Fresh LEAP 42.1 installation on GPT UEFI secure boot with LVM encrypted

Hi Everyone,

I want to install openSUSE LEAP 42.1 on my SSD with single boot (no Windows).
Installation is doing from USB stick.

I created my own partition set which is:

  1. EFI BOOT mounted on /boot/efi (everything regarding this in BIOS is enabled)
  2. Encrypted LVM on the rest of the SSD
    a) LV /root
    b) LV swap

Everything was successfully installed.

When I try to boot grub enters into recovery shell and error is displayed: “error: Can’t find command ‘cryptomount’.” so it can’t go further as LVM is encrypted.

Any ideas?

Open bug report against Leap (Basesystem component) and request inclusion of fix for bug https://bugzilla.opensuse.org/show_bug.cgi?id=917427. Please mention bug number here. You can use your forum user name and password on bugzilla.

That is exactly what some people said when idea of using SLE as base was announced. Target audience of SLE is very different from target audience of openSUSE, so many features that were present in openSUSE are missing from SLE (and Leap).

Thank you for reply.

BUG created: https://bugzilla.opensuse.org/show_bug.cgi?id=955609

I have not run across that, because I did not try to install Leap that way (I used a separate unencrypted “/boot”.

As a workaround, you can fix this by using the “grub.efi” from Tumbleweed. Just copy it to “/EFI/opensuse” in your EFI partition. If you have Tumbleweed 64-bit installed anywhere, then you can find that file at “/usr/lib64/efi”. If you don’t have Tumbleweed installed, you could try downloading the Tumbleweed live Rescue CD, boot it, find “grub.efi”. Then mount your EFI partition, maybe backup the installed “grub.efi” or rename to some other name). then copy the “grub.efi” from the live Rescue system to there.

Don’t think it will work without an unencrypted /boot partition. EFI boot is not the actual boot partition that contains the kernel it is only there to satisfy EFI boot procedures

It does. Did you even try to read bug report I mentioned?

It’s working. I am writing this post from openSUSE with encrypted /boot.

Thank you again for your support.

I am very impressed about system support on this forum - really - which was fast and accurate.

You do amazing job here.

Please keep doing it that way :slight_smile:

Regards,
Pawel S