full disk encryption with luks on manjaro xfce
#21
(05-13-2020, 09:54 AM)e-minguez Wrote:
(05-13-2020, 03:49 AM)as400 Wrote: Here is how I'm generating initcpio with dracut. I have bootfs unencrypted and rootfs encrypted. I use nvme drive. Everything works just fine.



Code:
dracut -H --force -a "crypt lvm drm" -o "kernel-network-modules kernel-modules-extra kernel-modules mdraid qemu qemu-net \
lunmask resume dmraid btrfs modsign i18n" --drivers="rockchipdrm drm drm_kms_helper analogix_dp panel-simple pwm_bl" \
/boot/initramfs-dracut.img

I've used a slightly modified version (removed the -H and used the same name that mkinitcpio uses for the initrd file)  because the manjaro-arm-installer is using a chroot. No luck either Sad same blinking cursor.


I don't have any suggestions because when I tried, I was stuck at the same point you are.

I just wanted to say thank you for your work on this! I'm watching your progress and I'm hopeful you get it. I'll give it a try this weekend again and see how far I get. I'll post if I get anywhere. I'm not using my PBP because I cant get FDE working.
#22
(05-13-2020, 12:20 PM)FutureBucket Wrote:
(05-13-2020, 09:54 AM)e-minguez Wrote:
(05-13-2020, 03:49 AM)as400 Wrote: Here is how I'm generating initcpio with dracut. I have bootfs unencrypted and rootfs encrypted. I use nvme drive. Everything works just fine.



Code:
dracut -H --force -a "crypt lvm drm" -o "kernel-network-modules kernel-modules-extra kernel-modules mdraid qemu qemu-net \
lunmask resume dmraid btrfs modsign i18n" --drivers="rockchipdrm drm drm_kms_helper analogix_dp panel-simple pwm_bl" \
/boot/initramfs-dracut.img

I've used a slightly modified version (removed the -H and used the same name that mkinitcpio uses for the initrd file)  because the manjaro-arm-installer is using a chroot. No luck either Sad same blinking cursor.


I don't have any suggestions because when I tried, I was stuck at the same point you are.

I just wanted to say thank you for your work on this! I'm watching your progress and I'm hopeful you get it. I'll give it a try this weekend again and see how far I get. I'll post if I get anywhere. I'm not using my PBP because I cant get FDE working.
Thanks! To me FDE is a must. I've used the Debian installer approach successfully and I'm starting to think if I should move back to Debian...

Enviado desde mi ONEPLUS A5010 mediante Tapatalk
#23
(05-13-2020, 09:54 AM)e-minguez Wrote: I've used a slightly modified version (removed the -H and used the same name that mkinitcpio uses for the initrd file)  because the manjaro-arm-installer is using a chroot. No luck either Sad same blinking cursor.


It's crazy. Do you have console=tty1 in your extlinux.conf ?
#24
(05-14-2020, 02:01 AM)as400 Wrote:
(05-13-2020, 09:54 AM)e-minguez Wrote: I've used a slightly modified version (removed the -H and used the same name that mkinitcpio uses for the initrd file)  because the manjaro-arm-installer is using a chroot. No luck either Sad same blinking cursor.


It's crazy. Do you have console=tty1 in your extlinux.conf ?


The extlinux.conf is generated and it looks like:
Code:
LABEL Manjaro ARM
KERNEL /Image
FDT /dtbs/rockchip/rk3399-pinebook-pro.dtb
APPEND initrd=/initramfs-linux.img console=tty1 console=ttyS2,1500000 cryptdevice=UUID=a5c23c7b-807f-41ed-94a4-385f028ce2c2 root=/dev/mapper/ROOT_MNJRO rw rootwait video=eDP-1:1920x1080@60 video=HDMI-A-1:1920x1080@60 bootsplash.bootfile=bootsplash-themes/manjaro/bootsplash

Dracut is executed (in a chroot with systemd-nspawn) as:
Code:
dracut --force -a "crypt lvm drm" \
+        -o "kernel-network-modules kernel-modules-extra kernel-modules mdraid qemu qemu-net \
+           lunmask resume dmraid btrfs modsign i18n" --drivers="rockchipdrm drm drm_kms_helper analogix_dp panel-simple pwm_bl" \
+        /boot/initramfs-linux.img ${KERNELVERSION}
#25
OK, I would try to remove this "bootsplash.bootfile=bootsplash-themes/manjaro/bootsplash" and this "console=ttyS2,1500000" and then try.
#26
(05-14-2020, 05:33 AM)as400 Wrote: OK, I would try to remove this "bootsplash.bootfile=bootsplash-themes/manjaro/bootsplash" and this "console=ttyS2,1500000" and then try.

Done and now I can finally see things! I'm going to go back to mkinitcpio route without the bootsplash stuff. See attached for the dracut status now (stopped at 'Starting dracut initqueue hook...')


Attached Files
.jpg   IMG_20200514_161209.jpg (Size: 213.18 KB / Downloads: 530)
#27
I got it working with mkinitcpio after removing both the bootsplash and the console=ttyS2 stuff \o/

I'm going to try to clean up the code a bit, try to just modify the HOOKS in mkinitcpio.conf (to be able to be 'generic' and to work for other devices) and then I will submit a PR to the manjaro repo.

Thanks @as400  for your help!

Edit: No luck with just modifying the HOOKS section (black screen), so I guess that for every device, a list of modules needs to be provided.

Edit2: The patch is available here https://gist.github.com/e-minguez/5287bc...21248b8405 let's see if they merge it, meanwhile, I'm happy to have it working on my pbp \o/
#28
@e-minguez great news.
It would be fantastic if they merge your patch. Even on x86 installer you can't get encryption easily with Manjaro.

Now it's time for you to write a proper HOWTO Smile

Edit: I would also try to restore "console=ttyS2,1500000" and see if everything still works. It should in my opinion.
#29
(05-15-2020, 12:05 AM)as400 Wrote: @e-minguez great news.
It would be fantastic if they merge your patch. Even on x86 installer you can't get encryption easily with Manjaro.

Now it's time for you to write a proper HOWTO Smile

Edit: I would also try to restore "console=ttyS2,1500000" and see if everything still works. It should in my opinion.

The howto is very simple, you just need:
* a manjaro x86_64 VM with X (see https://gitlab.manjaro.org/manjaro-arm/a.../issues/10 for the reason behind the X requirement) with an extra disk (in my case, I've used a 8gb qcow2 empty file mapped as sata, so it is /dev/sda in the VM)
* ssh into it
* clone the https://gitlab.manjaro.org/manjaro-arm/a...-installer repo
* install the required packages (dialog and manjaro-arm-qemu-static in my case)
* apply the patch (git apply)
* run export CRYPT=y, then the installer. It will ask you user/pass/software selection/keyboard/etc. then the luks password twice (first one to create the device, the second one to mount it)

Then, power off the manjaro VM, plug a microsd into your computer and convert the qcow2 image into a raw one, then flash it to your microsd (or do it at once as qemu-img convert -f qcow2 -O raw manjaro-usb.qcow2 /dev/mmcblkX)

Plug it into your pbp and profit!

In order to resize the luks partition:

* `parted /dev/mmcblkX`, then `resizepart NUMBER END` (in my case, partition = 2, end = 125GB)
* `cryptsetup resize /dev/mapper/ROOT_MNJRO`
* `resize2fs /dev/mapper/ROOT_MNJRO`

HTH!

Edit: I've tested with the console parameter as suggested and it doesn't work, so I'll keep it that way.
#30
(05-15-2020, 12:42 AM)e-minguez Wrote: Plug it into your pbp and profit!

I just wonder if you will continue profiting beyond kernel updates? What if a manjaro kernel update comes with a new version of extlinux.conf overwriting your custom one?


Possibly Related Threads…
Thread Author Replies Views Last Post
  Building PPSSPP with Manjaro AUR LivingLinux 0 1,470 06-11-2022, 05:07 PM
Last Post: LivingLinux
  How to update Manjaro to 20.10 pineitup 8 15,180 07-31-2021, 04:44 AM
Last Post: jiyong
  Make your own Manjaro image flatulent_piney 0 3,581 11-07-2020, 03:30 AM
Last Post: flatulent_piney
  Manjaro ARM, Cryptomator, and MEGA Sync dp1kinobe 3 7,893 10-24-2020, 06:38 AM
Last Post: pineitup
  Downgrading packages on Manjaro ARM (on the example of boinc) wrzomar 0 3,726 10-02-2020, 12:20 PM
Last Post: wrzomar
  Freepascal FPC3.20 and Lazarus IDE on Manjaro KDE dieselnutjob 0 3,154 08-02-2020, 06:57 AM
Last Post: dieselnutjob
  Installing WPS Office on Manjaro brent.thierens 5 10,714 07-13-2020, 03:13 AM
Last Post: brent.thierens
  kernel build script for latest mainline manjaro kernel xmixahlx 42 64,526 07-11-2020, 09:01 PM
Last Post: xmixahlx
  Is there a MMC upgrade instruction from debian-mate to manjaro factory (20.06)? pljanson 4 8,874 06-23-2020, 12:41 AM
Last Post: pljanson
  How to boot Manjaro from NVME with uboot on eMMC as400 47 64,088 06-07-2020, 02:37 AM
Last Post: as400

Forum Jump:


Users browsing this thread: 1 Guest(s)