Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Fresh Debian 10.1 install, GRUB does not load anything
Fresh Debian 10.1 install, GRUB does not load anything
Today I have installed Debian 10.1. I have had no obvious error messages.
I have set up my (dual boot windows 10) system as follows:
EFI boot partition
1 encrypted partition (os)
- lvm root
- lvm swap
1 encryped partition (data)
- lvm home
This gave no problem with Debian 9.
Now my laptop loads just a GRUB screen with "grub> _" flashing underscore. Nothing else happens, no error messages, etc.
I tried to reinstall (grub-install and update-grub) by rescue mode, but nothing chaged. I tried to add "GRUB_ENABLE_CRYPTODISK=y" to /etc/default/grub then run "update-grub" again but still nothing changed.
What could be wrong here?
I have set up my (dual boot windows 10) system as follows:
EFI boot partition
1 encrypted partition (os)
- lvm root
- lvm swap
1 encryped partition (data)
- lvm home
This gave no problem with Debian 9.
Now my laptop loads just a GRUB screen with "grub> _" flashing underscore. Nothing else happens, no error messages, etc.
I tried to reinstall (grub-install and update-grub) by rescue mode, but nothing chaged. I tried to add "GRUB_ENABLE_CRYPTODISK=y" to /etc/default/grub then run "update-grub" again but still nothing changed.
What could be wrong here?
Re: Fresh Debian 10.1 install, GRUB does not load anything
have you tried any commands after the grub prompt?
For instance, what does the ls command return?
For instance, what does the ls command return?
Code: Select all
grub> ls
DebianStable
Code: Select all
$ vrms
No non-free or contrib packages installed on debian! rms would be proud.
Re: Fresh Debian 10.1 install, GRUB does not load anything
I have no experience in grub commands, so I tried a few failed attepmts. But ls gives following output:kedaha wrote:have you tried any commands after the grub prompt?
For instance, what does the ls command return?Code: Select all
grub> ls
Code: Select all
grub> ls
(proc) (hd0) (hd0,msdos1) (hd1) (hd1,gpt5) (hd1,gpt4) (hd1,gpt3) (hd1,gpt2) (hd1,gpt1) (hd2) (hd3) (hd3,gpt4) (hd3,gpt3) (hd3,gpt2) (hd3,gpt1)
/boot is in the encrypted root partition. (I have no separate /boot partition.)p.H wrote:Is /boot in the encrypted root partition or in a separate unencrypted partition ?
/boot/EFI however is installed at the EFI system partition which is unencrypted.
I had exactly the same setup with Debian 9, and it worked there.
Re: Fresh Debian 10.1 install, GRUB does not load anything
I don't think many of us here are very familiar with such commands; it's not so often one gets this unfriendly grub prompt; however, I've been able to solve it a few times in the past by searching for possible solutions. See for example how-rescue-non-booting-grub-2-linux/HydraGene wrote: I have no experience in grub commands, so I tried a few failed attempts.
Try a few commands till you get the hang of it, like:HydraGene wrote: But ls gives following output:Code: Select all
grub> ls (proc) (hd0) (hd0,msdos1) (hd1) (hd1,gpt5) (hd1,gpt4) (hd1,gpt3) (hd1,gpt2) (hd1,gpt1) (hd2) (hd3) (hd3,gpt4) (hd3,gpt3) (hd3,gpt2) (hd3,gpt1)
Code: Select all
grub> ls (hd0,msdos1/
grub> set root=(hd0,msdos1)
DebianStable
Code: Select all
$ vrms
No non-free or contrib packages installed on debian! rms would be proud.
-
- Global Moderator
- Posts: 3049
- Joined: 2017-09-17 07:12
- Has thanked: 5 times
- Been thanked: 132 times
Re: Fresh Debian 10.1 install, GRUB does not load anything
This method is not appropriate with /boot in an encrypted device. You must open the encrypted device (see cryptomount in GRUB documentation).
Re: Fresh Debian 10.1 install, GRUB does not load anything
I have just tried this, and it gives the same result.. This was indeed the solution to Debian 9 boot problems. But this time it is as if GRUB doesn't recognize the encrypted partition.p.H wrote:You may need to run grub-install again after adding GRUB_ENABLE_CRYPTODISK=y to /etc/default/grub.
Make sure /boot/efi is mounted.
Alright, I've followed your link, thanks. But it mainly explains commands using unencrypted partition.kedaha wrote: Try a few commands till you get the hang of it, like:and see what they do.Code: Select all
grub> ls (hd0,msdos1/ grub> set root=(hd0,msdos1)
I am 100% sure (hd1,gpt4) is my encrypted root partition and (hd3,gpt2) is my encrypted home partition. I know by the size and exclusion of other partitions.
Code: Select all
ls (hd1,gpt4)
Partition hd1,gpt4: No known filesysteem detected - Partition start at 200901632KiB - Total size 48235520KiB
ls (hd1,gpt4)/
error: unknown filesystem.
The linked page contained a link to a GRUB manual and I found cryptomount too. But I think GRUB doesn't know that these partitions are encrypted. I've tried cryptomount (hd1,gpt4) and cryptomount -a, but again just a blank line. Still unknown filesystem when using ls..p.H wrote:This method is not appropriate with /boot in an encrypted device. You must open the encrypted device (see cryptomount in GRUB documentation).
-
- Global Moderator
- Posts: 3049
- Joined: 2017-09-17 07:12
- Has thanked: 5 times
- Been thanked: 132 times
Re: Fresh Debian 10.1 install, GRUB does not load anything
IME in EFI mode Debian installs a signed GRUB with shim for compatibility with UEFI secure boot. One difference with the standard unsigned grub is that it uses a static (because signed) core image instead of a dynamically built image. I have not checked whether this signed GRUB supports /boot encryption. You could try to install a non-signed image with
Code: Select all
grub-install --no-uefi-secure-boot
Re: Fresh Debian 10.1 install, GRUB does not load anything
Great idea. That was the problem!p.H wrote:IME in EFI mode Debian installs a signed GRUB with shim for compatibility with UEFI secure boot. One difference with the standard unsigned grub is that it uses a static (because signed) core image instead of a dynamically built image. I have not checked whether this signed GRUB supports /boot encryption. You could try to install a non-signed image withCode: Select all
grub-install --no-uefi-secure-boot
(On a side note: While you've explained it, I understand that you can't sign a dynamically built image with standard keys. However, I wonder why the installation process doesn't generate its own keys. I read on the SB Debian page that you can have MOK's. Wouldn't this solve the issue with dynamically built images?)
But now I have a new error...
Code: Select all
error: disk `lvmid/......' not found.
Entering rescue mode...
Do you know more things I could try?
ls now gives just (hd0) to (hd3).. ls (hd0)/ gives error: unknown filesystem
-
- Global Moderator
- Posts: 3049
- Joined: 2017-09-17 07:12
- Has thanked: 5 times
- Been thanked: 132 times
Re: Fresh Debian 10.1 install, GRUB does not load anything
I have not investigated into this, as I am not interested in secure boot at all. I guess that you could sign GRUB with your own keys, but you would have to add these keys to the UEFI firmware. Not sure that all firmwares allow this.HydraGene wrote:I understand that you can't sign a dynamically built image with standard keys. However, I wonder why the installation process doesn't generate its own keys. I read on the SB Debian page that you can have MOK's. Wouldn't this solve the issue with dynamically built images?
So now GRUB enters rescue mode. This is not really a progress.HydraGene wrote:Entering rescue mode...
Does GRUB ask for a LUKS passphrase ?
No partitions ? This is interesting. It means that the generated core image does not contain the partition table modules as it should.HydraGene wrote:ls now gives just (hd0) to (hd3)
What is the output of "lsmod" at the grub rescue prompt ?
Can you run
Code: Select all
grub-install --no-uefi-secure-boot -v > grub-install.txt 2>&1
grep mkimage grub-install.txt
You can force the GPT partition table module into the core image with "--modules=part_gpt" but other modules may be missing too.
Re: Fresh Debian 10.1 install, GRUB does not load anything
p.H wrote: What is the output of "lsmod" at the grub rescue prompt ?
Code: Select all
grub rescue> lsmod
Unknown command `lsmod'.
grub rescue> ls mod
error: disk `lvmid/....' not found.
p.H wrote:Can you runand post the output ?Code: Select all
grub-install --no-uefi-secure-boot -v > grub-install.txt 2>&1 grep mkimage grub-install.txt
Code: Select all
grub-install: info: grub-mkimage --directory '/usr/lib/grub/x86_64-efi' --prefix '(lvmid/P9zCKE-3Ihw-gMRp-sxdY-7NMM-mcQM-OY0M5v/VfOE8s-niLe-r4Qi-NtYe-ULfp-iQXx-h6yjGu)/boot/grub' --output 'boot/grub/x86_64-efi/core.efi' --format 'x86_64-efi' --compression 'auto' 'ext2' 'lvm'
grub-install: info: grub-mkimage --directory '/usr/lib/grub/x86_64-efi' --prefix '' --output '/boot/grub/x86_64-efi/grub.efi' --format 'x86_64-efi' --compression 'auto' 'ext2' 'lvm'
-
- Global Moderator
- Posts: 3049
- Joined: 2017-09-17 07:12
- Has thanked: 5 times
- Been thanked: 132 times
Re: Fresh Debian 10.1 install, GRUB does not load anything
Sigh - even lsmod isn't available in grub rescue mode...
Crypto modules and the GPT module are missing in the grub-mkimage command. Is "GRUB_ENABLE_CRYPTODISK=y" present in /etc/default/grub and without typo ? I have not tested an encrypted /boot with Buster yet, so I do not know if it is supported yet.
You could add the missing modules to grub-install with the option --modules (GPT module is part_gpt, don't know crypto module names), but it may not be enough : grub-install must also set up the core image so that it unlocks the encrypted device.
You may have to revert to an unencrypted /boot/grub at least. If there is no available partition, you can make /boot/grub a symlink to some subdirectory in the EFI partition mounted on /boot/efi.
Crypto modules and the GPT module are missing in the grub-mkimage command. Is "GRUB_ENABLE_CRYPTODISK=y" present in /etc/default/grub and without typo ? I have not tested an encrypted /boot with Buster yet, so I do not know if it is supported yet.
You could add the missing modules to grub-install with the option --modules (GPT module is part_gpt, don't know crypto module names), but it may not be enough : grub-install must also set up the core image so that it unlocks the encrypted device.
You may have to revert to an unencrypted /boot/grub at least. If there is no available partition, you can make /boot/grub a symlink to some subdirectory in the EFI partition mounted on /boot/efi.
Re: Fresh Debian 10.1 install, GRUB does not load anything
Yes, checked it and it is there.p.H wrote:Is "GRUB_ENABLE_CRYPTODISK=y" present in /etc/default/grub and without typo ? I have not tested an encrypted /boot with Buster yet, so I do not know if it is supported yet.
I tried:p.H wrote:You could add the missing modules to grub-install with the option --modules (GPT module is part_gpt, don't know crypto module names), but it may not be enough : grub-install must also set up the core image so that it unlocks the encrypted device.
Code: Select all
grub-install --no-uefi-secure-boot --modules part_gpt crypto
I am getting a little tired of trying too. I can make a 1GB partition besides the encrypted /root and encrypted /home, is this enough for the /boot partition? I see people write about 300-500MB and some 1GB.p.H wrote:You may have to revert to an unencrypted /boot/grub at least. If there is no available partition, you can make /boot/grub a symlink to some subdirectory in the EFI partition mounted on /boot/efi.
-
- Global Moderator
- Posts: 3049
- Joined: 2017-09-17 07:12
- Has thanked: 5 times
- Been thanked: 132 times
Re: Fresh Debian 10.1 install, GRUB does not load anything
I'm afraid that unlocking a LUKS device requires many more modules than just "crypto".HydraGene wrote:The partitions are now visible but still in rescue mode
1 GB is more than enough. You can check the current size of /boot. But I repeat that you do not have to move the whole /boot, only /boot/grub should be enough if menu entries in /boot/grub/grub.cfg contain instructions to unlock the LUKS device.HydraGene wrote:I can make a 1GB partition besides the encrypted /root and encrypted /home, is this enough for the /boot partition?
Re: Fresh Debian 10.1 install, GRUB does not load anything
Even 500MB was more than enough, but that doesn't matter. I went with full /boot partition (just over 60 MB on my system), to keep it simple enough for me. I still have plenty of free space for other software.
Thanks for you time and help.
Thanks for you time and help.