0

I'm trying to setup a new Arch Linux installation with encrypted /boot partition, as described here: https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Encrypted_boot_partition_.28GRUB.29

I'm creating three partitions with cgdisk:

/dev/sda1 - Type ESP (ef00) Size 100MiB
/dev/sda2 - Type Linux (8300) Size 200MiB - for /boot (after encryption)
/dev/sda3 - Type Linux LVM (8e00) Size 12GiB - for / (after encryption)

Then I'm following with these commands:

mkfs.fat -F32 /dev/sda1

cryptsetup luksFormat /dev/sda2
cryptsetup open /dev/sda2 cryptoboot
mkfs.ext2 /dev/mapper/cryptoboot
mkdir /mnt/boot
mount /dev/mapper/cryptoboot /mnt/boot

mkdir /mnt/boot/efi
mount /dev/sda1 /mnt/boot/efi

cryptsetup luksFormat /dev/sda3
cryptsetup open /dev/sda3 cryptosystem
mkfs.f2fs /dev/mapper/cryptosystem
mount /dev/mapper/cryptosystem /mnt

# edit "/etc/pacman.d/mirrorlist" as needed

pacstrap /mnt base grub-efi-x86_64 efibootmgr dosfstools f2fs-tools

genfstab -U /mnt >> /mnt/etc/fstab

arch-chroot /mnt

# remember to configure time, locale, language and hostname

# edit "/etc/mkinitcpio.conf"
# HOOKS="base udev autodetect modconf block keymap encrypt lvm2 filesystems keyboard fsck"

mkinitcpio -p linux

# edit "/etc/default/grub"
# GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda3:lvm"
# GRUB_ENABLE_CRYPTODISK=y

grub-mkconfig -o /boot/grub/grub.cfg

grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=grub --recheck

I'm getting this error:

Installing for the x86_64 platform.
grub-install: error: failed to get canonical path of '/boot/efi'.

Already tried:

  • Installing the fuse2 and mtools packages;

  • Re-creating /boot/efi directory and re-mounting /dev/sda1to it, while in the chroot environment.

When using ext4 for the root partition, this last procedure works and GRUB installs - and even boots (and oddly enough, re-mounting isn't necessary, only mkdir).

But for F2FS, it's not enough, although it manages to change the error message to:

Installing for the x86_64 platform.
grub-install: error: unknown filesystem.

According to The Arch Wiki ([1], [2]) it should be possible to use F2FS for root, provided that GRUB is installed to a separate partition with another filesystem which it supports. My /boot partition is ext2. So, why won't it install?

Appreciate your help immensely.

Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
Marc.2377
  • 1,072
  • 1
  • 17
  • 41

1 Answers1

1

The solution is to pay attention to the /etc/fstab upon its generation, since genfstab doesn't add entries for /boot and /boot/efi and it must be done by hand.

After chroot, we must re-mount not only the ESP, but also the /boot partition. Then grub-install will work.

Update: Mounting /boot and the ESP should really be done AFTER mounting the root filesystem to /mnt, i.e.

# format the ESP
mkfs.fat -F32 /dev/sda1

# set up LUKS for the boot partition
cryptsetup luksFormat /dev/sda2
cryptsetup open /dev/sda2 cryptoboot
mkfs.ext2 /dev/mapper/cryptoboot

# same for the root partition
cryptsetup luksFormat /dev/sda3
cryptsetup open /dev/sda3 cryptosystem
mkfs.f2fs /dev/mapper/cryptosystem

# mount root, and only then, mount /boot and the ESP, in that order
mount /dev/mapper/cryptosystem /mnt

mkdir /mnt/boot
mount /dev/mapper/cryptoboot /mnt/boot

mkdir /mnt/boot/efi
mount /dev/sda1 /mnt/boot/efi

# edit "/etc/pacman.d/mirrorlist", then continue with pacstrap etc

It is a matter of logic. If we do things in that order, genfstab will correctly generate entries for all partitions and everything will work just fine.

Marc.2377
  • 1,072
  • 1
  • 17
  • 41