Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Debian 9 full encrypted disk install not seen at boot time

Ask for help with issues regarding the Installations of the Debian O/S.
Post Reply
Message
Author
Yendorian
Posts: 5
Joined: 2017-04-18 21:24

Debian 9 full encrypted disk install not seen at boot time

#1 Post by Yendorian »

I installed debian 9 on my internal drive with guided LUKS encryption partitioning, using the net install .iso on USB. Upon an apparent successful install, debian did not show up as a bootable option. Since I have no other operating systems on that device, it simply booted back to bios with no boot options. This surprised me, as I had done an install of debian 8 on this same device and it booted up just fine doing a guided, encrypted set up.

I did an install without encryption and it booted just fine after an install as you would expect.

I tried to re-install with encryption doing the same thing, but inspected the automatically generated partitions. The /boot partition did not have a bootable flag and the EFI did. I tried to enable the bootable flag on the /boot partition, but could not do so until I disabled the boot flag on the EFI partition. Same end results.

I did the same thing, removing the EFI partition and replacing it with a bios partition marking it bootable. Same end results.

In all cases I installed GRUB to /dev/sda

Upon booting to grub in a different distro, using ls on the partitions returned scrambled information for everything, leaving me to wonder if perhaps the boot partition was encrypted despite the guided partitioning.

After duplicating what I did the first time, a simple, guided encrypted LUKS partition scheme with separate partitions for /tmp, var and home, I used a live distro to instpect the disks with lsblk and blkid.

blkid told me that /dev/sda1 was of type EXT2, and that /dev/sda5 was of type "crypto_luks". It did not see anything else.

lsblk had more information.

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 238.5G 0 disk
|-sda2 8:2 0 1K 0 part
|-sda5 8:5 0 238.2G 0 part
|-sda1 8:1 0 243M 0 part

There does not appear to be any mount point specified. I decided to try to mount it.

Code: Select all

sudo cryptsetup luksOpen /dev/sda5 label_I_came_up_with
I was prompted for my passphrase, which I provided. Then

Code: Select all

lvscan
vgchange -ay
showed me the /root, /var/ swap, /tmp and /home partitions and then made them active, respectively. I then used

Code: Select all

mount /dev/label_I_came_up_with
mkdir /mnt/linux
mount -o bind /proc /mnt/linux/proc
mount -o bind /dev /mnt/linux/dev/
mount -o bind /sys /mnt/linux/sys
chroot /mnt/linux /bin/bash
grub-install /dev/sda
This logged some complaintes about non-existent configuration files and log files, and concluded with:

Code: Select all

exim: could not open panic log - aborting: see message(s) above
Installing for i386-pc platform
Installation finished. No error reported.
After using lsblk, I got the same output as before with no mount point. Upon rebooting the drive was still not seen. I'm not sure where to go from here. Does the community have any advice?

Yendorian
Posts: 5
Joined: 2017-04-18 21:24

Re: Debian 9 full encrypted disk install not seen at boot ti

#2 Post by Yendorian »

While I was waiting for a reply I did yet another fresh install of Debian with encrypted LVM partitioning keeping all defaults. To my utter surprise it booted up properly. I'm trying to think of what I did differently. I know I selected the option to "Force UEFI installation", but I had done that on a previous attempt as well with no results. I'm not sure did it, but it's resolved now.

Post Reply