Encrypted boot partition - mkinitrd - stuck with error

Dear all.
I am trying to set up a laptop with an encrypted boot partition using the howto available at Encrypted Root File System - openSUSE and OpenSuse 11.1.
To make a sad story short: the whole howto works fine up the point when it says “now let’s create a new initial ram disk”. Well, running both scripts (the one proposed first but also in alternative doing the way proposed below, with the new scripts to be copied) ends up with an error saying that /dev/sda2 doesn’t exists. That is really puzzling me, because it opens well with luksOpen and gives correct answer with luksDump. I attach the error I get with the second method below.
Anyone with a suggestion on where I am running into the error?:confused:

Begin terminal output:

linux-qw4u:/boot # mkinitrd -v -d /dev/mapper/root -f “dm luks”

[prepare.sh]
Kernel image: /boot/vmlinuz-2.6.27.7-9-pae
Initrd image: /boot/initrd-2.6.27.7-9-pae
[splashy.sh]
[start.sh]
[udev.sh]
[usb.sh]
[storage.sh]
[DIRTY] resumedev = /dev/disk/by-id/ata-WDC_WD3200BJKT-00F4T0_WD-WXE908A22475-part2
Root device: /dev/mapper/root (mounted on / as ext3)
Resume device: /dev/disk/by-id/ata-WDC_WD3200BJKT-00F4T0_WD-WXE908A22475-part2 (/dev/sda2)
[luks.sh] /dev/mapper/root /dev/sda2 /dev/mapper/swap
[DEBUG] bd = /dev/mapper/root
[DEBUG] luks_blockmajor = 253
[DEBUG] luks_blockminor = 1
[DEBUG] return value = 0
[DEBUG] luksbd = /dev/sda3
[DEBUG] luksbd = /dev/sda3 after update_blockdev()
[DEBUG] luks = root
[DEBUG] luks_blockdev = /dev/sda3
[DEBUG] bd = /dev/sda2
[DEBUG] luks_blockmajor = 8
[DEBUG] luks_blockminor = 2
[DEBUG] return value = 0
[DEBUG] luksbd = /dev/sda2
[DEBUG] luksbd = /dev/sda2 after update_blockdev()
Device does not exist.
Command failed
[DEBUG] luks = root
[DEBUG] luks_blockdev = /dev/sda3 /dev/sda2
[DEBUG] luks_blockdev = /dev/sda3 /dev/sda2 /dev/sda2
[DEBUG] bd = /dev/mapper/swap
[DEBUG] luks_blockmajor = 253
[DEBUG] luks_blockminor = 0
[DEBUG] return value = 0
[DEBUG] luksbd = /dev/sda2
[DEBUG] luksbd = /dev/sda2 after update_blockdev()
[DEBUG] luks = root swap
[DEBUG] luks_blockdev = /dev/sda3 /dev/sda2 /dev/sda2 /dev/sda2
[DEBUG] blockdev = /dev/sda3 /dev/sda2 /dev/sda2 /dev/sda2
Only english keyboard layout supported.
Please ensure that the password is typed correctly.
[DEBUG] cryptmodules = crypto_blkcipher
[DEBUG] cryptmodules = crypto_blkcipher cbc
[DEBUG] cryptmodules = crypto_blkcipher cbc sha1_generic
[DEBUG] cryptmodules = crypto_blkcipher cbc sha1_generic sha256_generic
[DEBUG] cryptmodules = crypto_blkcipher cbc sha1_generic sha256_generic sha256_generic
[DEBUG] cryptmodules = crypto_blkcipher cbc sha1_generic sha256_generic sha256_generic aes_i586
[DEBUG] cryptmodules = crypto_blkcipher cbc sha1_generic sha256_generic sha256_generic aes_i586 aes_generic
[DEBUG] cryptmodules = crypto_blkcipher cbc sha1_generic sha256_generic sha256_generic aes_i586 aes_generic ecb
[DEBUG] cryptmodules = crypto_blkcipher cbc sha1_generic sha256_generic sha256_generic aes_i586 aes_generic ecb arc4
[DEBUG] root_luks = 1
[DEBUG] luks = root swap
[DEBUG] cryptmodules = crypto_blkcipher cbc sha1_generic sha256_generic sha256_generic aes_i586 aes_generic ecb arc4
[DEBUG] luks_lang = POSIX
[lvm2.sh] /dev/sda3 /dev/sda2 /dev/sda2 /dev/sda2
[md.sh] /dev/sda3 /dev/sda2 /dev/sda2 /dev/sda2
[kpartx.sh] /dev/sda3 /dev/sda2 /dev/sda2 /dev/sda2
[dmraid.sh] /dev/sda3 /dev/sda2 /dev/sda2 /dev/sda2
[multipath.sh] /dev/sda3 /dev/sda2 /dev/sda2 /dev/sda2
[dm.sh] /dev/sda3 /dev/sda2 /dev/sda2 /dev/sda2
[blockpartition.sh] /dev/sda3 /dev/sda2 /dev/sda2 /dev/sda2
[block.sh] /dev/sda
[BLOCK] /dev/sda → ata_piix
[BLOCK] /dev/sda → sd_mod
[cifs.sh] /dev/sda
[firewire.sh] /dev/sda
[nfs.sh] /dev/sda
[network.sh] /dev/sda
[acpi.sh] /dev/sda
[modules.sh] /dev/sda
[MODULES] 02-start.sh: processor thermal ata_piix ata_generic ide_pci_generic fan jbd ext3 edd
[MODULES] 03-dm.sh: dm-crypt
[MODULES] 03-dm.sh: dm-mod
[MODULES] 03-dm.sh: dm-snapshot
[MODULES] 03-storage.sh: ext3
[MODULES] 11-block.sh: ata_piix sd_mod
[MODULES] 11-usb.sh: usbcore
[MODULES] 11-usb.sh: ohci_hcd
[MODULES] 11-usb.sh: uhci-hcd
[MODULES] 11-usb.sh: ehci_hcd
[MODULES] 11-usb.sh: usbhid
[MODULES] 71-luks.sh: dm-crypt
[MODULES] 71-luks.sh: crypto_blkcipher cbc sha1_generic sha256_generic sha256_generic aes_i586 aes_generic ecb arc4
Kernel Modules: hwmon thermal_sys processor thermal dock scsi_mod libata ata_piix ata_generic ide-core ide-pci-generic fan jbd mbcache ext3 edd crypto_blkcipher dm-mod dm-crypt dm-snapshot crc-t10dif sd_mod usbcore ohci-hcd uhci-hcd ehci-hcd ff-memless hid usbhid cbc sha1_generic sha256_generic aes_generic aes-i586 ecb arc4
[mount.sh] /dev/sda
[MOUNT] Root: /dev/mapper/root
[progs.sh] /dev/sda
Features: dm block usb luks resume.userspace resume.kernel
[splash.sh] /dev/sda
Bootsplash: openSUSE (1280x800)
[vendor.sh] /dev/sda
[sharedlibs.sh] /dev/sda
Shared libs: lib/ld-2.9.so lib/libacl.so.1.1.0 lib/libattr.so.1.1.0 lib/libblkid.so.1.0 lib/libc-2.9.so lib/libcom_err.so.2.1 lib/libcryptsetup.so.0.0.0 lib/libdevmapper.so.1.02 lib/libdl-2.9.so lib/libe2p.so.2.3 lib/libext2fs.so.2.4 lib/libgcc_s.so.1 lib/libgcrypt.so.11.4.4 lib/libgpg-error.so.0.4.0 lib/liblzo2.so.2.0.0 lib/libncurses.so.5.6 lib/libpopt.so.0.0.0 lib/libpthread-2.9.so lib/libreadline.so.5.2 lib/librt-2.9.so lib/libselinux.so.1 lib/libsepol.so.1 lib/libsysfs.so.2.0.1 lib/libutil-2.9.so lib/libuuid.so.1.2 lib/libvolume_id.so.1.0.1 lib/libz.so.1.2.3 usr/lib/libdirect-1.2.so.0.3.0 usr/lib/libdirectfb-1.2.so.0.3.0 usr/lib/libfusion-1.2.so.0.3.0 usr/lib/libglib-2.0.so.0.1800.2 usr/lib/libpcre.so.0.0.1 usr/lib/libsplashy.so.1.0.0 usr/lib/libsplashycnf.so.1.0.0 lib/libnss_dns-2.9.so lib/libnss_dns.so.2 lib/libnss_files-2.9.so lib/libnss_files.so.2 lib/libgcc_s.so.1
[done.sh] /dev/sda
23934 blocks
cleanup …
cleanup done.
cleanup_finish …
cleanup_finish done.
calling update-bootloader
device-mapper: table ioctl failed: No such device or address
Command failed
device-mapper: table ioctl failed: No such device or address
Command failed

Hi,

I have several computers working with encrypted hard drives using that same method … never had a single problem. Sometimes when there is a kernel up-date there is the need to write a knew /boot/grub/menu.lst.
Other them that … one once I made a mistake …
(Laptops about 5 of them and 3 desktops).
I some times have your problems with mkinitrd, but in your case I think, from the message that you show us, you should confirm your partition setup before running mkinitrd.

Meaning the example page for encrypting the root partitions must be adapted to your partitions setup …

It seems to me that mkinitrd is not recognizing some partitions.
For example:
the resume partition, usually swap, should have been:

/dev/mapper/swap
not : /dev/disk/by-id/ata-WDC_WD3200BJKT-00F4T0_WD-WXE908A22475-part2 (/dev/sda2)

Also it seems to me that you must take a look at the file:

/etc/fstab.

and accordingly to:

/boot/grub/menu.lst

Both must be correct Before running mkinitrd.

And alter the files according to your new partitions scheme, adapted to the new encrypted mapper devices, before running mkinitrd.

could you shows us your /etc/fstab file and your /boot/grub/menu.lst ?

Regards,
Pedro

And alter the files according to your new partitions scheme, adapted to the new encrypted mapper devices, before running mkinitrd.

Eventually I did this but since I mixed up now the two methods I will again do the install and then post the both files (since the error is stable).

I understand you mean the second method (the one described as “laptop - usb key” in the lower part. Or did you install following the first method?

Another thing: I am currently trying to follow a normal install (thus defining a “user” and root separately ad do login as root only. The article stated something about mount-points are changing if you do login as user). Is this the way you did proceed?

fstab: fstab was edited according to the how-to (and does not report the mounting “by-id”
/boot/grub/menu.lst: how should it be reordered? (I think the error is there, but I do not really understand why).

I will try to recover the both files and post them here.
If you happen to read this it would be nice if you could give me some input about it.
Thx

Hi,

I installed with bith methods.
All laptops are installed with the boot partition /boot on the usb.
One or two desktops have the boot on disk.

I think your problem is that you must change the documents commands according to your partitions setup.

The author explains the system with te following scheme:

/dev/sda1 /boot
/dev/sda2 swap This will become the encrypted swap.
/dev/sda3 /home This will become the encrypted root.
/dev/sda4 / This will become the encrypted home.

If you choose this install, meaning he installed all the OS on drive sda (internal hard drive), them you can follow the author example step by step.

If you choose, like me, to make the boot system in a USB, them the partition setup change considerably …

Likelly you would have:

/dev/sdb1 /boot
/dev/sda1 /swap
/dev/sda2 /home
/dev/sda3 /

And the commands on shown by the authors should change according …

you still have to encrypt /swap, /home and / (root) but now they may refer to different devices on your particular install …

fstab: fstab was edited according to the how-to (and does not report the mounting “by-id”

But the mkinit error does report a dev-by-id …

[/QUOTE]
/boot/grub/menu.lst: how should it be reordered? (I think the error is there, but I do not really understand why).
[/QUOTE]

Imagine my case as an example:

And less assume that also on the encryption commands you use the correct devices to encrypt the file system.

I started with the following partition scheme:

/dev/sdb1 /boot —> I boot from Flash USB
/dev/sda1 /swap —> first partition
/dev/sda2 /home —> will becoma the encrypted /
/dev/sda3 / —> will become the encrypted /home

→ After encryption with the commands shown on the process and after changing the /etc/fstab and making new initrd the final encrypted partitions will be:

/dev/sdb1 /boot (of course not encrypted)
/dev/sda1 /swap encrypted
/dev/sda2 / encrypted root
/dev/sda3 /home encrypted home

And my /boot/grub/menu.lst is something like this:

###Don’t change this comment - YaST2 identifier: Original name: Setup###
title OpenSuSE 11.1 - 2.6.27.7-9 Special Kernel …
root(hd1,0)
kernel /vmlinuz-2.6.27.7-9-default root=/dev/mapper/root luks_root=/dev/sda2 luks_swap=/dev/sda1 luks_home=/dev/sda3 luks=“root swap home” splash=silent showopts vga=0x314
initrd /initrd-2.6.27.7-9-default

Has you can see from
root(hd1,0)

the system boots from a second device, the flash USB.
and the partition scheme on /boot/grub/menu.lst matches the one on disk.

this has to be done, like the document explains, after every encryption step (one partition at the time).

I also think the problem is your /boot/grub/menu.lst file.

But that is easy to fix. Just match the luks_root, luks_swap and luks_home to your actual devices after the encryption.
The problem could be there …

Sorry for the late reply but time is a problem for me …

Regards,
Pedro

Hi,

I do not known how comfortable you are installing Linux but the default partition scheme is nothing like the one proposed in the documentation.
This means you must make the partitions like the ones the author showed Manually, or your own partition setup.
In any case they must be according in /etc/fstab and /boot/grub/menu.lst

Regards,
Pedro

Hola Pedro y gracias (siempre que tu eres de lengua española) :wink:

The following is taken all of a new install, clean, from the scratch.
On my linux skills:
I am quite comfortable with installing, partitioning and setting up linux. I am well understanding the setup the author uses.
I did follow the indications of the how-to again this time, identical to the part called:
Summary of commands for openSUSE 11.1 installed on an external USB drive
I am aware of the fact that the author did choose to install /boot on sda and not on sdb, this was (since I was having a try) also my personal setup.
I followed step by step without getting any error message.
I get however AGAIN an error when it comes to mkinitrd.
The unique difference is that my system usually is installed in Italian (therefore using the Italian keyboard layout). But this is not the issue IMO because he complains about the drives not existing.
The step *edit ‘/boot/grub/menu.lst’
*comes after the creation of mkinitrd (we are in what the author calls “phase1”) and therefore cannot be responsible for the error.

I will now paste you the error of mkinitrd (i did run it twice, same error) but the errorclaim (no such device) doubles, first there where only two errors, with the second run I get 4.

**Output console after mkinitrd:
**
linux-pxel:~ # mkinitrd -v -d /dev/mapper/root -f “dm luks”

[prepare.sh]
Kernel image: /boot/vmlinuz-2.6.27.7-9-pae
Initrd image: /boot/initrd-2.6.27.7-9-pae
[splashy.sh]
[start.sh]
[udev.sh]
[usb.sh]
[storage.sh]
Root device: /dev/mapper/root (mounted on / as ext3)
Resume device: /dev/disk/by-id/ata-WDC_WD3200BJKT-00F4T0_WD-WXE908A22475-part2 (/dev/sda2)
[luks.sh] /dev/mapper/root /dev/sda2
Device does not exist.
Command failed
Only english keyboard layout supported.
Please ensure that the password is typed correctly.
[lvm2.sh] /dev/sda3 /dev/sda2 /dev/sda2
[md.sh] /dev/sda3 /dev/sda2 /dev/sda2
[kpartx.sh] /dev/sda3 /dev/sda2 /dev/sda2
[dmraid.sh] /dev/sda3 /dev/sda2 /dev/sda2
[multipath.sh] /dev/sda3 /dev/sda2 /dev/sda2
[dm.sh] /dev/sda3 /dev/sda2 /dev/sda2
[blockpartition.sh] /dev/sda3 /dev/sda2 /dev/sda2
[block.sh] /dev/sda
[BLOCK] /dev/sda → ata_piix
[BLOCK] /dev/sda → sd_mod
[cifs.sh] /dev/sda
[firewire.sh] /dev/sda
[nfs.sh] /dev/sda
[network.sh] /dev/sda
[acpi.sh] /dev/sda
[modules.sh] /dev/sda
[MODULES] 02-start.sh: processor thermal ata_piix ata_generic ide_pci_generic fan jbd ext3 edd
[MODULES] 03-dm.sh: dm-crypt
[MODULES] 03-dm.sh: dm-mod
[MODULES] 03-dm.sh: dm-snapshot
[MODULES] 03-storage.sh: ext3
[MODULES] 11-block.sh: ata_piix sd_mod
[MODULES] 11-usb.sh: usbcore
[MODULES] 11-usb.sh: ohci_hcd
[MODULES] 11-usb.sh: uhci-hcd
[MODULES] 11-usb.sh: ehci_hcd
[MODULES] 11-usb.sh: usbhid
[MODULES] 71-luks.sh: dm-crypt
[MODULES] 71-luks.sh: sha256_generic sha256_generic crypto_blkcipher cbc aes_i586 aes_generic ecb arc4
Kernel Modules: hwmon thermal_sys processor thermal dock scsi_mod libata ata_piix ata_generic ide-core ide-pci-generic fan jbd mbcache ext3 edd crypto_blkcipher dm-mod dm-crypt dm-snapshot crc-t10dif sd_mod usbcore ohci-hcd uhci-hcd ehci-hcd ff-memless hid usbhid sha256_generic cbc aes_generic aes-i586 ecb arc4
[mount.sh] /dev/sda
[MOUNT] Root: /dev/mapper/root
[progs.sh] /dev/sda
Features: dm block usb luks resume.userspace resume.kernel
[splash.sh] /dev/sda
Bootsplash: openSUSE (1280x800)
[vendor.sh] /dev/sda
[sharedlibs.sh] /dev/sda
Shared libs: lib/ld-2.9.so lib/libacl.so.1.1.0 lib/libattr.so.1.1.0 lib/libblkid.so.1.0 lib/libc-2.9.so lib/libcom_err.so.2.1 lib/libcryptsetup.so.0.0.0 lib/libdevmapper.so.1.02 lib/libdl-2.9.so lib/libe2p.so.2.3 lib/libext2fs.so.2.4 lib/libgcc_s.so.1 lib/libgcrypt.so.11.4.4 lib/libgpg-error.so.0.4.0 lib/liblzo2.so.2.0.0 lib/libncurses.so.5.6 lib/libpopt.so.0.0.0 lib/libpthread-2.9.so lib/libreadline.so.5.2 lib/librt-2.9.so lib/libselinux.so.1 lib/libsepol.so.1 lib/libsysfs.so.2.0.1 lib/libutil-2.9.so lib/libuuid.so.1.2 lib/libvolume_id.so.1.0.1 lib/libz.so.1.2.3 usr/lib/libdirect-1.2.so.0.3.0 usr/lib/libdirectfb-1.2.so.0.3.0 usr/lib/libfusion-1.2.so.0.3.0 usr/lib/libglib-2.0.so.0.1800.2 usr/lib/libpcre.so.0.0.1 usr/lib/libsplashy.so.1.0.0 usr/lib/libsplashycnf.so.1.0.0 lib/libnss_dns-2.9.so lib/libnss_dns.so.2 lib/libnss_files-2.9.so lib/libnss_files.so.2 lib/libgcc_s.so.1
[done.sh] /dev/sda
23923 blocks
cleanup …
cleanup done.
cleanup_finish …
cleanup_finish done.
calling update-bootloader
device-mapper: table ioctl failed: No such device or address
Command failed
device-mapper: table ioctl failed: No such device or address
Command failed
device-mapper: table ioctl failed: No such device or address
Command failed
device-mapper: table ioctl failed: No such device or address
Command failed

I will now join “fstab” (which was IMHO identical to the one proposed in the method)

dev/mapper/swap swap swap defaults 0 0
/dev/mapper/root / ext3 acl,user_xattr 1 1
/dev/sda1 /boot ext3 acl,user_xattr 1 2
/dev/sda4 /home ext3 acl,user_xattr 1 2
proc /proc proc defaults 0 0
sysfs /sys sysfs noauto 0 0
debugfs /sys/kernel/debug debugfs noauto 0 0
usbfs /proc/bus/usb usbfs noauto 0 0
devpts /dev/pts devpts mode=0620,gid=5 0 0

About the error:
Resume device: /dev/disk/by-id/ata-WDC_WD3200BJKT-00F4T0_WD-WXE908A22475-part2 (/dev/sda2)
[luks.sh] /dev/mapper/root /dev/sda2

ALL the devices are by default registered in fstab as:
/dev/disk/by-id/ata-WDC_WD3200BJKT-00F4T0_WD-WXE908A22475-partX (where X stands for the partition). The normal install of Opensuse 11.1 does this. According to the howto I have to change /dev/disk/by-id/ata-WDC_WD3200BJKT-00F4T0_WD-WXE908A22475-part2 into /dev/mapper/swap…etc…what I did. Is this the error? :confused:

I join here the fstab.ORIG prior to changes

/dev/disk/by-id/ata-WDC_WD3200BJKT-00F4T0_WD-WXE908A22475-part2 swap swap defaults 0 0
/dev/disk/by-id/ata-WDC_WD3200BJKT-00F4T0_WD-WXE908A22475-part4 / ext3 acl,user_xattr 1 1
/dev/disk/by-id/ata-WDC_WD3200BJKT-00F4T0_WD-WXE908A22475-part1 /boot ext3 acl,user_xattr 1 2
/dev/disk/by-id/ata-WDC_WD3200BJKT-00F4T0_WD-WXE908A22475-part3 /home ext3 acl,user_xattr 1 2
proc /proc proc defaults 0 0
sysfs /sys sysfs noauto 0 0
debugfs /sys/kernel/debug debugfs noauto 0 0
usbfs /proc/bus/usb usbfs noauto 0 0
devpts /dev/pts devpts mode=0620,gid=5 0 0

I would really like to know where it happens (and then once the install goes, run it again from the scratch and opt for the /boot on an usb). But first I would rather get to life the simple “sda” installed encrypted root partition setup.
I do not think that the hardware of the notebook is any different than usual. I am really puzzled (and would rather be amused if I would not loose so much time for something that should have been implemented by the OS by default in case of laptop install - but we can hope for 11.2…).
For the time being I will try and retry with these procedures…if possible.
Thank you for your time and effort. I appreciate.

Hi,

Hablo Castelhano pero, mi lengua materna es Portugués … I speak Castellan yes, but my native language is Portuguese :slight_smile: not Spanish.

Ok, lets get some insight on this issue. It can happen to any one.

First:

I only have used the Boot partition on a usb external key. Not the all OS.

So my experience is not the same as yours.
Also, and this is very important: I never used the summary procedure.
So if you notice the only difference is that no up-date whatsoever to the mkinitrd scripts are made. none.
And it always worked.

Second:
I find it strange that you install on an external hard drive and the devices you use are always /dev/sda.
Either you system does not have internal drives or, if it does, OpenSuSE install usually assignes /dev/sda to internal SATA/IDE devices.
Not to USB devices.
So this is why I think it is a bit strange to have the errors on the log

ALL the devices are by default registered in fstab as:
/dev/disk/by-id/ata-WDC_WD3200BJKT-00F4T0_WD-WXE908A22475-partX (where X stands for the partition). The normal install of Opensuse 11.1 does this. According to the howto I have to change /dev/disk/by-id/ata-WDC_WD3200BJKT-00F4T0_WD-WXE908A22475-part2 into /dev/mapper/swap…etc…what I did. Is this the error?

NO.
If partitions and devices are correct this is not the error.
Once kernel decrypts the partitions Fstab Should have /dev/mapper devices as only mapper should be used to read the partitions, this is the all point about encrypting the partitions.

NOTICE:
—>>>> dev/mapper/swap swap swap defaults 0 0
/dev/mapper/root / ext3 acl,user_xattr 1 1
/dev/sda1 /boot ext3 acl,user_xattr 1 2
/dev/sda4 /home ext3 acl,user_xattr 1 2
proc /proc proc defaults 0 0
sysfs /sys sysfs noauto 0 0
debugfs /sys/kernel/debug debugfs noauto 0 0
usbfs /proc/bus/usb usbfs noauto 0 0
devpts /dev/pts devpts mode=0620,gid=5 0 0

the first line could be a typo, but it should be:

/dev/mapper/swap …

This is likely the error.

Your error relates to the swap devices.
mkinitrd does not recognize it … in fstab …

Try this and let me know. If this is the problem … could a simple typo from copying the fstab …
Let me know this first.

About the password … it does matter.
Imagine that for some reason in a Italian layout you enter your password, say:

Rossi_Veramente_Campione_MotoGP

If for some reason you boot and unmount/remount the drive … and You are using a keyborad layout … characters would be messed!

Regards,
Pedro

Oi Pedro, você de Portugal ou o Brasil? (Sin embargo el mi español es mucho mejor de mi portuges…:shake: )

Unfortunately the /dev was only a “copy and paste” artefact.
The original does not present the error.
I did contact the author of the mkinitrd script and he suggests the error might be in the …“setup-luks.sh” script because of certain logs are missing. I will update you on my progresses (also for everybody here reading this and might have a similar problem).
On keyboard: well, I tried. I can luksOpen the respective volumes without problems. So the issue seams not be the keyboard layout (also the argument is to be held in mind in general).
BTW, still laughing about the Moto_GP password. Great idea.lol!

About the setup I want to run:
ideally I would like to install a notebook with /boot on usb-stick (thus on sdb) and the rest on the local HDD (thus sda). The WD you are seing in the error message is /dev/sda on the laptop.
Now for the purpouse of learning I opted for the /boot on /dev/sda. This to make the install less error prone (ha ha, I know rotfl! there is nothing but the intrinsic irony of life).
I once already tried the setup with /boot on the usb-key with 11.0. It then worked (the first one, with unmodified mkinitrd scripts) BUT lost functionality with the very first update of kernel. That backed me off at the time and is honestly also very cumbersome (I guess what is messed up is fstab, but I honestly do not know).
If you have some hints on why with kernel updates you have this problem please let me know.
I also wanted you to ask:
did I understand well and you used the first setup to install the encrypted root?
And in this case, did your mkinitrd recognize the /dev/mapper/swap and /dev/mapper/home without modification of “setup-storage.sh”? Even with the notebook?
Which version of OpenSUSE did you use (11.1?). Maybe it’s a version issue? Thanks for sharing.

Hi,

did I understand well and you used the first setup to install the encrypted root?
And in this case, did your mkinitrd recognize the /dev/mapper/swap and /dev/mapper/home without modification of “setup-storage.sh”? Even with the notebook?
Which version of OpenSUSE did you use (11.1?). Maybe it’s a version issue? Thanks for sharing.

What I can say is that in my experience I did never used the summary scripts and it always worked, both with 11.0 (always x86_64) and with 11.1 and I am not sure but I think I made that on a 10.3 machine as well … right now I can not confirm that.
Also … in one of those machines I also think I had some kind of error messages on mkinitrd. I just ignored and moved along … and they installed. I can not remember what the problem was then …
Really I can not be more specific … point is, the overwhelming majority works like a charm and had Zero errors on setup.

About the laptops I can remember:

Acer 5520 11.0
Asus M50VM 11.1 (Great machine)
Compaq CQ60 11.1
HQ 9000 something 17’’ two internal disk dual boot with (Yuck) another known and very buggy OS … yes :slight_smile: , the slow one …

Desktop … custom made machine I am using right now … Quad core, 8GB ,
A HP desktop P4.

Can not remember any other one right now …

And I also encrypted Two External usb 1TB hdd’s. Zero problems.

Well. … some others I can not even remember …
My next step is to make a Backup home server with 4TB software Raid and encrypted …

Your approach is correct. First try the internal disk. And the idea of making this on a netbook is also great.
I have two netbooks … maybe I will try that also …
Please try to make first based on the usual procedure, not the summary one, and only on the internal hdd.

I once already tried the setup with /boot on the usb-key with 11.0. It then worked (the first one, with unmodified mkinitrd scripts) BUT lost functionality with the very first update of kernel. That backed me off at the time and is honestly also very cumbersome (I guess what is messed up is fstab, but I honestly do not know).

I forgot to mention. All the Laptops boot from usb. All of them.
It also happened to me. But that is nothing serious! No problem at all.
When you make an automatic Kernel up-date (YOU or applet or inside Yast whatever) one of the procedures is to up-date /boot/grub/menu.lst for the new kernel version.
This procedure sometimes erases the entries custom made for the Luks boot. I just boot from DVD enter rescue mode and remake the entries making the necessary changes for the new kernel.
Also, and this was my fault … sometimes you may have not mounted the /boot partition (and this also happened to me) and that is a big mess. The /boot partition does not get the new kernel, minitrd etc and you system can not boot.

I did Not mention this before but I always leave a 4th partition Not encrypted Just for the sake of “problems on the horizon”.
Meaning: last time I messed the Kernel up-date I totally recovered the system.
I just re-installed OpenSuSE on the partitions not encrypted to obtain and up-date the /boot, made the kernel up-date in order for the Kernel on /boot to be the same as the one on disk, meaning, same modules same version on everything. And then just remade the /etc/fstab and the /boot/grub/menu.lst in order to boot from disk with the previous system … Everything was OK. (A bit to my surprise actually … :slight_smile:

Very Important NOTE: Always make a backup of the /boot partitions. It is not like a lot of space … some MB …
And this is even more important in case you choose to make the /boot partition on USB key:
Make a Backup of that USB flash! Very easy to damage the thing …
I can not stress enough by words how that is important.
Actually I have two backups. One made with dd command directly to an identical flash and another on dvd/hdd backup.

Note:
I am from Portugal, but I also love Brasil of course, been there a couple of times.
About the password :slight_smile: … hey! Italian Keyboard … :slight_smile: Had to do it. Valentino Rossi is my favorite Rider of all times. A living legend.

Regards,
Pedro

Hola Pedro! Que tal estas?
Sorry was for a long time on travel.
I have it partially running now. What I did different?
a) installed following the howto (summary method) as before but
b) performed an complete update of all files through the command line (without ever logging in in xserver, not even as root) prior to beginning.
c) you then have to adapt of course the commands in grub to the new kernel version.

It then works, apparently I have no issues, even suspend to disk ok.
Currently doing a shred on (huge) new home. Once done, will format and do the phase 2 scripts of the summary method.
Will then report the final result.
Regards

So, I am seriously annoyed. >:( I tried whatsoever howto but in the end…it just does not work.
It always comes up not finding one or the other partition.
Now I had:

Boot logging started on /dev/tty1(/dev/console) at Sat…
Only english keyboard layout supported.Please ensure that the password is
typed correctly.
[Debug] curluks = root
[Debug] luks_root = /dev/sda3
[Debug] curluks = swap
[Debug] luks_swap = /dev/sda2
[Debug] curluks = home
[Debug] luks_home
= /dev/disk/by-id/ata-WDC_WD3200BJKT-00F4T0_WD-WXE908A22475-part4
[Debug] luks = root swap swap home

Given that the root partition encryption is important to me, I consider to change distribution for the notebook only (up to now) also because I have a huge number of other issues that would cause me to drop back to 11.0 anyway (3.5 is a mess, no bluetooth,vpn support is crap…but then, in 11.0 there is not a good support for wpa2).
Thinking about Mandriva (anybody has an idea if it allows an encrypted luks install with external boot partiton on usb key?) or Debian (apparently allows easy encryption) but it seems to me less userfriendly than Mandriva. Other suggestions?

I officially give up. I do not think you can encrypt root partition if you want to have /boot on a usb key. Provided this, I will try not to do it at least with all partitions on the laptop. We will see if that at least is possible.

Hi,

Sorry for the late reply.
Sometimes I also get frustrated. But we must always fight!

For example there is a million people saying how easy it is to make a liveCD in a usb key with unetbootin and other tools, also some great howto’s on pendrivelinux.com … but so far I have tried everything with Four different distros … nothing works!
I have even installed Ubuntu on a USB flash and it works! But not the “Live-USB” version of it … no way! the funny is that it was supposed to be a simple procedure …
Sometimes it is just the case of a small procedure … some different command somewhere … it is difficult to help in that case … one has to just repeat the procedure until we get it right.

About the encryption, all my four laptops have an external USB flash key with the /boot partition.
They all boot from that flash usb.
And the four disk partitions are all but one encrypted.

No problems so far except now and then a kernel upgrade that I did not perform correctly and even those I could recover everything.
Also I think that you are not going to find an easier distro to make this type of procedure.
If any distro can help you OpenSuSE is the one.

Once again, I simply followed the OpenSuSE root partition encryption howto … and for me it always worked.

The laptops I have encrypted are:
Asus m50vm
Compaq CQ-60
Acer 5520
HP 9000
(others I do not remember if they boot from flash USB)
All these have the boot partition on the flash USB.

Regards,
Pedro

Thank you Pedro. Yes you are right. We always have to fight. As soon as I get the air to breath I will begin to study the bibliography of the howto. I need to understand in depth the bootscripts to understand the problem. If I well understand, the bios handles he key in a peculiar way. The notebook is a Samsung Q35 Barnit, and seems not want to boot from usb…even when told so in the Bios. This may be a particularity, because if mounted at boot it comes as /dev/sdb1 and works and updates flawlessly. So I will try. Thanks for giving me motivation. Helps!

May be a problem of the hardware/bios of my notebook. Will try with an other version of openSUSE later on.