[arch-general] booting from encrypted partition - reevaluate partition table (gpt, kpartx, cryptdevice, grub2)

Marek Otahal markotahal at gmail.com
Tue Dec 11 10:18:08 EST 2012 

Hi fellow archers,

I have the following problem:
On a physical (gpt) partition I have an encrypted LUKS partition which
contains GPT partition table with desired final partitions (/,/home,
etc..)
I decided to skip LVM as gpt fulfils my needs (many primary
partitions, easy resize), but using kernel boot parameters (grub2):
   linux /vmlinuz-linux root=/dev/mapper/crypto3
cryptdevice=/dev/sdb6:crypto:allow-discards resume=/dev/mapper/crypto1
ro quiet

I do not get expected result (and how partitions really look like):
# lsblk -f
NAME                  FSTYPE      LABEL  MOUNTPOINT
sda
├─sda1                ntfs        data
├─sda2                btrfs       backup
├─sda9                ext4               /
└─sda10
  └─cryptswap1 (dm-0) swap               [SWAP]
sdb
├─sdb1                ext4        boot   /boot
├─sdb2                vfat        EFI    /boot/efi
├─sdb3
├─sdb4                ntfs        win8
├─sdb5                crypto_LUKS
└─sdb6                crypto_LUKS
  └─crypto (dm-1)
    ├─crypto1 (dm-2)  swap        swap
    ├─crypto2 (dm-3)  btrfs       var
    ├─crypto3 (dm-4)  btrfs       arch
    └─crypto4 (dm-5)  btrfs       home


This is what I really get (and what I get when cryptsetup luksOpen
/dev/sdb6 crypto ):
# lsblk -f
NAME                  FSTYPE      LABEL  MOUNTPOINT
sda
├─sda1                ntfs        data
├─sda2                btrfs       backup
├─sda9                ext4               /
└─sda10
  └─cryptswap1 (dm-0) swap               [SWAP]
sdb
├─sdb1                ext4        boot   /boot
├─sdb2                vfat        EFI    /boot/efi
├─sdb3
├─sdb4                ntfs        win8
├─sdb5                crypto_LUKS
└─sdb6                crypto_LUKS
  └─crypto (dm-1)

I would need the system to reevaluate/recheck the newly opened
partition if it contains other partitions!

I found a related thread:
http://comments.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/5896

Now a workaround:
1/ install kpartx and add it to BINARIES="kpartx" in /etc/mkinitcpio.conf
2/ hack /lib/initcpio/hooks/encrypt and put line
kpartx -a /dev/mapper/crypto right behind every "cryptsetup ..
luksOpen ..." line there.
3/ similarly, I should place "kpartx -d /dev/mapper/crypto" before
"cryptsetup .. luksClose ..." is called during shutdown. I did not
find these routine in hooks/encrypt, where does it happen?

I'd like to know if there is any supported solution for this, or any
advice from you.

Thank you for help!
Have a nice day,
Mark

-- 
Marek Otahal :o)

More information about the arch-general mailing list