# using dm_crypt/LUKS together with LVM and the genkernel pkg

## Geralt

Hi,

I want to encrypt my LVM group's physical partitions with dm_crypt/LUKS. Since I'm using the genkernel package I'm wondering if this setup is possible with it. I couldn't find any hints in the genkernel manual page which refers to using dm_crypt and LVM. As a sidenote: I have my root-partition in my LVM group and only /boot outside of LVM.

Is it possible without any modifications to the genkernel's initramfs?

----------

## frostschutz

you could try it

otherwise, making your own initramfs from scratch is not hard:

http://en.gentoo-wiki.com/wiki/Initramfs

----------

## Geralt

Thanks, I'll have to try it then. I'll keep you posted  :Smile: 

----------

## ndse2112

I have my machine booting from an encrypted root volume that is under lvm control. Do not use a genkernel generated kernel, but i do use genkernel to generate and initrd for my kernel.

The following url has some pretty good insight into getting it working:

http://www.seiichiro0185.org/doku.php/linux:encryptedsystem

----------

## Geralt

 *ndse2112 wrote:*   

> I have my machine booting from an encrypted root volume that is under lvm control. Do not use a genkernel generated kernel, but i do use genkernel to generate and initrd for my kernel.
> 
> 

 

Thanks, that're good news. I'm using genkernel mainly to create my initramfs.

 *Quote:*   

> 
> 
> The following url has some pretty good insight into getting it working:
> 
> http://www.seiichiro0185.org/doku.php/linux:encryptedsystem

 

Thanks.

----------

## Geralt

I successfully converted my system to use LUKS, but there is one problem: cryptsetup from inside the initramfs is not working, I'm experiencing the behaviour as described in this bug report: https://bugs.gentoo.org/227359

But my kernel does include dm_crypt (built-in) and I used this very kernel and cryptsetup from my installation before converting it to use LUKS (created a test partition with it). And it's not that I'm mistyping my password, I even tried to add a simpler password and it's not working.

I really don't know why. I've set crypt_root=/dev/sda3 (which is the LUKS partition) and genkernel's initramfs is asking me to enter my password, but after this I get the 'No key available with this passphrase.' message and when calling cryptsetup from inside the shell I get the same message.

Do you have any idea what could be wrong?

I'm currently on Windows, so there's no way to get some information out of my system, if you need anything or have any suggestions I'll chroot into it via a live-cd.

----------

## frostschutz

If it's a password and not a keyfile, are you using the same keyboard layout in the initramfs that you're using normally? I have all my passwords basically stored twice in the luks, so both variants for my german keyboard layout, as well as us layout are accepted. Otherwise some kernel setting must be missing. Make sure to compile everything luks related (device mapper, crypt algorithms) into the kernel, rather than compiling them as modules. It's easy to forget a required module and unfortunately cryptsetup does not always give good error messages when it's a module that's missing.

----------

## Geralt

 *frostschutz wrote:*   

> If it's a password and not a keyfile, are you using the same keyboard layout in the initramfs that you're using normally? I have all my passwords basically stored twice in the luks, so both variants for my german keyboard layout, as well as us layout are accepted. Otherwise some kernel setting must be missing. Make sure to compile everything luks related (device mapper, crypt algorithms) into the kernel, rather than compiling them as modules. It's easy to forget a required module and unfortunately cryptsetup does not always give good error messages when it's a module that's missing.

 

After having a good night's sleep I realized that something in the kernel config is the only reasonable explanation. And after I chrooted into my system I found that the sha256 algorithm was built as a module and not built into the kernel. Now it's working, thanks for your support  :Smile: 

And the idea with two keys is a great one, I was already thinking how I can fix this one  :Smile: 

----------

