Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Setting up /boot on USB for encrypted partition

Ask for help with issues regarding the Installations of the Debian O/S.
Post Reply
Message
Author
User avatar
Futuramama
Posts: 6
Joined: 2017-10-13 12:22

Setting up /boot on USB for encrypted partition

#1 Post by Futuramama »

I installed an encrypted LVM with Debian Jessie on an extended partition and setup a USB Boot Key Disk to load into the system. However, when I boot into the USB it just shows a black screen with a blinking cursor.

I'd like to know if this is because it is an extended and not primary partition, and, if there is something wrong with the files in the USB, how can I reinstall or modify them.

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: Setting up /boot on USB for encrypted partition

#2 Post by GarryRicketson »

Well, according to this :
https://www.tecmint.com/install-debian- ... artitions/
Use at least 8 GB as its size and as Primary partition at the Beginning of the disk.
And this also says it should be a primary partition:
https://debian-handbook.info/browse/sta ... steps.html
Since this is a very common procedure, and many people have done this,
there is plenty of tutorials and info:
Setting up /boot on USB for encrypted partition using Debian

It might help if you tell us more about exactly what you have done, and what you tried when you did some searches, so we don't refer you to things that you all ready tried.

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Setting up /boot on USB for encrypted partition

#3 Post by p.H »

Futuramama wrote:I installed an encrypted LVM with Debian Jessie on an extended partition and setup a USB Boot Key Disk to load into the system. However, when I boot into the USB it just shows a black screen with a blinking cursor.
What does the USB boot drive contain exactly ? GRUB + a /boot partition ?

BIOS/legacy or EFI boot ? If BIOS/legacy, did you create a DOS partition table on the USB drive and set the boot flag on any partition defined in the table ? Some BIOS/EFI firmwares require it.
Futuramama wrote:I'd like to know if this is because it is an extended and not primary partition
No, irrelevant.
However using extended and logical partitions when it is not needed is a bad idea.
GarryRicketson wrote:Use at least 8 GB as its size
This is for the root partition. A /boot partition requires much less space, below 100 MB unless you're going to install a lot of kernels.

User avatar
Futuramama
Posts: 6
Joined: 2017-10-13 12:22

Re: Setting up /boot on USB for encrypted partition

#4 Post by Futuramama »

p.H wrote: What does the USB boot drive contain exactly ? GRUB + a /boot partition ?
The files in the USB are:
/grub/grub.cfg ----------------------------Text
/grub/unicode.pf2 -----------------------Binary
config-3.16.0-4-amd64 ----------------Text
initrd.img-3.16.0-4-amd64 ------------Archive
System.map-3.16.0-4-amd64 -------Text
vmlinuz-3.16.0-4-amd64 ---------------Program
p.H wrote: BIOS/legacy or EFI boot ? If BIOS/legacy, did you create a DOS partition table on the USB drive and set the boot flag on any partition defined in the table ? Some BIOS/EFI firmwares require it.
Yes, BIOS/Legacy. I don't know about the second one, I just followed the Debian installation and selected 'use as: Ext4 journaling file system' and the mount point on /boot.

User avatar
Futuramama
Posts: 6
Joined: 2017-10-13 12:22

Re: Setting up /boot on USB for encrypted partition

#5 Post by Futuramama »

GarryRicketson wrote:Well, according to this :
https://www.tecmint.com/install-debian- ... artitions/
Use at least 8 GB as its size and as Primary partition at the Beginning of the disk.
And this also says it should be a primary partition:
https://debian-handbook.info/browse/sta ... steps.html
Since this is a very common procedure, and many people have done this,
there is plenty of tutorials and info:
Setting up /boot on USB for encrypted partition using Debian

It might help if you tell us more about exactly what you have done, and what you tried when you did some searches, so we don't refer you to things that you all ready tried.
I did make the partition on the USB primary. In fact, the first link is pretty much the same screens I had and the same steps I took.
But with the boot loader in a separate USB, which I am aware it is possible to make.

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Setting up /boot on USB for encrypted partition

#6 Post by p.H »

Futuramama wrote:The files in the USB are
This looks like the contents of /boot. But there should also be a "grub/i386-pc" directory containing plenty of *.mod files and a few other files.
Futuramama wrote:I don't know about the second one, I just followed the Debian installation and selected 'use as: Ext4 journaling file system' and the mount point on /boot.
Use what ? The whole drive or a partition ?
The installer gives the option to set the boot flag on a partition.

Please post the output of "fdisk -l" with the USB drive plugged.

User avatar
Futuramama
Posts: 6
Joined: 2017-10-13 12:22

Re: Setting up /boot on USB for encrypted partition

#7 Post by Futuramama »

p.H wrote: This looks like the contents of /boot. But there should also be a "grub/i386-pc" directory containing plenty of *.mod files and a few other files.
That's all I can see in my drive.
p.H wrote: Use what ? The whole drive or a partition ?
The whole USB drive.
p.H wrote: Please post the output of "fdisk -l" with the USB drive plugged.

Code: Select all

Partition 4 does not start on physical sector boundary.
Disk /dev/sda: 931,5 GiB, 1000204886016 bytes, 1953525168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: dos
Disk identifier: 0xee515c8a

Device     Boot      Start        End   Sectors   Size Id Type
/dev/sda1             2048  634302463 634300416 302,5G 83 Linux
/dev/sda2  *    1517465600 1518489599   1024000   500M  7 HPFS/NTFS/exFAT
/dev/sda3       1518489600 1953523711 435034112 207,5G  7 HPFS/NTFS/exFAT
/dev/sda4        634304510  829614079 195309570  93,1G  5 Extended
/dev/sda5        634304512  829614079 195309568  93,1G 83 Linux

Partition table entries are not in disk order.


Disk /dev/sdb: 3,8 GiB, 4009754624 bytes, 7831552 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x6f1d7210

Device     Boot Start     End Sectors  Size Id Type
/dev/sdb1        2048 7829503 7827456  3,8G 83 Linux

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Setting up /boot on USB for encrypted partition

#8 Post by p.H »

Weird that you do not have the grub/i386-pc directory.
Futuramama wrote:The whole USB drive.
According to fdisk, there is a partition table on the drive, with a single partition taking all the available space.

Do not confuse "use the whole device /dev/sdb" and "use the single partition /dev/sdb1 which takes all the available space on the device /dev/sdb". So, which one is it ? Is the ext4 filesystem mounted on /boot in /dev/sdb or /dev/sdb1 ?

In any case, you may need to set the boot flag on sdb1 to make the USB drive bootable.

Code: Select all

fdisk /dev/sdb
 a
 1 (number 1, not letter l)
 w

User avatar
Futuramama
Posts: 6
Joined: 2017-10-13 12:22

Re: Setting up /boot on USB for encrypted partition

#9 Post by Futuramama »

I already tried with the bootable flag enabled, and still the same black screen with the blinking cursor.

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Setting up /boot on USB for encrypted partition

#10 Post by p.H »

What is the output of

Code: Select all

debconf-show grub-pc | grep install
Did you try to reinstall GRUB with

Code: Select all

grub-install /dev/sdb

User avatar
Futuramama
Posts: 6
Joined: 2017-10-13 12:22

Re: Setting up /boot on USB for encrypted partition

#11 Post by Futuramama »

p.H wrote:What is the output of

Code: Select all

debconf-show grub-pc | grep install

Code: Select all

* grub-pc/install_devices: /dev/disk/by-id/ata-WDC_WD10JPVX-22JC3T0_WD-WX81A54EJC1J
  grub-pc/install_devices_disks_changed:
  grub-pc/install_devices_failed: false
  grub-pc/install_devices_failed_upgrade: true
  grub-pc/install_devices_empty: false
p.H wrote: Did you try to reinstall GRUB with

Code: Select all

grub-install /dev/sdb
No, because I don't know if that works if the partition is encrypted.
I tried, in a separate attempt to fix this (I have reinstalled everything three times), to reinstall grub on my laptop, in a similar way to this: https://ubuntuforums.org/showthread.php?t=2266650

And in the process you need to decrypt the partition (and using boot-repair)... this is a side question: why is it more secure to have a USB bootloader if you can decrypt the filesystem introducing the password that way?

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Setting up /boot on USB for encrypted partition

#12 Post by p.H »

Futuramama wrote:grub-pc/install_devices: /dev/disk/by-id/ata-WDC_WD10JPVX-22JC3T0_WD-WX81A54EJC1J
This means that during the installation GRUB was installed in the MBR of the 1 TB Western Digital hard disk drive, not the USB pendrive. It probably explains why you cannot boot from the pendrive. You really must reinstall GRUB on the pendrive.
Futuramama wrote:
Did you try to reinstall GRUB
No, because I don't know if that works if the partition is encrypted.
The partition on the USB drive is not encrypted, is it ?
Futuramama wrote:why is it more secure to have a USB bootloader if you can decrypt the filesystem introducing the password that way?
What do yo mean by "introducing the password that way" ? How is that different from introducing the passphrase at boot time ?
More secure than what ? Boot from the internal drive ?
It is more secure than booting from the internal drive only if you keep the USB drive in a secure place.
(I assume you cannot keep the computer in a secure place, otherwise you would not need to encrypt the drive)

Post Reply