Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Setting up /boot on USB for encrypted partition
- Futuramama
- Posts: 6
- Joined: 2017-10-13 12:22
Setting up /boot on USB for encrypted partition
I installed an encrypted LVM with Debian Jessie on an extended partition and setup a USB Boot Key Disk to load into the system. However, when I boot into the USB it just shows a black screen with a blinking cursor.
I'd like to know if this is because it is an extended and not primary partition, and, if there is something wrong with the files in the USB, how can I reinstall or modify them.
I'd like to know if this is because it is an extended and not primary partition, and, if there is something wrong with the files in the USB, how can I reinstall or modify them.
- GarryRicketson
- Posts: 5644
- Joined: 2015-01-20 22:16
- Location: Durango, Mexico
Re: Setting up /boot on USB for encrypted partition
Well, according to this :
https://www.tecmint.com/install-debian- ... artitions/
https://debian-handbook.info/browse/sta ... steps.html
Since this is a very common procedure, and many people have done this,
there is plenty of tutorials and info:
Setting up /boot on USB for encrypted partition using Debian
It might help if you tell us more about exactly what you have done, and what you tried when you did some searches, so we don't refer you to things that you all ready tried.
https://www.tecmint.com/install-debian- ... artitions/
And this also says it should be a primary partition:Use at least 8 GB as its size and as Primary partition at the Beginning of the disk.
https://debian-handbook.info/browse/sta ... steps.html
Since this is a very common procedure, and many people have done this,
there is plenty of tutorials and info:
Setting up /boot on USB for encrypted partition using Debian
It might help if you tell us more about exactly what you have done, and what you tried when you did some searches, so we don't refer you to things that you all ready tried.
"What we expect you have already Done"
==========
Old Website
======================
For the Birds
==================
What Does a Parrot Know About PTSD?
==========
Old Website
======================
For the Birds
==================
What Does a Parrot Know About PTSD?
-
- Global Moderator
- Posts: 3049
- Joined: 2017-09-17 07:12
- Has thanked: 5 times
- Been thanked: 132 times
Re: Setting up /boot on USB for encrypted partition
What does the USB boot drive contain exactly ? GRUB + a /boot partition ?Futuramama wrote:I installed an encrypted LVM with Debian Jessie on an extended partition and setup a USB Boot Key Disk to load into the system. However, when I boot into the USB it just shows a black screen with a blinking cursor.
BIOS/legacy or EFI boot ? If BIOS/legacy, did you create a DOS partition table on the USB drive and set the boot flag on any partition defined in the table ? Some BIOS/EFI firmwares require it.
No, irrelevant.Futuramama wrote:I'd like to know if this is because it is an extended and not primary partition
However using extended and logical partitions when it is not needed is a bad idea.
This is for the root partition. A /boot partition requires much less space, below 100 MB unless you're going to install a lot of kernels.GarryRicketson wrote:Use at least 8 GB as its size
- Futuramama
- Posts: 6
- Joined: 2017-10-13 12:22
Re: Setting up /boot on USB for encrypted partition
The files in the USB are:p.H wrote: What does the USB boot drive contain exactly ? GRUB + a /boot partition ?
/grub/grub.cfg ----------------------------Text
/grub/unicode.pf2 -----------------------Binary
config-3.16.0-4-amd64 ----------------Text
initrd.img-3.16.0-4-amd64 ------------Archive
System.map-3.16.0-4-amd64 -------Text
vmlinuz-3.16.0-4-amd64 ---------------Program
Yes, BIOS/Legacy. I don't know about the second one, I just followed the Debian installation and selected 'use as: Ext4 journaling file system' and the mount point on /boot.p.H wrote: BIOS/legacy or EFI boot ? If BIOS/legacy, did you create a DOS partition table on the USB drive and set the boot flag on any partition defined in the table ? Some BIOS/EFI firmwares require it.
- Futuramama
- Posts: 6
- Joined: 2017-10-13 12:22
Re: Setting up /boot on USB for encrypted partition
I did make the partition on the USB primary. In fact, the first link is pretty much the same screens I had and the same steps I took.GarryRicketson wrote:Well, according to this :
https://www.tecmint.com/install-debian- ... artitions/And this also says it should be a primary partition:Use at least 8 GB as its size and as Primary partition at the Beginning of the disk.
https://debian-handbook.info/browse/sta ... steps.html
Since this is a very common procedure, and many people have done this,
there is plenty of tutorials and info:
Setting up /boot on USB for encrypted partition using Debian
It might help if you tell us more about exactly what you have done, and what you tried when you did some searches, so we don't refer you to things that you all ready tried.
But with the boot loader in a separate USB, which I am aware it is possible to make.
-
- Global Moderator
- Posts: 3049
- Joined: 2017-09-17 07:12
- Has thanked: 5 times
- Been thanked: 132 times
Re: Setting up /boot on USB for encrypted partition
This looks like the contents of /boot. But there should also be a "grub/i386-pc" directory containing plenty of *.mod files and a few other files.Futuramama wrote:The files in the USB are
Use what ? The whole drive or a partition ?Futuramama wrote:I don't know about the second one, I just followed the Debian installation and selected 'use as: Ext4 journaling file system' and the mount point on /boot.
The installer gives the option to set the boot flag on a partition.
Please post the output of "fdisk -l" with the USB drive plugged.
- Futuramama
- Posts: 6
- Joined: 2017-10-13 12:22
Re: Setting up /boot on USB for encrypted partition
That's all I can see in my drive.p.H wrote: This looks like the contents of /boot. But there should also be a "grub/i386-pc" directory containing plenty of *.mod files and a few other files.
The whole USB drive.p.H wrote: Use what ? The whole drive or a partition ?
p.H wrote: Please post the output of "fdisk -l" with the USB drive plugged.
Code: Select all
Partition 4 does not start on physical sector boundary.
Disk /dev/sda: 931,5 GiB, 1000204886016 bytes, 1953525168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: dos
Disk identifier: 0xee515c8a
Device Boot Start End Sectors Size Id Type
/dev/sda1 2048 634302463 634300416 302,5G 83 Linux
/dev/sda2 * 1517465600 1518489599 1024000 500M 7 HPFS/NTFS/exFAT
/dev/sda3 1518489600 1953523711 435034112 207,5G 7 HPFS/NTFS/exFAT
/dev/sda4 634304510 829614079 195309570 93,1G 5 Extended
/dev/sda5 634304512 829614079 195309568 93,1G 83 Linux
Partition table entries are not in disk order.
Disk /dev/sdb: 3,8 GiB, 4009754624 bytes, 7831552 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x6f1d7210
Device Boot Start End Sectors Size Id Type
/dev/sdb1 2048 7829503 7827456 3,8G 83 Linux
-
- Global Moderator
- Posts: 3049
- Joined: 2017-09-17 07:12
- Has thanked: 5 times
- Been thanked: 132 times
Re: Setting up /boot on USB for encrypted partition
Weird that you do not have the grub/i386-pc directory.
Do not confuse "use the whole device /dev/sdb" and "use the single partition /dev/sdb1 which takes all the available space on the device /dev/sdb". So, which one is it ? Is the ext4 filesystem mounted on /boot in /dev/sdb or /dev/sdb1 ?
In any case, you may need to set the boot flag on sdb1 to make the USB drive bootable.
According to fdisk, there is a partition table on the drive, with a single partition taking all the available space.Futuramama wrote:The whole USB drive.
Do not confuse "use the whole device /dev/sdb" and "use the single partition /dev/sdb1 which takes all the available space on the device /dev/sdb". So, which one is it ? Is the ext4 filesystem mounted on /boot in /dev/sdb or /dev/sdb1 ?
In any case, you may need to set the boot flag on sdb1 to make the USB drive bootable.
Code: Select all
fdisk /dev/sdb
a
1 (number 1, not letter l)
w
- Futuramama
- Posts: 6
- Joined: 2017-10-13 12:22
Re: Setting up /boot on USB for encrypted partition
I already tried with the bootable flag enabled, and still the same black screen with the blinking cursor.
-
- Global Moderator
- Posts: 3049
- Joined: 2017-09-17 07:12
- Has thanked: 5 times
- Been thanked: 132 times
Re: Setting up /boot on USB for encrypted partition
What is the output of
Did you try to reinstall GRUB with
Code: Select all
debconf-show grub-pc | grep install
Code: Select all
grub-install /dev/sdb
- Futuramama
- Posts: 6
- Joined: 2017-10-13 12:22
Re: Setting up /boot on USB for encrypted partition
p.H wrote:What is the output ofCode: Select all
debconf-show grub-pc | grep install
Code: Select all
* grub-pc/install_devices: /dev/disk/by-id/ata-WDC_WD10JPVX-22JC3T0_WD-WX81A54EJC1J
grub-pc/install_devices_disks_changed:
grub-pc/install_devices_failed: false
grub-pc/install_devices_failed_upgrade: true
grub-pc/install_devices_empty: false
No, because I don't know if that works if the partition is encrypted.p.H wrote: Did you try to reinstall GRUB withCode: Select all
grub-install /dev/sdb
I tried, in a separate attempt to fix this (I have reinstalled everything three times), to reinstall grub on my laptop, in a similar way to this: https://ubuntuforums.org/showthread.php?t=2266650
And in the process you need to decrypt the partition (and using boot-repair)... this is a side question: why is it more secure to have a USB bootloader if you can decrypt the filesystem introducing the password that way?
-
- Global Moderator
- Posts: 3049
- Joined: 2017-09-17 07:12
- Has thanked: 5 times
- Been thanked: 132 times
Re: Setting up /boot on USB for encrypted partition
This means that during the installation GRUB was installed in the MBR of the 1 TB Western Digital hard disk drive, not the USB pendrive. It probably explains why you cannot boot from the pendrive. You really must reinstall GRUB on the pendrive.Futuramama wrote:grub-pc/install_devices: /dev/disk/by-id/ata-WDC_WD10JPVX-22JC3T0_WD-WX81A54EJC1J
The partition on the USB drive is not encrypted, is it ?Futuramama wrote:No, because I don't know if that works if the partition is encrypted.Did you try to reinstall GRUB
What do yo mean by "introducing the password that way" ? How is that different from introducing the passphrase at boot time ?Futuramama wrote:why is it more secure to have a USB bootloader if you can decrypt the filesystem introducing the password that way?
More secure than what ? Boot from the internal drive ?
It is more secure than booting from the internal drive only if you keep the USB drive in a secure place.
(I assume you cannot keep the computer in a secure place, otherwise you would not need to encrypt the drive)