Grub2 not prompting for LUKS partition password on boot

Issues related to applications and software problems
Post Reply
sha512
Posts: 1
Joined: 2018/02/22 07:33:33

Grub2 not prompting for LUKS partition password on boot

Post by sha512 » 2018/02/22 07:47:45

Hi Guys,

I am trying to encrypt my root disk, which was a success. However, when I update my grub config, and reboot the machine, grub does not prompt me for a pword (for the disk) and continues to load, and subsequently hangs because it cannot mount /dev/mapper/luks-f8c9c2cb-88ed-4437-bb34-748b19986141. I've been trying to fix this for hours on end and am at my wits end. Below is my configuration:

Code: Select all

root:/# blkid
/dev/sdb2: UUID="f8c9c2cb-88ed-4437-bb34-748b19986141" TYPE="crypto_LUKS"
/dev/sdb1: UUID="703ba0f8-0019-44ec-87a2-fd8656499c94" TYPE="ext2"
/dev/mapper/luks-f8c9c2cb-88ed-4437-bb34-748b19986141: UUID="d60ff705-f4c9-4ef2-8575-58b33a5b543f" TYPE="xfs"

Code: Select all

root:/# cat /etc/crypttab
luks-f8c9c2cb-88ed-4437-bb34-748b19986141       /dev/sda2       none    luks

Code: Select all

root:/# cat /etc/fstab
/dev/sda1       /boot   ext2    defaults        0 0
/dev/mapper/luks-f8c9c2cb-88ed-4437-bb34-748b19986141 / xfs     defaults        1 2

Code: Select all

root:/# cat /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.luks.uuid=luks-f8c9c2cb-88ed-4437-bb34-748b19986141 rhgb quiet"
GRUB_DISABLE_RECOVERY="true"

Code: Select all

### BEGIN /etc/grub.d/10_linux ###
menuentry 'CentOS Linux (3.10.0-693.17.1.el7.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-693.17.1.el7.x86_64-advanced-d60ff705-f4c9-4ef2-8575-58b33a5b543f' {
        load_video
        set gfxpayload=keep
        insmod gzio
        insmod part_msdos
        insmod xfs
        set root='hd1,msdos1'
        if [ x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root --hint-bios=hd1,msdos1 --hint-efi=hd1,msdos1 --hint-baremetal=ahci1,msdos1  703ba0f8-0019-44ec-87a2-fd8656499c94
        else
          search --no-floppy --fs-uuid --set=root 703ba0f8-0019-44ec-87a2-fd8656499c94
        fi
        linux16 /vmlinuz-3.10.0-693.17.1.el7.x86_64 root=UUID=d60ff705-f4c9-4ef2-8575-58b33a5b543f ro crashkernel=auto rd.luks.uuid=luks-f8c9c2cb-88ed-4437-bb34-748b19986141 rhgb quiet
        initrd16 /initramfs-3.10.0-693.17.1.el7.x86_64.img
}

### END /etc/grub.d/10_linux ###

Any advise would be much appreciated!

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Grub2 not prompting for LUKS partition password on boot

Post by TrevorH » 2018/02/22 10:11:20

I'm pretty sure that the bug where you need to remove rhgb quiet from the kernel command line to use encryption has not been fixed so you need to remove those to be prompted for the passphrase. I also think you need to add some dracut switches to the kernel command line and reading man dracut.cmdline suggests that you'll need at least rd.luks.uuid=
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply