• Guest, The rules for the P & N subforum have been updated to prohibit "ad hominem" or personal attacks against other posters. See the full details in the post "Politics and News Rules & Guidelines."

Gentoo/Funtoo, ZFS, Luks, and initramfs

Essence_of_War

Platinum Member
Feb 21, 2013
2,650
4
81
I'm trying to install on gentoo/funtoo on ZFS w/ LUKS to encrypt the Vdev.

I have a single hard drive with the following layout.

Code:
/dev/sda
    /dev/sda1 Bios Boot
    /dev/sda2 /boot ext2
    /dev/sda3 /       zfs root pool
After using crypt-setup to turn /dev/sda3 -> /dev/mapper/cryptroot, I followed a standard ZFSonLinux installation guide, making sure to compile --luks support as well as --zfs into my genkernel:

Code:
genkernel all --zfs --luks --no-clean --no-mountboot --callback="emerge @module-rebuild"
emerging grub w/ libzfs:
Code:
echo "sys-boot/grub libzfs -truetype" >> /etc/portage/package.use
emerge grub
grub-install /dev/sda
updating /etc/boot.conf
Code:
"Funtoo ZFS" {
       kernel kernel[-v]
       initrd initramfs-genkernel-x86_64[-v]
       params real_root=ZFS=tank/funtoo/root
       params += dozfs=force
}
emerging boot-update and boot-updating

and of course adding the zfs tool zfs-import and zfs-mount to the boot run-levels, and zfs-share and zfs-zed to the default run levels.

Everything seemed to be OK, and the reboot went fine, I get to the GRUB menu, and when I select a boot option, I don't get an option to open the luks volume, I just get a kernel panic.

This is my first time working with luks, so I'm guessing that I missed something dumb, like not adding something to a run-level, or not configuring boot.conf correctly for a luks volume. Any ideas?:confused:
 

Essence_of_War

Platinum Member
Feb 21, 2013
2,650
4
81
I don't have an /etc/crypttab, but I'm also not using systemd, and I thought the crypttab was only for use with systemd?

I could be totally wrong though.
 

Essence_of_War

Platinum Member
Feb 21, 2013
2,650
4
81
So I went through this again and fixed the errors that I had made.

With OpenRC init, you don't need a crypttab for a single disk, if you have an un-encrypted /boot with an initramfs and initrd.

The real issue comes from editing grub.cfg and/or the scripts that generate it. With ZFS + LUKS, GRUB seems to use the output of "zpool status" to find the devices that from the root of the zpool. This works fine if you're pool is, for example, a single hard drive partition that is not LUKS encrypted (/dev/sdxN), but it seems to give it a fit if you've assigned device to the zpool using /dev/disk/by-id or with an encrypted disk that shows up attached to /dev/mapper/cryptroot. If it sees UUIDs, it doesn't look in /dev/disk/by-id, it just looks in /dev/, and similarly it won't look for cryptroot inside of /dev/mapper, just in /dev.

To handle that, I made a symlink from /dev/mapper/cryptroot to /dev/cryptroot, and then in grub.cfg manually added the crypt support:

Code:
linux  /kernel-X.XX.X-gentoo root=ZFS=rpool/ROOT/gentoo [B]crypt_root=/dev/sda[/B]3 dozfs=force ro

initrd /initramfs-genkernel-x86_64-X.XX.X
This is a bit hacky since grub.cfg is supposed to be generated by scripts, but now that at least I've found that it works, I can try to fix it in the generating scripts.
 

ASK THE COMMUNITY