mkinitrd and encrypted /var - what boot parameters?

Hi there. I’ve installed opensuse 11.4 by doing a network install, (boot off kernel + initrd, everything else is fetched off network) and i skipped the bootloader part because i’ve already got two other linux systems set up with grub2 on my computer.

I picked the minimal server install (text mode) and didn’t make any other software selectiono changes.

My partition layout is as follows

ssd drive contains / partitions for distributions (GPT layout)
hdd drive contains encrypted lvm PV (PV on a luks partition). inside that PV is a VG with volumes for /home and /var (and other), where each distribution has its own /var.

The problem is that i cannot get initrd to open the luks properly. i tried chrooting, rebuilding the image with mkinitrd -f “lvm2 luks” ( i saw that somewhere on opensuse wiki, i think ) and adding boot parameters like this : lvm_box=/dev/disk/by-uuid/<luks partiiton UUID> lvm=“box” (where box is the name of the lvm array).

Problems:

  • i’m never asked for luks password. initrd waits for specified devices to appear and most likely times out. I also tried adding a line to /etc/crypttab with “ASK” for key/password method.
  • it doesn’t open luks, it cannot access LVM
  • i end up with r/o root and recovery shell.
  • mkinitrd doesn’t list luks or anything cryptsetup related as available module, even though all cryptsetup related packages are installed.
  • mkinitrd + cryptsetup lacks documentation. i had to look through the actual script to see a hint of boot parameters i should use.

other issues

  • installer cannot create GPT partitions. i had to have them prepared beforehand.

Eventually i gave up and built an initrd with dracut. That works. Can someone pinpoint me in the right direction to proceed with mkinitrd?

I don’t use LVM much but have some experience with LUKS.

In my non-LVM LUKS systems I have a line like the following in /boot/grub/menu.lst:

kernel /vmlinuz-2.6.37.6-0.7-desktop root=/dev/mapper/root root=/dev/mapper/root luks_root=/dev/sdb5 luks_swap=/dev/sdb3 luks_home=/dev/sdb6 luks="root swap home" splash=silent quiet showopts vga=0x31a

As I understand it, this passes all the text after “kernel” as parameters. I assume (I can’t find any documentation for it) that the element

luks="root swap home"

prompts for the key and uses it for these encrypted partitions - have you got anything similar?

It maybe worth posting your (grub) config files?

Also I have used

mkinitrd -d /dev/mapper/root

to make initrd use the correct modules - have you tried a similar invocation for your lvm setup?

Cheers
Richard