I'm not the right person to comment reliably on this, because I don't use systemd and do not use LVM, but until someone else chimes in I'll give it a go ... :-)
On Sunday, 16 June 2024 09:04:26 BST Alexander Puchmayr wrote: > Hi there, > > I just tried to prepare my new laptop for UFEI+secureboot by creating a > single unified kernel image including kernel,initrd,microcode,etc. > NB: The partition layout has a vfat/Efi partition and a luks encrypted lvm > container holding SYS(Root), Data(home) and swap. > > I added uki and ukify use flags to installkernel and systemd, checked the > configuration again and configured the kernel by emerge --config sys-kernel/ > gentoo-kernel. > > Bulding the kernel image seems to work fine, the log messages say its > creating a initrd using dracut, creating a efi file, signing it properly > and even installs it under /boot/efi/EFI/Linux. Why is the ESP mounted under /boot/efi, instead of /efi? https://wiki.gentoo.org/wiki/EFI_System_Partition#Mount_point > When booting it, it loads the kernel and then seems to get stuck: > > Timed out waiting for device /dev/gpt-auto-root > Dependency failed for File System Check in /dev/gpt-auto-root > Dependency failed for Root Partition > Dependency failed for Initrd Root File System > Dependency failed for Initrd Mountpoints Configured in the Real Root > Dependency failed for Initrd Root Device The gpt-auto-root is a script which tries to automatically detect and mount the root fs. Did you create your partition(s) with GPT and did you select the correct partition type "Linux Root (x86-64)" to make sure the partition GUID code for LUKS is correct according to the Discoverable Partitions Specification? If you used fdisk, you'll probably need to add the partition type GUID code manually, as advised in the Handbook. Press -i in fdisk to find out what it currently is set as. > Then it ends up in an emergency shell. > > There's a log in /run/initramfs/rdsosreport.txt, which reveals that it does > not find my encrypted lvm partition (LUKS encrypted lvm container holding > SYS, DATA, SWAP, etc), which obviously needs to be setup first. Seems like > some boot parameter is missing. Did you configure dracut to include the necessary modules and to add the corresponding LUKS and LVM UUIDs? https://wiki.gentoo.org/wiki/ Full_Disk_Encryption_From_Scratch#Initramfs_configuration > Checking systemd's USE flags: Relevant flags lvm + cryptsetup + boot + > secureboot use flags are set > > To me it looks like as if its missing information which partition to use for > decrypting/mounting, and which lvm volume to use as real-root. > > Is this a dracut configuration? A systemd configruation? An installkernel > configuration? Something else? > > Thanks > Alex I think this is a dracut configuration issue, because systemd's 'kernel- install' setup is relatively straight forward: https://wiki.gentoo.org/wiki/Installkernel#Systemd_kernel-install_.28USE.3D. 2Bsystemd.29 If the problem is with dracut as I suspect, you may find 'sys-kernel/ugrd' easier than dracut for your type of installation, but dracut should work too if correctly configured. HTH.
signature.asc
Description: This is a digitally signed message part.
