Encrypted LVM install fails to boot

[stefanhinote]

I'm using the latest public download of Kali for amd 64, burned to dvd. Followed the docs here, and installed an encrypted LVM on a 750gb sata harddrive. Took a few days to install, but finally did, wrote grub to hdd no issues, restart computer, select kali 64bit, and upon booting I receive the following:

after grub, during boot

Code:

modeprobe cant load module microcode (....): no such device
volume group "bitpusher" not found
skipping volume group bitpusher
unable to find LVM volume bitpusher/root
gave up waiting for root device.
common problems:
boot args (cat /proc/cmdline)
root delay
missing modules (cat /proc/modules; ls /dev)
alert! /dev/mapper/bitpusher-root does not exist. dropping to a shell.

This is the boot parameters from grub:

Code:

setparams 'Debian ....'
load_video
insmod gzio
insmod part_msdos
set root=' (hd2,msdos1)'
search --no-floppy --fs-uuid --set=root 944de7d9-c10f-4b91-aead-b2c3019947cd
echo 'loading linux 3.7-trunk-amd64 ...'
linux /vmlinuz-3.7-trunk-amd64 root=/dev/mapper/bitpusher-root ro initrd=/install/gtk/initrd.gz quiet
echo 'loading initial ramdisk ...'
initrd /initrd.img-3.7-trunk-amd64

/proc/cmdline

Code:

BOOT_IMAGE=/vmlinuz-3.7-trunk-amd64 root=/dev/mapper/bitpusher-root ro initrd=/install/gtk/initrd.gz quiet

Computer has an amd64 cpu, and using sata drives. I also tried reinstalling on a smaller sata drive, but same error. For what it's worth I installed an encrypted lvm version of kali on my laptop with no issues, so I'm not fudging anything up during the install.

What other information can I provide that can help? During the install I've been using the option "put everything in one partition" the one for newbies.

Any tips, or thoughts? Much appreaciated.

[legion]

I can confirm the same issue with 1.03. I've downloaded the ISO 3 times, x86 & x64. No matter what I do, encrypted LVM installs just won't boot.

[rigolox]

Hi,

I having the same issue with a notebook HP Elitebook 2530p. After a few hours encrypted the system and then completing the installation everything goes well but after reboot the same error than you:

alert! /dev/mapper/xxx-root does not exist. dropping to a shell.

The only difference with you is that I selected /home in a separate partition.

I tried another 3 times and the same issue so before to reboot I went to another tty and cofirmed the pv, vg and lv were created fine, everything was there and /dev/mapper contained the vg files.

I don't know what is going on but something in the post-installation is buggy but you are saying you were able to install the encrypted lvm version in your laptop. Did you use the same version in both systems? I am using Kaili 1.0.3 AMD 64 bits. My HD is sata and you had the problem with a Sata hd, it is your laptop using ssd?

A normal LVM installation with /home in a separate partition completed fine and with a raw Debian 6.0.3 or 7 the LVM encrypted also completed fine and I was able to boot the system.

Thanks in advance.

[rbardoel]

I have the same issue. Just followed the installation guidelines without any problems. The hard disk is detected properly!

[stefanhinote]

Hi,

I having the same issue with a notebook HP Elitebook 2530p. After a few hours encrypted the system and then completing the installation everything goes well but after reboot the same error than you:

alert! /dev/mapper/xxx-root does not exist. dropping to a shell.

The only difference with you is that I selected /home in a separate partition.

I tried another 3 times and the same issue so before to reboot I went to another tty and cofirmed the pv, vg and lv were created fine, everything was there and /dev/mapper contained the vg files.

I don't know what is going on but something in the post-installation is buggy but you are saying you were able to install the encrypted lvm version in your laptop. Did you use the same version in both systems? I am using Kaili 1.0.3 AMD 64 bits. My HD is sata and you had the problem with a Sata hd, it is your laptop using ssd?

A normal LVM installation with /home in a separate partition completed fine and with a raw Debian 6.0.3 or 7 the LVM encrypted also completed fine and I was able to boot the system.

Thanks in advance.

I used I386 for my laptop, and using AMD64 for my desktop. Perhaps there's something buggy in the amd64 version?

[itjc]

Hi,

I confirm I have been having the same problems. Using Kali 1.0.3 AMD64. I have also tried multiple times, on 3 sets of hardware.

I have discovered that when I choose to use the mirrors to get the latest updates during the installation, I am then unable to find the volume group when restarting.

If I choose not to use the mirrors during the installation, then I get the following message after restarting:

modprobe: can't load module microcode (kernel/arch/x86/kernel/microcode.ko): No such device
Volume group "volumegroup" no found
Skipping volume group "volumegroup"
Unable to find LVM volume volumegroup/root
Unlocking the disk /dev/disk/by-uuid/<UID of Disk> (sda5_crypt)
Enter passphrase:

It looks like it fails to find the LVM volume by it's name, but then does find it by the disk UUID. Entering the password allows the system to boot up normally.

Hopefully this will allow you to still use encrypted LVM and also help pin down where the error is in the updates.

[rbardoel]

I've the same problem, both 32 and 64 bit fail. I'm using the latest version of Kali and followed the standard installation process. I'm using a HP Elitebook too, maybe something with the SSD?

[Th3Pr0ph3t]

I am getting the same/similar issue.
alert! /dev/mapper/bitpusher-root does not exist. dropping to a shell.
The biggest difference for me is I am using the i386 image (Intel i7 processor).
I am setting up a duel boot with my existing Windows 7 install. I have created the following partitions:
500 MB primary partition - /boot
50GB encrypted partition - / - Changed to twofish, Default encryption settings otherwise.

I did not setup a partition for swap, I have plenty of RAM.

[stefanhinote]

Hi,

I confirm I have been having the same problems. Using Kali 1.0.3 AMD64. I have also tried multiple times, on 3 sets of hardware.

I have discovered that when I choose to use the mirrors to get the latest updates during the installation, I am then unable to find the volume group when restarting.

If I choose not to use the mirrors during the installation, then I get the following message after restarting:



It looks like it fails to find the LVM volume by it's name, but then does find it by the disk UUID. Entering the password allows the system to boot up normally.

Hopefully this will allow you to still use encrypted LVM and also help pin down where the error is in the updates.

If I recall correctly when my laptop boots it displays the same as that, and it works perfectly. I've since installed kali without lvm and encryption, but when I get some free time I'll be sure to try this--Thanks.

[rbardoel]

The solution is simple, first mount the crypted drive:

cryptsetup luksOpen /dev/sda5 sda1_crypt
(enter password)
lvm vgchange -ay
exit

Then it boots fine. Can you guys correct this issue in the iso file?

[tr0ve]

I had this exact same issue, it couldn't see grub and start. After booting into a live installation and browsing the harddrives (did nothing at all literally browsed them) It booted... weird I know. I must of tried booting 20+ times maybe more before that and it just would not start at all and I tried numerous ways including trying all disks when trying to boot (harddisks) incase it was booting the wrong one. My error was just that it was loading the operating system and nothing happened.

[Goldenphoenix]

The solution is simple, first mount the crypted drive:

cryptsetup luksOpen /dev/sda5 sda1_crypt
(enter password)
lvm vgchange -ay
exit

Then it boots fine. Can you guys correct this issue in the iso file?

Afterwards to make this persistent edit the

Code:

/etc/crypttab

to your needs and update the initramfs with

Code:

update-initramfs -u

At least this works for me.

[sithstalker]

thanks rbardoel and Goldenphoenix I'm now able to boot into Kali

[Rawa]

Afterwards to make this persistent edit the

Code:

/etc/crypttab

to your needs and update the initramfs with

Code:

update-initramfs -u

At least this works for me.

Worked like a charm!

//R

[stefanhinote]

Thank you everyone for your help--smooth sailing from here.

(note to MOD: could you add "SOLVED" to the thread title? Thanks)

[stefanhinote]

Afterwards to make this persistent edit the

Code:

/etc/crypttab

to your needs and update the initramfs with

Code:

update-initramfs -u

At least this works for me.

For those unsure how to edit the crypttab file,
sda5 = my encrypted partition
blkid /dev/sda5
copy UUID
nano /etc/crypttab
insert new line: sda5_crypt UUID=2cfee723-b12a-49e1-8c1d-a481112c12d0 none luks

[Mr E Lusive]

insert new line: sda1_crypt UUID=00000000-0000-0000-0000-000000000000 none luks

For me it was >> sda1 << NOT sda5
I broke install 5 times trying to work that one out lol

ill drop my log in the next post for anyone having trouble

-----------------------------------------------------------------------------------------------------------------------------
Origonal problem (for googlers)

It all goes well untill I try to make the persistant changes.... I keep getting this error

:~# update-initramfs -u
update-initramfs: Generating /boot/initrd.img-3.7-trunk-amd64
cryptsetup: WARNING: invalid line in /etc/crypttab for sda1_crypt -
cryptsetup: WARNING: invalid line in /etc/crypttab for sda1_crypt -


This is what my crypttab looks like

# <target name> <source device> <key file> <options>
sda5_crypt UUID=00000000-0000-0000-0000-000000000000 none luks

Any ideas? wondering if I need to add a line for sda1 & sda2 in here aswell? Is that why Im getting 2 errors?

/dev/sda1 ext2 boot
/dev/sda2 extended
/dev/sda5 crypt-luks

[Mr E Lusive]

This is how I did it

Dropped kali-linux-1.0.3-amd64.iso on usb with pendrive linux usb installer (yumi removes install option from menu)

usb boot > Kali menu > install...

Guided - use entire disk and set up encrypted lvm

Seperate /home partition

Canceled erasing data (would take over 5 hours.. would rather bleach bit )

mirror > yes > blank

Grub mbr > yes > install finnished > reboot

Boot fail (unable to find lvm volume)

Code:

cryptsetup luksOpen /dev/sda5 sda1_crypt

enter passphrase...

Code:

lvm vgchange -ay

Code:

exit

Now it boots... but need to make persistant > open Terminal

Code:

blkid /dev/sda5

copy only the UUID without speach marks 0000000-0000-0000-0000-000000000000

Code:

nano /etc/crypttab

insert new line: sda1_crypt UUID=0000000-0000-0000-0000-000000000000 none luks

press ctrl x
press y then enter

Code:

update-initramfs -u

good luck

[potion]

I know maybe for many ppl here it is clear, but for me it wasn`t!

my solution for similar problem:
Create one small partition for boot ( not encrypted ).
And then create one big encrypted partition. If you have that encrypted partition create LVM in this partition and then in LVM you can create VG and LVs.

(if you create LVM first and then you try encrypt every Logical Volume it will stuck on similar error but you will not be able to run cryptsetup luksOpen /dev/sda5 sda5_crypt )

[r0nin]

Thanks @Mr E Lusive for sharing explicitly your solution. I want to share mine too. So you can repair you lvm encrypted partition with the Kali live iso. The steps are:

1. Boot from your live Kali *.iso.
2. Get the UUID for the encrypted partiotion:
# blkid /dev/sda5
3. Decrypt the partiotion
# cryptsetup luksOpen /dev/sda5 sda1_crypt
4. Make the volume group "kali" available, you can check your vg with # vgscan
# vgchange -ay kali
5. Make root directory in /mnt
# mkdir /mnt/root
6. Mount the decrypted kali root partiotion
# mount /dev/mapper/kali-root /mnt/root

6. Go to the root directory, chroot into the mounted kali root, make your changes, exit chroot and reboot. You need to mount also the unencrypted boot partition sda1 in /boot too.

# cd /mnt/root # or where you are preparing the chroot dir
# mount -t proc proc proc/
# mount -t sysfs sys sys/
# mount -o bind /dev dev/
//I edited my post it was /boot at first, but I think I mounted it on the newly mounted root /mnt/root/boot, so boot/
# mount /dev/sda1 boot/

# chroot /mnt/root

# vim /etc/cryptsetup
//no ""
insert new line: sda1_crypt UUID=<output UUID from # blkid /dev/sda5> none luks

# update-initramfs -u

# exit

# reboot


Enjoy your encrypted Kali distribution, and use strong pass-phrase.

[kalista]

Hey guys,

I've installed Kali Linux, which took a while.
Now I face the problem that after typing what Mr E Lusive suggested, after a reboot I get the messages "volume group kali not found..." AND the last message is "cryptsetup: evms_activate is not available" and then nothing happens.

So, after typing "update-initramfs -u" I get the above mentioned message.

@r0nin # mount /dev/mapper/kali-root /mnt/root doesn't work for me, it says /mnt/root does net exist

By the way, if I enter blkid /dev/sda5 I get a totally other UUID, but you guys say I should enter 0000000-0000-0000-0000-000000000000 in /etc/crypttab...or did you just write that for not wanting to show your UUID

Does anyone have an idea what I could do?

I really appreciate your help!

[BTK]

He used 0000000-0000-0000-0000-000000000000 as an example

[r0nin]

Hi kalista,

my root VG (volume group is called kali-root), maybe yours is called with other name that you have to find out. See how things look on my system:
$ ls -lha /dev/mapper/
total 0
drwxr-xr-x 2 root root 120 Jul 7 01:17 .
drwxr-xr-x 16 root root 3.3K Jul 7 01:18 ..
crw------T 1 root root 10, 236 Jul 7 01:17 control
lrwxrwxrwx 1 root root 7 Jul 7 01:17 kali-root -> ../dm-1
lrwxrwxrwx 1 root root 7 Jul 7 01:17 kali-swap_1 -> ../dm-2
lrwxrwxrwx 1 root root 7 Jul 7 01:17 sda1_crypt -> ../dm-0

# vgscan
Reading all physical volumes. This may take a while...
Found volume group "kali" using metadata type lvm2

# lvscan
ACTIVE '/dev/kali/root' [9.30 GiB] inherit
ACTIVE '/dev/kali/swap_1' [460.00 MiB] inherit

You can use also
# lvdisplay
and
# pvdisplay
to get information about your volumes

so @kalista that you can do on step 4 and see what you have to mount on step 5

Cheers mate

P.S. yes I also edited the UUID thing to be clearer, yes 000.. was just an example

[gun]

Thanks @Mr E Lusive for sharing explicitly your solution. I want to share mine too. So you can repair you lvm encrypted partition with the Kali live iso. The steps are:

1. Boot from your live Kali *.iso.
2. Get the UUID for the encrypted partiotion:
# blkid /dev/sda5
3. Decrypt the partiotion
# cryptsetup luksOpen /dev/sda5 sda1_crypt
4. Make the volume group "kali" available, you can check your vg with # vgscan
# vgchange -ay kali
5. Mount the decrypted kali root partiotion
# mount /dev/mapper/kali-root /mnt/root

@r0nin
everthing works great until i go to mount i get this returned
failed: No such file or directory

is there a mkdir step missing before the mount?

thanks!

[Karl886]

Hello R0nin,

Can these steps be used to allow for an encrypted install on a USB that will work on different machines? I think I ran into trouble due to my USB being assigned different device names on different systems or when other USB sticks are present. Do these steps allow the boot loader to identify the USB by its UUID instead of sdb, abc, etc...?

[tzine3]

cryptsetup luksOpen /dev/sda5 sda1_crypt
lvm vgchange -ay
Does work great. A better fix is this:
echo 'CRYPTOPTS=target=sda5_crypt,source=/dev/sda5,lvm=kali-root' > /etc/initramfs-tools/conf.d/cryptroot
cp /usr/share/initramfs-tools/hooks/cryptroot /etc/initramfs-tools/hooks/
cp /usr/share/initramfs-tools/hooks/lvm2 /etc/initramfs-tools/hooks/
cp /usr/share/initramfs-tools/scripts/local-top/cryptroot /etc/initramfs-tools/scripts/local-top/
cp /usr/share/initramfs-tools/scripts/local-top/lvm2 /etc/initramfs-tools/scripts/local-top/
update-grub
update-initramfs -u

[Fnord]

We're living under turn-key tyranny, so you guys need to make Kali turn-key stealthy. Encryption should be easy to set up, not buggy. Tor should be installed by default, similar to Tails.

Anyway, I got an encrypted install to work on 1.0.4 using the tips in this thread. "lvm vgchange -ay" just gives an error for me (no volumes), but it didn't seem to matter. I installed on my second disk, being careful to use "sdb" instead of "sda" for the incantations here. I changed the boot order in the BIOS to make my second disk first. I told it to not install grub on the MBR, then I told it to install grub on the MBR of /dev/sdb. Now it dual boots between Kali on the second drive and Windows 7 on the first drive, without modifying the Windows 7 drive, nice.

My two disks are both SSDs. It's kind of a waste for Kali not to use the first one for anything. Is there any way to have one password unlock two encrypted partitions? (I mean without having to type it twice on every reboot.)

[r0nin]

@gun yes I think I have missed that. Now I added step 5. add dir root in /mnt

Hi Karl886,
well the devices are, a unencrypted bootable partition where the bootloader is (lets say /dev/sda1), and then because of LVM (Linux Volume Manager) works with extended partition, the root partition completely encrypted as /dev/sda5. If you put it on a USB (Stick, external hard ...) it should still work, because you choose from your BIOS from which hard to boot, then that device (hard drive) will be assigned as sda (ie your USB). So it should work, just try, read a bit, then try again until it works .

[hannah]

This thread definitely helped me to solve my encrypted LVM issue. This is what I have done and hope this helps others.
I am installing kali-linux-1.0.4-amd64-mini.iso in VM VirtualBox Manager 4.2.10_Ubuntu.
When I rebooted, it drops to initramfs prompt


Run this set of commands:

Code:

cryptsetup luksOpen /dev/sda5 sda1_crypt
(enter your password)
lvm vgchange -ay
exit

Now the system should boot up.

To make it persistent:

Find UUID for the crypto volume

Code:

root@kali:~# blkid /dev/sda5
/dev/sda5: UUID="c52f337s-c94f-3071-88fb-b2521x19429f" TYPE="crypto_LUKS"

To update crypttab

Code:

root@kali:~# nano /etc/crypttab

Enter this line in this file:

sda1_crypt UUID=c52f337s-c94f-3071-88fb-b2521x19429f none luks

save and exit

Code:

root@kali:~# update-initramfs -u
update-initramfs: Generating /boot/initrd.img-3.7-trunk-amd64

Now my system boots ok.

[hfarnsworth]

So I have followed all of the above directions to a T. My system boots just fine; however, even after all this, when I open 'Computer' I see three systems: 1. CD/DVD (duh) 2. File System (even as a separate user I have uninhibited views of the root directories 3. "250 GB Solid-State Disk: 250GB Unrecognized".

When I click on the 250gb unrecognized drive I get prompted for authentication. The encryption password is not taken. The root password works but returns a "Unable to mount location - One or more block devices are holding /dev/dm-0"

Does anyone have any idea why, if I went through the steps detailed above, I would be receiving this error? Any and all help is appreciated!
Thanks in advance

[akira]

The solution is simple, first mount the crypted drive:

cryptsetup luksOpen /dev/sda5 sda1_crypt
(enter password)
lvm vgchange -ay
exit

Then it boots fine. Can you guys correct this issue in the iso file?

This is so it's SECURE! It'd be foolish to hand people the car AND the keys...

[Alohajoe5]

I have the same issue. I posted about it in this thread with details.

[g0tmi1k]

I can confirm the same issue with 1.03. I've downloaded the ISO 3 times, x86 & x64. No matter what I do, encrypted LVM installs just won't boot.

For the record, this was fixed in Kali 1.0.5.
However, if you use 'live boot' to install Kali - you'll still have the same issue (in 1.0.8). *If you install via text mode/graphic you shouldn't have this issue.*


Issue

Code:

    Voume group "kali" not found
    Skipping volume group kali
Unable to find LVM volume kali/root

Setup

Code:

root@kali:~# fdisk /dev/sda

Command (m for help): p

Disk /dev/sda: 85.9 GB, 85899345920 bytes
255 heads, 63 sectors/track, 10443 cylinders, total 167772160 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00016f95

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048      499711      248832   83  Linux
/dev/sda2          501758   167770111    83634177    5  Extended
/dev/sda5          501760   167770111    83634176   83  Linux

Command (m for help): q

root@kali:~#

Fix

Code:

root@kali:~# blkid /dev/sda5
/dev/sda5: UUID="bc73f7be-0455-421d-8fbc-63e15564141e" TYPE="crypto_LUKS" 
root@kali:~# cryptsetup luksOpen /dev/sda5 sda1_crypt
Enter passphrase for /dev/sda5: 
root@kali:~# vgchange -ay kali
  2 logical volume(s) in volume group "kali" now active
root@kali:~# mkdir -p /mnt/root
root@kali:~# mount /dev/mapper/kali-root /mnt/root/
root@kali:~# cd /mnt/root/
root@kali:/mnt/root# mount -t proc proc proc
root@kali:/mnt/root# mount -t sysfs sys sys 
root@kali:/mnt/root# mount -o bind /dev dev
root@kali:/mnt/root# mount /dev/sda1 boot
root@kali:/mnt/root# chroot .
root@kali:/# echo "sda1_crypt UUID=bc73f7be-0455-421d-8fbc-63e15564141e none luks" > /etc/crypttab 
root@kali:/# update-initramfs -u
update-initramfs: Generating /boot/initrd.img-3.14-kali1-amd64
root@kali:/# exit
exit
root@kali:/mnt/root#

Proof

[roadrunnerTX]

UPDATE 10:41 a.m.:
I can confirm g0tmi1k's statement that installing from the 'Install' selection, rather than from the 'Live' works just fine.
Any issues related to not booting in earlier releases has been fixed.
I used Kali 1.0.8

-----------------------------------------------------------------------------


Ok. I did install from a Live DVD (1.0.8).
So, I got the error listed above in the other replies to this post.
I used both Mr E Lusive and g0tmi1k's solutions -- in that order.
With both solutions, I get the same results.
In a nutshell, after the first prompt I am prompted 6 more times to re-enter my pass-phrase.
On the first prompt, I put in the correct pass-phrase and it seems like it is going to boot all the way through.
Then, I get prompted again and again and again with various info on the screen as it proceeds: See pics below.
I have found (though about an hour or so of dinking with this) that if I just hit Enter at every prompt after the first (6 more prompts) it will boot.

Here are the pics:

1st prompt:
1stPromptforPassphrase.JPG
2nd prompt:
2ndRequestforPassphrase.JPG
3rd and subsequent prompts:
3rdRequestforPassphrase.JPG

Does anyone know what is going on here?

[roadrunnerTX]

For the record, this was fixed in Kali 1.0.5.
However, if you use 'live boot' to install Kali - you'll still have the same issue (in 1.0.8). *If you install via text mode/graphic you shouldn't have this issue.*

UPDATE 10:41 a.m.:
I can confirm g0tmi1k's statement that installing from the 'Install' selection, rather than from the 'Live' works just fine.
Any issues related to not booting in earlier releases has been fixed.
I used Kali 1.0.8

[corvid]

I have to enter my pass what seems to be 5 times before boot as well. Have you found a fix for this anywhere?
Thanks.

[corvid]

So I learned something the /etc/crypttab is populated with the sda5_crypt UUID=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx none luks that is correct, at least for me.
Check and make sure that the blkid /dev/sda5 and the sda5_crypt UUID in /etc/crypttab are the same. If they are You need to

blkid /dev/sda1

copy the UUID #'s only

edit your /etc/crypttab with your entry for sda1_crypt UUID=yyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy none luks and swap the numbers. sda1 for sda5 and vise versa.

should look something like

sda1_crypt UUID=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx none luks

sda5_crypt UUID=yyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy none luks

I hope this works for you. You will still have to enter your encrypted passwd once/boot.
I dont think this is the best fix but it wirks. Encrypted lvm will still throw [Warning]'s at boot. I think it has to do with sda1 not being luks/lvm, I believe its ext2. If anyone has a better answer Im all ears.