-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Build broken with CRYPTROOT_ENABLE=yes #6280
Comments
Jira ticket: AR-2068 |
It passes compilation when added:
... but resulting image does not work properly. Grub prompts for password, it prompts for disk-unlock but then it doesn't mount /root ... so there is some other problem too. This needs deeper inspection. |
Thanks for confirming, my last successful build was Jan 21st at 1:21 UTC. Hope it helps. |
Adding a few notes as I found time to debug parts of this: The main issue comes from forced encryption on the boot partition by grub, but I'm not sure when this started. Forcing encrypted /boot breaks remote access since the password must be entered at the grub menu. Prior to Jan 21st, using the Armbian build flag "CRYPTROOT_ENABLE=yes" only encrypted the root partition, which allowed grub to boot into the initramfs so that I can remotely unlock the root partition. I would expect this to be preserved, or at least have a flag for the boot partition's inclusion. I don't think we want "GRUB_ENABLE_CRYPTODISK=y" added to extensions/grub.sh for every build, or at all in my case. When I add this, images build and boot alright, so forced encryption of /boot by grub seems like the only thing to handle. |
Using branch=v24.08, I successfully compiled an arm64 distro, but encountered the same issue when compiling the x86 distro. |
What happened?
Building with CRYPTROOT_ENABLE=yes leads to an error with grub configuration. Built on docker with a Mac.
grub-install: error: attempt to install to encrypted disk without cryptodisk enabled. Set
GRUB_ENABLE_CRYPTODISK=y' in file
/etc/default/grub'.How to reproduce?
./compile.sh build SHARE_LOG=yes BOARD=uefi-x86 BOOTSIZE=1024 BRANCH=current BUILD_DESKTOP=no BUILD_MINIMAL=no CRYPTROOT_ENABLE=yes CRYPTROOT_PASSPHRASE=PASSWORD CRYPTROOT_SSH_UNLOCK_PORT=22 INSTALL_HEADERS=yes KERNEL_CONFIGURE=prebuilt KERNEL_GIT=shallow RELEASE=bookworm ROOTFS_TYPE=btrfs BTRFS_COMPRESSION=zstd:5 COMPRESS_OUTPUTIMAGE=gz PROGRESS_DISPLAY=none;
Branch
main (main development branch)
On which host OS are you observing this problem?
Jammy
Relevant log URL
https://paste.armbian.com/fejaheneno
Code of Conduct
The text was updated successfully, but these errors were encountered: