Setting up /boot on USB for encrypted partition

Help with issues regarding installation of Debian

Setting up /boot on USB for encrypted partition

Postby Futuramama » 2017-10-13 12:26

I installed an encrypted LVM with Debian Jessie on an extended partition and setup a USB Boot Key Disk to load into the system. However, when I boot into the USB it just shows a black screen with a blinking cursor.

I'd like to know if this is because it is an extended and not primary partition, and, if there is something wrong with the files in the USB, how can I reinstall or modify them.
User avatar
Futuramama
 
Posts: 6
Joined: 2017-10-13 12:22

Re: Setting up /boot on USB for encrypted partition

Postby GarryRicketson » 2017-10-13 12:42

Well, according to this :
https://www.tecmint.com/install-debian-8-with-luks-encrypted-home-var-lvm-partitions/
Use at least 8 GB as its size and as Primary partition at the Beginning of the disk.


And this also says it should be a primary partition:
https://debian-handbook.info/browse/stable/sect.installation-steps.html
Since this is a very common procedure, and many people have done this,
there is plenty of tutorials and info:
Setting up /boot on USB for encrypted partition using Debian

It might help if you tell us more about exactly what you have done, and what you tried when you did some searches, so we don't refer you to things that you all ready tried.
"What we expect you have already Done"

Before doing anything, read the Debian documentation:
Debian Documentation
How to ask the smart way
Debian Foro Español
======================
For the Birds
User avatar
GarryRicketson
 
Posts: 4369
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: Setting up /boot on USB for encrypted partition

Postby p.H » 2017-10-13 18:13

Futuramama wrote:I installed an encrypted LVM with Debian Jessie on an extended partition and setup a USB Boot Key Disk to load into the system. However, when I boot into the USB it just shows a black screen with a blinking cursor.

What does the USB boot drive contain exactly ? GRUB + a /boot partition ?

BIOS/legacy or EFI boot ? If BIOS/legacy, did you create a DOS partition table on the USB drive and set the boot flag on any partition defined in the table ? Some BIOS/EFI firmwares require it.

Futuramama wrote:I'd like to know if this is because it is an extended and not primary partition

No, irrelevant.
However using extended and logical partitions when it is not needed is a bad idea.

GarryRicketson wrote:Use at least 8 GB as its size

This is for the root partition. A /boot partition requires much less space, below 100 MB unless you're going to install a lot of kernels.
p.H
 
Posts: 161
Joined: 2017-09-17 07:12

Re: Setting up /boot on USB for encrypted partition

Postby Futuramama » 2017-10-13 20:44

p.H wrote:What does the USB boot drive contain exactly ? GRUB + a /boot partition ?

The files in the USB are:
/grub/grub.cfg ----------------------------Text
/grub/unicode.pf2 -----------------------Binary
config-3.16.0-4-amd64 ----------------Text
initrd.img-3.16.0-4-amd64 ------------Archive
System.map-3.16.0-4-amd64 -------Text
vmlinuz-3.16.0-4-amd64 ---------------Program

p.H wrote:BIOS/legacy or EFI boot ? If BIOS/legacy, did you create a DOS partition table on the USB drive and set the boot flag on any partition defined in the table ? Some BIOS/EFI firmwares require it.

Yes, BIOS/Legacy. I don't know about the second one, I just followed the Debian installation and selected 'use as: Ext4 journaling file system' and the mount point on /boot.
User avatar
Futuramama
 
Posts: 6
Joined: 2017-10-13 12:22

Re: Setting up /boot on USB for encrypted partition

Postby Futuramama » 2017-10-13 20:55

GarryRicketson wrote:Well, according to this :
https://www.tecmint.com/install-debian-8-with-luks-encrypted-home-var-lvm-partitions/
Use at least 8 GB as its size and as Primary partition at the Beginning of the disk.


And this also says it should be a primary partition:
https://debian-handbook.info/browse/stable/sect.installation-steps.html
Since this is a very common procedure, and many people have done this,
there is plenty of tutorials and info:
Setting up /boot on USB for encrypted partition using Debian

It might help if you tell us more about exactly what you have done, and what you tried when you did some searches, so we don't refer you to things that you all ready tried.

I did make the partition on the USB primary. In fact, the first link is pretty much the same screens I had and the same steps I took.
But with the boot loader in a separate USB, which I am aware it is possible to make.
User avatar
Futuramama
 
Posts: 6
Joined: 2017-10-13 12:22

Re: Setting up /boot on USB for encrypted partition

Postby p.H » 2017-10-13 20:59

Futuramama wrote:The files in the USB are

This looks like the contents of /boot. But there should also be a "grub/i386-pc" directory containing plenty of *.mod files and a few other files.

Futuramama wrote:I don't know about the second one, I just followed the Debian installation and selected 'use as: Ext4 journaling file system' and the mount point on /boot.

Use what ? The whole drive or a partition ?
The installer gives the option to set the boot flag on a partition.

Please post the output of "fdisk -l" with the USB drive plugged.
p.H
 
Posts: 161
Joined: 2017-09-17 07:12

Re: Setting up /boot on USB for encrypted partition

Postby Futuramama » 2017-10-13 21:17

p.H wrote:This looks like the contents of /boot. But there should also be a "grub/i386-pc" directory containing plenty of *.mod files and a few other files.

That's all I can see in my drive.

p.H wrote:Use what ? The whole drive or a partition ?

The whole USB drive.

p.H wrote:Please post the output of "fdisk -l" with the USB drive plugged.

Code: Select all
Partition 4 does not start on physical sector boundary.
Disk /dev/sda: 931,5 GiB, 1000204886016 bytes, 1953525168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: dos
Disk identifier: 0xee515c8a

Device     Boot      Start        End   Sectors   Size Id Type
/dev/sda1             2048  634302463 634300416 302,5G 83 Linux
/dev/sda2  *    1517465600 1518489599   1024000   500M  7 HPFS/NTFS/exFAT
/dev/sda3       1518489600 1953523711 435034112 207,5G  7 HPFS/NTFS/exFAT
/dev/sda4        634304510  829614079 195309570  93,1G  5 Extended
/dev/sda5        634304512  829614079 195309568  93,1G 83 Linux

Partition table entries are not in disk order.


Disk /dev/sdb: 3,8 GiB, 4009754624 bytes, 7831552 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x6f1d7210

Device     Boot Start     End Sectors  Size Id Type
/dev/sdb1        2048 7829503 7827456  3,8G 83 Linux
User avatar
Futuramama
 
Posts: 6
Joined: 2017-10-13 12:22

Re: Setting up /boot on USB for encrypted partition

Postby p.H » 2017-10-13 21:47

Weird that you do not have the grub/i386-pc directory.

Futuramama wrote:The whole USB drive.

According to fdisk, there is a partition table on the drive, with a single partition taking all the available space.

Do not confuse "use the whole device /dev/sdb" and "use the single partition /dev/sdb1 which takes all the available space on the device /dev/sdb". So, which one is it ? Is the ext4 filesystem mounted on /boot in /dev/sdb or /dev/sdb1 ?

In any case, you may need to set the boot flag on sdb1 to make the USB drive bootable.

Code: Select all
fdisk /dev/sdb
 a
 1 (number 1, not letter l)
 w
p.H
 
Posts: 161
Joined: 2017-09-17 07:12

Re: Setting up /boot on USB for encrypted partition

Postby Futuramama » 2017-10-13 21:59

I already tried with the bootable flag enabled, and still the same black screen with the blinking cursor.
User avatar
Futuramama
 
Posts: 6
Joined: 2017-10-13 12:22

Re: Setting up /boot on USB for encrypted partition

Postby p.H » 2017-10-13 22:18

What is the output of
Code: Select all
debconf-show grub-pc | grep install


Did you try to reinstall GRUB with
Code: Select all
grub-install /dev/sdb
p.H
 
Posts: 161
Joined: 2017-09-17 07:12

Re: Setting up /boot on USB for encrypted partition

Postby Futuramama » 2017-10-13 22:46

p.H wrote:What is the output of
Code: Select all
debconf-show grub-pc | grep install


Code: Select all
* grub-pc/install_devices: /dev/disk/by-id/ata-WDC_WD10JPVX-22JC3T0_WD-WX81A54EJC1J
  grub-pc/install_devices_disks_changed:
  grub-pc/install_devices_failed: false
  grub-pc/install_devices_failed_upgrade: true
  grub-pc/install_devices_empty: false


p.H wrote:Did you try to reinstall GRUB with
Code: Select all
grub-install /dev/sdb


No, because I don't know if that works if the partition is encrypted.
I tried, in a separate attempt to fix this (I have reinstalled everything three times), to reinstall grub on my laptop, in a similar way to this: https://ubuntuforums.org/showthread.php?t=2266650

And in the process you need to decrypt the partition (and using boot-repair)... this is a side question: why is it more secure to have a USB bootloader if you can decrypt the filesystem introducing the password that way?
User avatar
Futuramama
 
Posts: 6
Joined: 2017-10-13 12:22

Re: Setting up /boot on USB for encrypted partition

Postby p.H » 2017-10-14 07:08

Futuramama wrote:grub-pc/install_devices: /dev/disk/by-id/ata-WDC_WD10JPVX-22JC3T0_WD-WX81A54EJC1J

This means that during the installation GRUB was installed in the MBR of the 1 TB Western Digital hard disk drive, not the USB pendrive. It probably explains why you cannot boot from the pendrive. You really must reinstall GRUB on the pendrive.

Futuramama wrote:
Did you try to reinstall GRUB

No, because I don't know if that works if the partition is encrypted.

The partition on the USB drive is not encrypted, is it ?

Futuramama wrote:why is it more secure to have a USB bootloader if you can decrypt the filesystem introducing the password that way?

What do yo mean by "introducing the password that way" ? How is that different from introducing the passphrase at boot time ?
More secure than what ? Boot from the internal drive ?
It is more secure than booting from the internal drive only if you keep the USB drive in a secure place.
(I assume you cannot keep the computer in a secure place, otherwise you would not need to encrypt the drive)
p.H
 
Posts: 161
Joined: 2017-09-17 07:12


Return to Installation

Who is online

Users browsing this forum: No registered users and 8 guests

fashionable