How to install grub when / is encrypted (luks) and /boot is not encrypted?

crocefisso · November 13, 2022, 1:57pm

I have the following partitioning:

   |------+-------------+-----------+------+-------+----------------|
   | Name | Mount point | Flag      | Size | FS    | Comment        |
   |------+-------------+-----------+------+-------+----------------|
   | sda1 | /boot/efi   | esp, boot | 300M | FAT32 |                |
   | sda2 | /boot       |           | 2G   | EXT4  |                |
   | sda3 | /           |           |      | LUKS  | Encrypted Arch |
   | sda4 | /           |           |      | EXT4  | Clear Arch     |
   |------+-------------+-----------+------+-------+----------------|

I would like to be able to choose between an encrypted Arch and a clear Arch at boot.

Encrypted Arch’s /boot is on sda2
Clear Arch’s /boot is on sda4

I installed EOS Gnome on my laptop with this partitioning and it works great.

I tried to do the same on two intel NUC (replacing EOS Gnome by EOS Qtile due to hardware limitations).

On NUC A, the installation fails at the end during grub install (I opened a topic)
On NUC B, the installation doesn’t fail but grub only shows the clear EOS kernel (I uncommented #GRUB_DISABLE_OS_PROBER=false and did sudo grub-mkconfig -o /boot/grub/grub.cfg but it doesn’t solve the problem).

As far as I understand it, both EOS (clear and encrypted) are installed on both NUCs. So I would like to repair or reinstall grub (never tried to repair a grub before…).

I read that I should use grub-install, but I cannot find tutorials that apply to my specific partitioning (ie having a /boot partition apart from a / luks partition.

dalto · November 13, 2022, 2:08pm

There should be no need to run grub-install here and a separate /boot doesn’t require anything special.

Can you share the output from this command so we can see what is happening?

Can we also see the output from sudo efibootmgr

crocefisso · November 13, 2022, 2:25pm

On NUC B, from Clear EOS Qtile :

[guest@guest-NUC-107 ~]$ sudo grub-mkconfig -o /boot/grub/grub.cfg
[sudo] Mot de passe de guest : 
Création du fichier de configuration GRUB…
Arrière-plan trouvé : /usr/share/endeavouros/splash.png
Image Linux trouvée : /boot/vmlinuz-linux-lts
Image mémoire initiale trouvée : /boot/intel-ucode.img /boot/initramfs-linux-lts.img
Found fallback initrd image(s) in /boot:  intel-ucode.img initramfs-linux-lts-fallback.img
Image Linux trouvée : /boot/vmlinuz-linux
Image mémoire initiale trouvée : /boot/intel-ucode.img /boot/initramfs-linux.img
Found fallback initrd image(s) in /boot:  intel-ucode.img initramfs-linux-fallback.img
Attention : le sondeur de systèmes d'exploitation sera exécuté pour détecter d'autres partitions amorçables.
Sa sortie sera utilisée pour détecter les binaires amorçables qu'elles contiennent et créer de nouvelles entrées d'amorçage.
Ajout de l'entrée du menu d'amorçage pour les paramètres du firmware UEFI …
fait

[guest@guest-NUC-107 ~]$ sudo grub-mkconfig -o /run/media/guest/f7ff9904-f5c8-4b57-80aa-294679f64e74/grub/grub.cfg
Création du fichier de configuration GRUB…
Arrière-plan trouvé : /usr/share/endeavouros/splash.png
Image Linux trouvée : /boot/vmlinuz-linux-lts
Image mémoire initiale trouvée : /boot/intel-ucode.img /boot/initramfs-linux-lts.img
Found fallback initrd image(s) in /boot:  intel-ucode.img initramfs-linux-lts-fallback.img
Image Linux trouvée : /boot/vmlinuz-linux
Image mémoire initiale trouvée : /boot/intel-ucode.img /boot/initramfs-linux.img
Found fallback initrd image(s) in /boot:  intel-ucode.img initramfs-linux-fallback.img
Attention : le sondeur de systèmes d'exploitation sera exécuté pour détecter d'autres partitions amorçables.
Sa sortie sera utilisée pour détecter les binaires amorçables qu'elles contiennent et créer de nouvelles entrées d'amorçage.
Ajout de l'entrée du menu d'amorçage pour les paramètres du firmware UEFI …
fait

dalto · November 13, 2022, 2:27pm

Please provide outputs to the forum using LANG=C. For example

LANG=C sudo grub-mkconfig -o /boot/grub/grub.cfg

crocefisso · November 13, 2022, 2:38pm

[guest@guest-NUC-107 ~]$ LANG=C sudo grub-mkconfig -o /boot/grub/grub.cfg
[sudo] password for guest: 
Generating grub configuration file ...
Found background: /usr/share/endeavouros/splash.png
Found linux image: /boot/vmlinuz-linux-lts
Found initrd image: /boot/intel-ucode.img /boot/initramfs-linux-lts.img
Found fallback initrd image(s) in /boot:  intel-ucode.img initramfs-linux-lts-fallback.img
Found linux image: /boot/vmlinuz-linux
Found initrd image: /boot/intel-ucode.img /boot/initramfs-linux.img
Found fallback initrd image(s) in /boot:  intel-ucode.img initramfs-linux-fallback.img
Warning: os-prober will be executed to detect other bootable partitions.
Its output will be used to detect bootable binaries on them and create new boot entries.
Adding boot menu entry for UEFI Firmware Settings ...
done


[guest@guest-NUC-107 ~]$ LANG=C sudo grub-mkconfig -o /run/media/guest/f7ff9904-f5c8-4b57-80aa-294679f64e74/grub/grub.cfg
Generating grub configuration file ...
Found background: /usr/share/endeavouros/splash.png
Found linux image: /boot/vmlinuz-linux-lts
Found initrd image: /boot/intel-ucode.img /boot/initramfs-linux-lts.img
Found fallback initrd image(s) in /boot:  intel-ucode.img initramfs-linux-lts-fallback.img
Found linux image: /boot/vmlinuz-linux
Found initrd image: /boot/intel-ucode.img /boot/initramfs-linux.img
Found fallback initrd image(s) in /boot:  intel-ucode.img initramfs-linux-fallback.img
Warning: os-prober will be executed to detect other bootable partitions.
Its output will be used to detect bootable binaries on them and create new boot entries.
Adding boot menu entry for UEFI Firmware Settings ...
done

From NUC A I can only boot from Live USB. Shall I also run the command?

dalto · November 13, 2022, 2:47pm

Are you running these from the encrypted or unencrypted install?

Is this the grub from the other install? You shouldn’t do this. You are overwriting the grub config for that install with the grub config for this install. This will basically break that install. You probably will need to chroot in and fix that.

No, there isn’t much to be done about NUC A until you resolve the firmware issue.

Also, you didn’t share the output of sudo efibootmgr

crocefisso · November 13, 2022, 2:56pm

I am running the commands from Clear EOS Qtile on NUC B.

/run/media/guest/f7ff9904-f5c8-4b57-80aa-294679f64e74/ is the /boot partition I used when installing the encrypted EOS Qtile.

How can I chroot in and fix the mess I did?

Sorry I missed the efibootmgr part. Here it is:

[guest@guest-NUC-107 ~]$ LANG=C sudo efibootmgr 
[sudo] password for guest: 
No BootOrder is set; firmware will attempt recovery

dalto · November 13, 2022, 3:01pm

This is a serious problem. You need to figure out what is going on with the firmware on those NUCs.

Have you tried updating the BIOS?

crocefisso · November 13, 2022, 3:03pm

I can try to update bios. I didn’t have issues (except with the Bluetooth chip) with ubuntu though…

dalto · November 13, 2022, 3:08pm

There could be a lot of reasons for the differences that aren’t obvious.

If you want to test, you could boot off an Ubuntu live ISO and run efibootmgr and see. I would bet you will get the same error.

crocefisso · November 13, 2022, 4:49pm

I just installed an Encrypted and a Clear Lubuntu 22.4 on NUC A. Install worked without any problem and I can boot on both.

From the encrypted Lubuntu, LANG=C sudo efibootmgr gives

No BootOrder is set; firmware will attempt recovery

I think I will keep Lubuntu on NUC A. But I would really like to have EOS on NUC B…

dalto · November 13, 2022, 5:58pm

Seriously, this is broken. You need to focus on fixing this issue before you worry about installing OSes.

That is probably why os-prober is failing to discover the other operating systems.

crocefisso · November 13, 2022, 6:18pm

Firstly, even if I fully believe you when you say it is a serious issue, my GNU/Linux is too limited to understand why it is an issue.
Secondly I have no idea of how to solve this issue since I don’t understand it.

dalto · November 13, 2022, 6:19pm

It doesn’t have anything to do with Linux. It is an issue with the firmware or the BIOS settings.

Start by seeing if there is a BIOS update available.

crocefisso · November 13, 2022, 6:31pm

I entered the BIOS and tried to update it, but it didn’t work. There is an update option in the bios, but it needs the NUC to be connected. Yet when I try to connect the NUC through ethernet it doesn’t work (only WiFi works, and WiFi can’t be used at bios level)…

petsam · November 13, 2022, 7:31pm

That’s something you have to point to your vendor’s documentation/support for help.
By experience, I would try to reset the BIOS, either following the user manual, or by removing power for a significant time.

crocefisso · November 14, 2022, 1:08pm

I managed to upgrade NUC A and NUC B with the latest BIOSes. Then I could install Encrypted EOS on NUC B.

On NUC B grub, encrypted and clear EOS are selectable. Encrypted EOS works well, but now clear EOS boot fails before launching Qtile.

From Crypted EOS LANG=C sudo efibootmgr gives No BootOrder is set; firmware will attempt recovery

yum13241 · November 14, 2022, 4:14pm

Hate to be blunt, but you need to set a boot order. That’s what you need to do.

crocefisso · November 14, 2022, 5:13pm

Do you have a tutorial for that?

petsam · November 14, 2022, 10:31pm

May I offer a man page?

Any error messages might help to understand the problem.