Open doodlebro opened 9 months ago
Jira ticket: AR-2068
It passes compilation when added:
--- a/extensions/grub.sh
+++ b/extensions/grub.sh
@@ -276,6 +276,7 @@ configure_grub() {
GRUB_DISABLE_OS_PROBER=false # Have to be explicit about enabling os-prober
GRUB_FONT="/usr/share/grub/unicode.pf2" # Be explicit about the font to use so Ubuntu does not freak out and mess gfxterm
GRUB_GFXPAYLOAD=keep
+ GRUB_ENABLE_CRYPTODISK=y
... but resulting image does not work properly. Grub prompts for password, it prompts for disk-unlock but then it doesn't mount /root ... so there is some other problem too. This needs deeper inspection.
Thanks for confirming, my last successful build was Jan 21st at 1:21 UTC. Hope it helps.
Adding a few notes as I found time to debug parts of this:
The main issue comes from forced encryption on the boot partition by grub, but I'm not sure when this started. Forcing encrypted /boot breaks remote access since the password must be entered at the grub menu.
Prior to Jan 21st, using the Armbian build flag "CRYPTROOT_ENABLE=yes" only encrypted the root partition, which allowed grub to boot into the initramfs so that I can remotely unlock the root partition. I would expect this to be preserved, or at least have a flag for the boot partition's inclusion.
I don't think we want "GRUB_ENABLE_CRYPTODISK=y" added to extensions/grub.sh for every build, or at all in my case. When I add this, images build and boot alright, so forced encryption of /boot by grub seems like the only thing to handle.
Using branch=v24.08, I successfully compiled an arm64 distro, but encountered the same issue when compiling the x86 distro.
What happened?
Building with CRYPTROOT_ENABLE=yes leads to an error with grub configuration. Built on docker with a Mac.
grub-install: error: attempt to install to encrypted disk without cryptodisk enabled. Set
GRUB_ENABLE_CRYPTODISK=y' in file
/etc/default/grub'.How to reproduce?
./compile.sh build SHARE_LOG=yes BOARD=uefi-x86 BOOTSIZE=1024 BRANCH=current BUILD_DESKTOP=no BUILD_MINIMAL=no CRYPTROOT_ENABLE=yes CRYPTROOT_PASSPHRASE=PASSWORD CRYPTROOT_SSH_UNLOCK_PORT=22 INSTALL_HEADERS=yes KERNEL_CONFIGURE=prebuilt KERNEL_GIT=shallow RELEASE=bookworm ROOTFS_TYPE=btrfs BTRFS_COMPRESSION=zstd:5 COMPRESS_OUTPUTIMAGE=gz PROGRESS_DISPLAY=none;
Branch
main (main development branch)
On which host OS are you observing this problem?
Jammy
Relevant log URL
https://paste.armbian.com/fejaheneno
Code of Conduct