Join Log in
Score:0
D.Sync avatar Ubuntu

dracut didn't auto mount luks rootfs and stuck at Reached target Initrd Root Device for Ubuntu 20.04 LTS

bo flag
D.Sync

I spent the past few days trying to make dracut running on Ubuntu 20.04 since I wanted to use the masterkey and integrity dracut module to automatically add key to kernel keyring for EVM HMAC purpose. initramfs tools is not as intuitive.

Since dracut is originally designed for Fedora based system rather than debian, I encounter some issues.

Foreword Setup disk encryption while installing Ubuntu OS in their wizard, this automatically creates LVM and setup LV ubuntu--vg-ubuntu--lv my rootfs on /dev/sda3. Disk layout as below.

# lsblk
NAME                        MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
loop0                         7:0    0   240K  1 loop  /snap/jq/6
loop1                         7:1    0  10.6M  1 loop  /snap/helm/353
loop2                         7:2    0  99.6M  1 loop  /snap/go/9991
loop3                         7:3    0  63.2M  1 loop  /snap/core20/1634
loop4                         7:4    0    48M  1 loop  /snap/snapd/17336
loop5                         7:5    0  63.2M  1 loop  /snap/core20/1695
loop6                         7:6    0   115M  1 loop  /snap/core/13886
loop7                         7:7    0  67.8M  1 loop  /snap/lxd/22753
loop8                         7:8    0  91.8M  1 loop  /snap/lxd/23991
loop9                         7:9    0 114.9M  1 loop  /snap/core/14056
loop10                        7:10   0  99.6M  1 loop  /snap/go/9981
loop12                        7:12   0  55.6M  1 loop  /snap/core18/2632
loop13                        7:13   0  55.6M  1 loop  /snap/core18/2620
loop14                        7:14   0  95.8M  1 loop  /snap/kata-containers/2446
loop15                        7:15   0  49.7M  1 loop  /snap/snapd/17576
sda                           8:0    0    64G  0 disk
├─sda1                        8:1    0   1.1G  0 part  /boot/efi
├─sda2                        8:2    0   1.5G  0 part  /boot
└─sda3                        8:3    0  61.5G  0 part
  └─dm_crypt-0              253:0    0  61.4G  0 crypt
    └─ubuntu--vg-ubuntu--lv 253:1    0  61.4G  0 lvm   /
sr0                          11:0    1   1.2G  0 rom



# blkid
/dev/mapper/dm_crypt-0: UUID="eHKb77-BGRI-9f1l-ry8s-vDqH-7VRL-I0uTeJ" TYPE="LVM2_member"
/dev/sda1: UUID="D759-2295" TYPE="vfat" PARTUUID="4e09cb24-4fdf-4fa3-8aee-fdc8815011e9"
/dev/sda2: UUID="e1b5b05e-f625-4f9e-8463-f4e6b2a1af5f" TYPE="ext4" PARTUUID="d5ff31b9-049f-4e42-8fca-4269fcdee9e5"
/dev/sda3: UUID="6e808cdd-ea46-4254-8241-2ce5d0367be1" TYPE="crypto_LUKS" PARTUUID="c3cc4737-9743-4b53-9d96-12eb3b70ff7e"
/dev/sr0: UUID="2022-02-23-09-27-00-00" LABEL="Ubuntu-Server 20.04.4 LTS amd64" TYPE="iso9660" PTUUID="492bdcc4" PTTYPE="dos"
/dev/mapper/ubuntu--vg-ubuntu--lv: UUID="cf62929c-44b6-4f6f-9ab0-c93de3c91122" TYPE="ext4"
/dev/loop0: TYPE="squashfs"
/dev/loop1: TYPE="squashfs"
/dev/loop2: TYPE="squashfs"
/dev/loop3: TYPE="squashfs"
/dev/loop4: TYPE="squashfs"
/dev/loop5: TYPE="squashfs"
/dev/loop6: TYPE="squashfs"
/dev/loop7: TYPE="squashfs"
/dev/loop8: TYPE="squashfs"
/dev/loop9: TYPE="squashfs"
/dev/loop10: TYPE="squashfs"
/dev/loop12: TYPE="squashfs"
/dev/loop13: TYPE="squashfs"
/dev/loop14: TYPE="squashfs"
/dev/loop15: TYPE="squashfs"

For my dracut command, I refer to the root by UUID. My dracut command:

dracut -f --kernel-cmdline "rd.neednet=1 rd.auto=1 rd.luks=1 rd.luks.uuid=luks-6e808cdd-ea46-4254-8241-2ce5d0367be1 rd.lvm.lv=ubuntu-vg/ubuntu-lv root=UUID=6e808cdd-ea46-4254-8241-2ce5d0367be1 rootfstype=ext4 rootflags=rw,relatime rd.shell rd.info rd.udev.info"

I then use safeboot to automatically generate a unified kernel image EFI, signing, and insert into bootloader entry.

safeboot install-kernel linux-test-v1 kernel=/boot/vmlinuz-$(uname -r) initrd=/boot/initramfs-$(uname -r).img root=/dev/mapper/ubuntu--vg-ubuntu--lv ro evm=fix ima_tcb lsm=integrity ima_appraise=fix ima_policy=tcb ima_hash=sha256

I'm still unsure what's the relationship between dracut kernel command line versus the kernel parameter specified by safeboot. There are some commands in dracut kernel command such as rd.* which is not present in the official kernel command parameters. From what I know, the kernel parameters specified in dracut build will go into /etc/cmdline.d/01-default in the initramfs, whereas the parameter specified in safeboot will go to /proc/cmdline.

Upon reboot with this initramfs image, the system will just hang at Reached target Initrd Root Device, then timing out and enter into dracut emergency shell eventually.

Though I can still proceed to mount rootfs and switchroot using the following. But would like this to be automated. From my initial observation it seems like the /dev/mapper is not being mounted.

systemctl mask sysroot.mount
mount /dev/mapper/ubuntu--vg-ubuntu--lv /sysroot
systemctl start initrd-switch-root

Hope to get some guidance on this as I would still like to use dracut to build initramfs on Ubuntu. Thanks!

349
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.