URL: <https://savannah.gnu.org/bugs/?62920>
Summary: Memory address error when booting from LUKS-encrypted /boot Project: GNU GRUB Submitter: ljyip Submitted: Fri 19 Aug 2022 03:08:33 PM UTC Category: Booting Severity: Major Priority: 5 - Normal Item Group: Software Error Status: None Privacy: Public Assigned to: None Originator Name: Jason Yip Originator Email: gene...@jasonyip1.anonaddy.me Open/Closed: Open Release: Git master Release: Discussion Lock: Any Reproducibility: Every Time Planned Release: None _______________________________________________________ Follow-up Comments: ------------------------------------------------------- Date: Fri 19 Aug 2022 03:08:33 PM UTC By: Jason Yip <ljyip> I have a LUKS2-encrypted /boot using PBKDF2. Commit g2f4430cc0 has always worked for me. However, commit g0c6c1aff2 would do the following: boot into linux-zen then return an error about access memory address. My setup: Arch Linux /dev/nvme0n1p1 -> unencrypted EFI partition /dev/nvme0n1p2 -> LUKS-encrypted /boot partition using PBKDF2 /dev/nvme0n1p3 -> LUKS-encrypted LVM using Argon2ID (I include keyfile inside initramdisk that automatically unlocks this partition) I install GRUB the way outlined at [https://wiki.archlinux.org/title/GRUB#LUKS2]. My grub-pre.cfg: set crypto_uuid=<PARTITION UUID> cryptomount -u $crypto_uuid set root=crypto0 set prefix=($root)/grub insmod normal normal I run this script to install GRUB: #!/bin/sh grub-mkimage -p /boot/grub -O x86_64-efi -c grub-pre.cfg -o /tmp/grubx64.efi luks2 part_gpt cryptodisk gcry_rijndael pbkdf2 gcry_sha256 btrfs install -v /tmp/grubx64.efi /boot/efi/EFI/GRUB/grubx64.efi My /etc/default/grub: # GRUB boot loader configuration GRUB_DEFAULT=0 GRUB_TIMEOUT=3 GRUB_DISTRIBUTOR="Arch" GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 resume=/dev/vg/swap" GRUB_CMDLINE_LINUX="cryptdevice=PARTLABEL=lvm:cryptlvm cryptkey=rootfs:/etc/keys/cryptlvm.keyfile" # Preload both GPT and MBR modules so that they are not missed GRUB_PRELOAD_MODULES="part_gpt part_msdos" # Uncomment to enable booting from LUKS encrypted devices GRUB_ENABLE_CRYPTODISK=y # Set to 'countdown' or 'hidden' to change timeout behavior, # press ESC key to display menu. GRUB_TIMEOUT_STYLE=menu # Uncomment to use basic console GRUB_TERMINAL_INPUT=console # Uncomment to disable graphical terminal #GRUB_TERMINAL_OUTPUT=console # The resolution used on graphical terminal # note that you can use only modes which your graphic card supports via VBE # you can see them in real GRUB with the command `vbeinfo' GRUB_GFXMODE=1920x1080x32 # Uncomment to allow the kernel use the same resolution used by grub GRUB_GFXPAYLOAD_LINUX=keep # Uncomment if you want GRUB to pass to the Linux kernel the old parameter # format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx" #GRUB_DISABLE_LINUX_UUID=true # Uncomment to disable generation of recovery mode menu entries GRUB_DISABLE_RECOVERY=true # Uncomment and set to the desired menu colors. Used by normal and wallpaper # modes only. Entries specified as foreground/background. #GRUB_COLOR_NORMAL="light-blue/black" #GRUB_COLOR_HIGHLIGHT="light-cyan/blue" # Uncomment one of them for the gfx desired, a image background or a gfxtheme #GRUB_BACKGROUND="/path/to/wallpaper" GRUB_THEME="/boot/grub/themes/Cyberpunk/theme.txt" # Uncomment to get a beep at GRUB start #GRUB_INIT_TUNE="480 440 1" # Uncomment to make GRUB remember the last selection. This requires # setting 'GRUB_DEFAULT=saved' above. #GRUB_SAVEDEFAULT=true # Uncomment to disable submenus in boot menu #GRUB_DISABLE_SUBMENU=y # Probing for other operating systems is disabled for security reasons. Read # documentation on GRUB_DISABLE_OS_PROBER, if still want to enable this # functionality install os-prober and uncomment to detect and include other # operating systems. #GRUB_DISABLE_OS_PROBER=false My /etc/mkinitcpio.conf: MODULES=(usbhid xhci_hcd i915) BINARIES=(btrfs) FILES=(/etc/keys/cryptlvm.keyfile) MODULES=(usbhid xhci_hcd i915) BINARIES=(btrfs) HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems resume fsck) _______________________________________________________ Reply to this item at: <https://savannah.gnu.org/bugs/?62920> _______________________________________________ Message sent via Savannah https://savannah.gnu.org/