Re: [Trisquel-users] LIbreboot grub asks for LUKS password twice
Of course it would be easier if I just installed GRUB on disk with the Trisquel installation (I have done some changes to grub that way before on other computers), but I feel redundant to do so and think it will slow down a bit the boot process. Plus all the documentation on the libreboot page points to using the ROM GRUB.
Re: [Trisquel-users] LIbreboot grub asks for LUKS password twice
Thanks for your help. According to the Parabola link I provided above is goes like this: "By default, you will have to enter your LUKS passphrase twice; once in GRUB, and once when booting the kernel. GRUB unlocks the encrypted partition and then loads the kernel, but the kernel is not aware of the fact that it is being loaded from an encrypted volume. Therefore, you will be asked to enter your passphrase a second time. A workaround is to put a key file inside initramfs, with instructions for the kernel to use it when booting. This is safe, because /boot/ is encrypted (otherwise, putting a key file inside initramfs would be a bad idea).". That's what they say. Hence me thinking that it is indeed the same password (as in it is one only password and not two separate passwords that just happen to be the same). I tried following their procedure but they make use of a command "mkinitcpio" and it's configuration file. However I can't get it to work in Trisquel 8. Parabola's way of installing in Libreboot systems is slightly different so I am unsure how to adjust it to our own. I have tried reading other pages online about using a key file to unlock partitions but there is much information I don't understand.
Re: [Trisquel-users] LIbreboot grub asks for LUKS password twice
On 14/01/19 13:46, Ignacio Agulló wrote: > So, definitely it is not the same password twice, but two passwords > that happen to be the same. Well, I have my doubts after checking up that the ID volume supplied is the same one the two times. Could it be that the ID and password are for the LUKS and the same password be entered twice, the first one to mount the boot logical volume inside, and the second one to mount the root logical volume inside? -- Ignacio Agulló · agu...@ati.es 0xC6AB2D51.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: [Trisquel-users] LIbreboot grub asks for LUKS password twice
On 14/01/19 02:44 wrote: > I'm not sure that's the case... I mean, it only asked for one password > during the Trisquel 8 installation process, the Full Disk Encryption > password. Maybe it is the case of being necessary to unlock both boot > and swap? > However according to the Parabola guide, it is possible to automate > that process, and I am trying to do that. However it doesn't seem to > work for Trisquel, and that's what I need some help with. I attach a > picture of the second time the system asks for the password. It goes like this: -Libreboot asks you for the password for the /boot logical volume, mounts it and starts the boot process. -The boot process asks you for the password for the / (root) logical volume, mounts it and starts the system. As for why does Libreboot set two separated logical volumes instead of one in order to get full disk encryption, I can only guess that it is so because it builds on the more common [non-full] disk encryption procedure, that encrypts everything except for the /boot logical volume so the BIOS can read it. Rather than creating a new procedure that encrypted the entire filesystem in a single logical volume, they take the already existing procedure and add a second encryption for the /boot logical volume. What I can tell you is that you get some error messages that shouldn't be there. Everything goes right until "Begin: Mounting root file system...". But then, you get these unexpected messages: - Start quote - Volume group "grubcrypt" not found Cannot process volume group grubcrypt lvmetad is not active yet, using direct activation during sysinit Volume group "grubcrypt" not found Cannot process volume group grubcrypt - End quote - After that, I am surprised to see that the start process continues without hindrance. You get the prompt for the root logical-volume password, "Please unlock disk sdb_crypt", mine is different: "Unlocking the disk ... (sdb1_crypt) Enter passphrase". We are using different Libreboot versions, yours probably newer than mine. So, definitely it is not the same password twice, but two passwords that happen to be the same. But when it comes to your real question, how to avoid being requested two passwords, I'm sorry that I don't know about the file option. I never bothered me to introduce two passwords at each start. -- Ignacio Agulló · agu...@ati.es 0xC6AB2D51.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: [Trisquel-users] LIbreboot grub asks for LUKS password twice
I'm not sure that's the case... I mean, it only asked for one password during the Trisquel 8 installation process, the Full Disk Encryption password. Maybe it is the case of being necessary to unlock both boot and swap? However according to the Parabola guide, it is possible to automate that process, and I am trying to do that. However it doesn't seem to work for Trisquel, and that's what I need some help with. I attach a picture of the second time the system asks for the password. Thanks.
Re: [Trisquel-users] LIbreboot grub asks for LUKS password twice
On 13/01/19 04:21 wrote: > SO, I installed my SSD in my T400 Libreboot laptop. I followed the > instructions on the guide for doing so, and after some adjustements I > got the system to boot just fine. However, I am having the issue of > having to input my full disk encryption password twice! I searched > around and found this > https://wiki.parabola.nu/Installing_Parabola_on_Libreboot_with_full_disk_encryption_(including_/boot) > As it seems the folks at parabola have the same issue and explain > why. SO far so good, I tried using their solution for the problem (see > under 11 Bonus: Using a key file to unlock /boot/) but they issue a > command that does nothing in Trisquel, namely mkinitcpio > Is there anything that I have to install in order to get this to work > under Trisquel 8? That's a feature not a bug. It isn't asking for the same password twice but asking you for two passwords: the password for the encrypted boot partition and the password for the other encrypted partition. You happened to set the same password for both partitions. -- Ignacio Agulló · agu...@ati.es 0xC6AB2D51.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
[Trisquel-users] LIbreboot grub asks for LUKS password twice
Hey guys, SO, I installed my SSD in my T400 Libreboot laptop. I followed the instructions on the guide for doing so, and after some adjustements I got the system to boot just fine. However, I am having the issue of having to input my full disk encryption password twice! I searched around and found this https://wiki.parabola.nu/Installing_Parabola_on_Libreboot_with_full_disk_encryption_(including_/boot) As it seems the folks at parabola have the same issue and explain why. SO far so good, I tried using their solution for the problem (see under 11 Bonus: Using a key file to unlock /boot/) but they issue a command that does nothing in Trisquel, namely mkinitcpio Is there anything that I have to install in order to get this to work under Trisquel 8? Thanks.