Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Fresh Debian 10.1 install, GRUB does not load anything

Ask for help with issues regarding the Installations of the Debian O/S.
Post Reply
Message
Author
HydraGene
Posts: 20
Joined: 2015-10-28 19:58

Fresh Debian 10.1 install, GRUB does not load anything

#1 Post by HydraGene »

Today I have installed Debian 10.1. I have had no obvious error messages.

I have set up my (dual boot windows 10) system as follows:
EFI boot partition
1 encrypted partition (os)
- lvm root
- lvm swap
1 encryped partition (data)
- lvm home

This gave no problem with Debian 9.

Now my laptop loads just a GRUB screen with "grub> _" flashing underscore. Nothing else happens, no error messages, etc.
I tried to reinstall (grub-install and update-grub) by rescue mode, but nothing chaged. I tried to add "GRUB_ENABLE_CRYPTODISK=y" to /etc/default/grub then run "update-grub" again but still nothing changed.

What could be wrong here?

kedaha
Posts: 3521
Joined: 2008-05-24 12:26
Has thanked: 33 times
Been thanked: 77 times

Re: Fresh Debian 10.1 install, GRUB does not load anything

#2 Post by kedaha »

have you tried any commands after the grub prompt?
For instance, what does the ls command return?

Code: Select all

grub> ls
DebianStable

Code: Select all

$ vrms

No non-free or contrib packages installed on debian!  rms would be proud.

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Fresh Debian 10.1 install, GRUB does not load anything

#3 Post by p.H »

Is /boot in the encrypted root partition or in a separate unencrypted partition ?

HydraGene
Posts: 20
Joined: 2015-10-28 19:58

Re: Fresh Debian 10.1 install, GRUB does not load anything

#4 Post by HydraGene »

kedaha wrote:have you tried any commands after the grub prompt?
For instance, what does the ls command return?

Code: Select all

grub> ls
I have no experience in grub commands, so I tried a few failed attepmts. But ls gives following output:

Code: Select all

grub> ls
(proc) (hd0) (hd0,msdos1) (hd1) (hd1,gpt5) (hd1,gpt4) (hd1,gpt3) (hd1,gpt2) (hd1,gpt1) (hd2) (hd3) (hd3,gpt4) (hd3,gpt3) (hd3,gpt2) (hd3,gpt1)
p.H wrote:Is /boot in the encrypted root partition or in a separate unencrypted partition ?
/boot is in the encrypted root partition. (I have no separate /boot partition.)
/boot/EFI however is installed at the EFI system partition which is unencrypted.
I had exactly the same setup with Debian 9, and it worked there.

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Fresh Debian 10.1 install, GRUB does not load anything

#5 Post by p.H »

You may need to run grub-install again after adding GRUB_ENABLE_CRYPTODISK=y to /etc/default/grub.
Make sure /boot/efi is mounted.

kedaha
Posts: 3521
Joined: 2008-05-24 12:26
Has thanked: 33 times
Been thanked: 77 times

Re: Fresh Debian 10.1 install, GRUB does not load anything

#6 Post by kedaha »

HydraGene wrote: I have no experience in grub commands, so I tried a few failed attempts.
I don't think many of us here are very familiar with such commands; it's not so often one gets this unfriendly grub prompt; however, I've been able to solve it a few times in the past by searching for possible solutions. See for example how-rescue-non-booting-grub-2-linux/
HydraGene wrote: But ls gives following output:

Code: Select all

grub> ls
(proc) (hd0) (hd0,msdos1) (hd1) (hd1,gpt5) (hd1,gpt4) (hd1,gpt3) (hd1,gpt2) (hd1,gpt1) (hd2) (hd3) (hd3,gpt4) (hd3,gpt3) (hd3,gpt2) (hd3,gpt1)
Try a few commands till you get the hang of it, like:

Code: Select all

grub> ls (hd0,msdos1/
grub> set root=(hd0,msdos1)
and see what they do.
DebianStable

Code: Select all

$ vrms

No non-free or contrib packages installed on debian!  rms would be proud.

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Fresh Debian 10.1 install, GRUB does not load anything

#7 Post by p.H »

This method is not appropriate with /boot in an encrypted device. You must open the encrypted device (see cryptomount in GRUB documentation).

HydraGene
Posts: 20
Joined: 2015-10-28 19:58

Re: Fresh Debian 10.1 install, GRUB does not load anything

#8 Post by HydraGene »

p.H wrote:You may need to run grub-install again after adding GRUB_ENABLE_CRYPTODISK=y to /etc/default/grub.
Make sure /boot/efi is mounted.
I have just tried this, and it gives the same result.. This was indeed the solution to Debian 9 boot problems. But this time it is as if GRUB doesn't recognize the encrypted partition.
kedaha wrote: Try a few commands till you get the hang of it, like:

Code: Select all

grub> ls (hd0,msdos1/
grub> set root=(hd0,msdos1)
and see what they do.
Alright, I've followed your link, thanks. But it mainly explains commands using unencrypted partition.
I am 100% sure (hd1,gpt4) is my encrypted root partition and (hd3,gpt2) is my encrypted home partition. I know by the size and exclusion of other partitions.

Code: Select all

ls (hd1,gpt4)
      Partition hd1,gpt4: No known filesysteem detected - Partition start at 200901632KiB - Total size 48235520KiB
ls (hd1,gpt4)/
      error: unknown filesystem.
set root=xxxxx does nothing. Gives back empty line.
p.H wrote:This method is not appropriate with /boot in an encrypted device. You must open the encrypted device (see cryptomount in GRUB documentation).
The linked page contained a link to a GRUB manual and I found cryptomount too. But I think GRUB doesn't know that these partitions are encrypted. I've tried cryptomount (hd1,gpt4) and cryptomount -a, but again just a blank line. Still unknown filesystem when using ls..

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Fresh Debian 10.1 install, GRUB does not load anything

#9 Post by p.H »

IME in EFI mode Debian installs a signed GRUB with shim for compatibility with UEFI secure boot. One difference with the standard unsigned grub is that it uses a static (because signed) core image instead of a dynamically built image. I have not checked whether this signed GRUB supports /boot encryption. You could try to install a non-signed image with

Code: Select all

grub-install --no-uefi-secure-boot

HydraGene
Posts: 20
Joined: 2015-10-28 19:58

Re: Fresh Debian 10.1 install, GRUB does not load anything

#10 Post by HydraGene »

p.H wrote:IME in EFI mode Debian installs a signed GRUB with shim for compatibility with UEFI secure boot. One difference with the standard unsigned grub is that it uses a static (because signed) core image instead of a dynamically built image. I have not checked whether this signed GRUB supports /boot encryption. You could try to install a non-signed image with

Code: Select all

grub-install --no-uefi-secure-boot
Great idea. That was the problem!

(On a side note: While you've explained it, I understand that you can't sign a dynamically built image with standard keys. However, I wonder why the installation process doesn't generate its own keys. I read on the SB Debian page that you can have MOK's. Wouldn't this solve the issue with dynamically built images?)


But now I have a new error...

Code: Select all

error: disk `lvmid/......' not found.
Entering rescue mode...
I have rried possible solutions by adding UUID to fstab, but if I do that, I get parse error on the lines with the added UUID.. And update-grub and update-grub2, but it didn't solve anything.
Do you know more things I could try?

ls now gives just (hd0) to (hd3).. ls (hd0)/ gives error: unknown filesystem

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Fresh Debian 10.1 install, GRUB does not load anything

#11 Post by p.H »

HydraGene wrote:I understand that you can't sign a dynamically built image with standard keys. However, I wonder why the installation process doesn't generate its own keys. I read on the SB Debian page that you can have MOK's. Wouldn't this solve the issue with dynamically built images?
I have not investigated into this, as I am not interested in secure boot at all. I guess that you could sign GRUB with your own keys, but you would have to add these keys to the UEFI firmware. Not sure that all firmwares allow this.
HydraGene wrote:Entering rescue mode...
So now GRUB enters rescue mode. This is not really a progress.
Does GRUB ask for a LUKS passphrase ?
HydraGene wrote:ls now gives just (hd0) to (hd3)
No partitions ? This is interesting. It means that the generated core image does not contain the partition table modules as it should.
What is the output of "lsmod" at the grub rescue prompt ?
Can you run

Code: Select all

grub-install --no-uefi-secure-boot -v > grub-install.txt 2>&1
grep mkimage grub-install.txt
and post the output ?

You can force the GPT partition table module into the core image with "--modules=part_gpt" but other modules may be missing too.

HydraGene
Posts: 20
Joined: 2015-10-28 19:58

Re: Fresh Debian 10.1 install, GRUB does not load anything

#12 Post by HydraGene »

p.H wrote: What is the output of "lsmod" at the grub rescue prompt ?

Code: Select all

grub rescue> lsmod
Unknown command `lsmod'.
grub rescue> ls mod
error: disk `lvmid/....' not found.
p.H wrote:Can you run

Code: Select all

grub-install --no-uefi-secure-boot -v > grub-install.txt 2>&1
grep mkimage grub-install.txt
and post the output ?

Code: Select all

grub-install: info: grub-mkimage --directory '/usr/lib/grub/x86_64-efi' --prefix '(lvmid/P9zCKE-3Ihw-gMRp-sxdY-7NMM-mcQM-OY0M5v/VfOE8s-niLe-r4Qi-NtYe-ULfp-iQXx-h6yjGu)/boot/grub' --output 'boot/grub/x86_64-efi/core.efi' --format 'x86_64-efi' --compression 'auto' 'ext2' 'lvm'
grub-install: info: grub-mkimage --directory '/usr/lib/grub/x86_64-efi' --prefix '' --output '/boot/grub/x86_64-efi/grub.efi' --format 'x86_64-efi' --compression 'auto' 'ext2' 'lvm'
After --prefix it is the string grub can't find.

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Fresh Debian 10.1 install, GRUB does not load anything

#13 Post by p.H »

Sigh - even lsmod isn't available in grub rescue mode...

Crypto modules and the GPT module are missing in the grub-mkimage command. Is "GRUB_ENABLE_CRYPTODISK=y" present in /etc/default/grub and without typo ? I have not tested an encrypted /boot with Buster yet, so I do not know if it is supported yet.

You could add the missing modules to grub-install with the option --modules (GPT module is part_gpt, don't know crypto module names), but it may not be enough : grub-install must also set up the core image so that it unlocks the encrypted device.

You may have to revert to an unencrypted /boot/grub at least. If there is no available partition, you can make /boot/grub a symlink to some subdirectory in the EFI partition mounted on /boot/efi.

HydraGene
Posts: 20
Joined: 2015-10-28 19:58

Re: Fresh Debian 10.1 install, GRUB does not load anything

#14 Post by HydraGene »

p.H wrote:Is "GRUB_ENABLE_CRYPTODISK=y" present in /etc/default/grub and without typo ? I have not tested an encrypted /boot with Buster yet, so I do not know if it is supported yet.
Yes, checked it and it is there.
p.H wrote:You could add the missing modules to grub-install with the option --modules (GPT module is part_gpt, don't know crypto module names), but it may not be enough : grub-install must also set up the core image so that it unlocks the encrypted device.
I tried:

Code: Select all

grub-install --no-uefi-secure-boot --modules part_gpt crypto
The partitions are now visible but still in rescue mode..
p.H wrote:You may have to revert to an unencrypted /boot/grub at least. If there is no available partition, you can make /boot/grub a symlink to some subdirectory in the EFI partition mounted on /boot/efi.
I am getting a little tired of trying too. I can make a 1GB partition besides the encrypted /root and encrypted /home, is this enough for the /boot partition? I see people write about 300-500MB and some 1GB.

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Fresh Debian 10.1 install, GRUB does not load anything

#15 Post by p.H »

HydraGene wrote:The partitions are now visible but still in rescue mode
I'm afraid that unlocking a LUKS device requires many more modules than just "crypto".
HydraGene wrote:I can make a 1GB partition besides the encrypted /root and encrypted /home, is this enough for the /boot partition?
1 GB is more than enough. You can check the current size of /boot. But I repeat that you do not have to move the whole /boot, only /boot/grub should be enough if menu entries in /boot/grub/grub.cfg contain instructions to unlock the LUKS device.

HydraGene
Posts: 20
Joined: 2015-10-28 19:58

Re: Fresh Debian 10.1 install, GRUB does not load anything

#16 Post by HydraGene »

Even 500MB was more than enough, but that doesn't matter. I went with full /boot partition (just over 60 MB on my system), to keep it simple enough for me. I still have plenty of free space for other software.
Thanks for you time and help.

Post Reply