot_success}" = "1" ] ; then
  set boot_indeterminate=0
# Avoid boot_indeterminate causing the menu to be hidden more then once
elif [ "${boot_indeterminate}" = "1" ]; then
  set boot_indeterminate=2
fi
# Reset boot_success for current boot 
set boot_success=0
save_env boot_success boot_indeterminate
### END /etc/grub.d/10_reset_boot_success ###

### BEGIN /etc/grub.d/12_menu_auto_hide ###
if [ x$feature_timeout_style = xy ] ; then
  if [ "${menu_show_once}" ]; then
    unset menu_show_once
    save_env menu_show_once
    set timeout_style=menu
    set timeout=60
  elif [ "${menu_auto_hide}" -a "${menu_hide_ok}" = "1" ]; then
    set orig_timeout_style=${timeout_style}
    set orig_timeout=${timeout}
    if [ "${fastboot}" = "1" ]; then
      # timeout_style=menu + timeout=0 avoids the countdown code keypress check
      set timeout_style=menu
      set timeout=0
    else
      set timeout_style=hidden
      set timeout=1
    fi
  fi
fi
### END /etc/grub.d/12_menu_auto_hide ###

### BEGIN /etc/grub.d/20_linux_xen ###

### END /etc/grub.d/20_linux_xen ###

### BEGIN /etc/grub.d/20_ppc_terminfo ###
### END /etc/grub.d/20_ppc_terminfo ###

### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###

### BEGIN /etc/grub.d/30_uefi-firmware ###
menuentry 'System setup' $menuentry_id_option 'uefi-firmware' {
	fwsetup
}
### END /etc/grub.d/30_uefi-firmware ###

### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###

### BEGIN /etc/grub.d/41_custom ###
if [ -f  ${config_directory}/custom.cfg ]; then
  source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f  $prefix/custom.cfg ]; then
  source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###

and /etc/default/grub

GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto resume=UUID=9b7647f5-611e-438d-9cb8-839ae45e17ad rd.luks.uuid=luks-c9c5815a-a8b9-4a28-911c-7f83b7961518 rhgb quiet"
GRUB_DISABLE_RECOVERY="true"
GRUB_ENABLE_BLSCFG=true

My disk layout is as follows:

$ sudo lsblk -o name,uuid,mountpoint                                                               Tue 02 Nov 2021 08:52:04 GMT
NAME                                          UUID                                 MOUNTPOINT
loop0                                                                              /var/lib/snapd/snap/gnome-3-28-1804/161
loop1                                                                              /var/lib/snapd/snap/gtk-common-themes/1519
loop2                                                                              /var/lib/snapd/snap/spotify/53
loop3                                                                              /var/lib/snapd/snap/bare/5
loop4                                                                              /var/lib/snapd/snap/core18/2246
loop5                                                                              /var/lib/snapd/snap/snapd/13640
sda
└─sda1                                        BD40-1DE7                            /run/media/wilprice/WILL
nvme0n1
├─nvme0n1p1                                   BA99-B27D                            /boot/efi
├─nvme0n1p2                                   c9c5815a-a8b9-4a28-911c-7f83b7961518
│ └─luks-c9c5815a-a8b9-4a28-911c-7f83b7961518 81c8af7a-3a0b-4934-801f-0d49f74b5798 /
├─nvme0n1p3                                   9b7647f5-611e-438d-9cb8-839ae45e17ad [SWAP]
└─nvme0n1p4                                   d5d6fe8b-a551-4e0c-9749-b853ebc4286e /boot


Answers

  • Try capturing the entire boot messages for both working and not working kernel versions, and compare the two. That may point out where things are going wrong. You may want to add "debug" to the kernel command line to get more log detail.

  • User_QS0R0
    User_QS0R0 Posts: 3 Employee

    Hi Herbert,

    Thank you for your response. I'm not sure how to capture the debug logs as it seems the boot sequence ends up looping via a shell script that checks whether the LUKS partition has been mounted. I figure I need to set rd.break correctly.

  • User_QS0R0
    User_QS0R0 Posts: 3 Employee

    I figured out the issue--my BIOS set up on my Latitude 7420 was set to "RAID on" which requires some additional modules to support. It seems the RHCK bundles this, but not the UEK one. When I set my SATA/NVM-e controller to "AHCI/NVMe mode" instead of "RAID on" I was able to boot the UEK kernel.