Booting Gentoo on LVM inside LUKS with gpg encrypted keyfile

Question

I'm trying to install Gentoo on LVM logical volume inside LUKS container encrypted with key file encrypted by GPG with passphrase. Everything was going smoothly until I tried to boot. I'm building the kernel and initramfs with genkernel:

genkernel --lvm --luks --install --menuconfig --busybox all

and booting it with GRUB2. So after I start the kernel I get the information that my key file gets found, but in the next line I get “Failed to open LUKS device...” and than comes a kernel panic. Any idea what to do?

Kernel config - http://pastebin.com/YR7TfaVm

GRUB2 menuentry:

menuentry 'Gentoo'{
root='hd1,gpt1'
linux /kernel-genkernel-x86_64-3.17.7-gentoo initrd=/dev/ram0 crypt_root=/dev/disk/by-partuuid/PARTUUID_OF_LUKS_CONTAINTER_PARTION dolvm real_root=/dev/mapper/vg1-root rootfstype=ext4 real_init=/usr/lib/systemd/systemd root_keydev=/dev/disk/by-partuuid/PARTUUID_OF_MY_PENDRIVE_WITH_KEY root_key=luks-key.gpg
initrd /initramfs-genkernel-x86_64-3.17.7-gentoo
echo "initing..."
}

score 0 · Answer 1 · answered Aug 04 '15 at 18:20

Genkernel uses gpg v.1; you're probably doing something that needs gpg v.2, which requires pinentry and the like. Consider using luks itself to encrypt the keyfile: dm-crypt+luks: Can I have a separate header without storing it on the luks encrypted device?

Booting Gentoo on LVM inside LUKS with gpg encrypted keyfile

1 Answers1