refind + booster + encryption doesn't work for me
from 721_bipsty@lemmy.ml to linux@lemmy.ml on 20 Jul 13:39
https://lemmy.ml/post/33423320

Hello, i have problem because i can’t make it work for like a week. I tried a lot of different configurations and every time i try refind with encryption when refind starts there is no menu entry for encryptred disk, but with no encryption everything works fine. I looked a lot on arch wiki, some install scripts on github and i do what they do and it doesn’t work. Maybe anyone could help?

Script i actually use:

execute_refind() {

BLKID1=$(blkid -s UUID -o value $ROOT)
BLKID2=$(blkid -s UUID -o value $CRYPT)

    refind-install --usedefault "$ESP" --alldrivers
    touch /boot/refind_linux.conf

    if [ "$ENCRYPTION" == "yes" ] && [ "$FILESYSTEM" == "btrfs" ]
    then
        cat >> /boot/refind_linux.conf << EOF 
"Boot with minimal options"   "rd.luks.name=$BLKID2=artix root=UUID=$BLKID2 rootfstype=$FILESYSTEM  rw add_efi_memmap quiet $NVIDIA_MODESET" 
EOF
    fi

    if [ "$ENCRYPTION" == "no" ] && [ "$FILESYSTEM" == "btrfs" ]
    then
        cat >> /boot/refind_linux.conf << EOF 
"Boot with minimal options"   "rootflags=subvol=/@ root=UUID=$BLKID1 rw add_efi_memmap rootfstype=$FILESYSTEM initrd=@\boot\booster-$KERNEL.img quiet $NVIDIA_MODESET" 
EOF
    fi

    if [ "$ENCRYPTION" == "yes" ] && [ "$FILESYSTEM" != "btrfs" ]
    then
        cat >> /boot/refind_linux.conf << EOF 
"Boot with minimal options"   "rd.luks.name=$BLKID2=artix root=UUID=$BLKID2 rootfstype=$FILESYSTEM rw add_efi_memmap quiet $NVIDIA_MODESET" 
EOF
    fi

    if [ "$ENCRYPTION" == "no" ] && [ "$FILESYSTEM" != "btrfs" ]
    then
        cat >> /boot/refind_linux.conf << EOF 
"Boot with minimal options"   "root=UUID=$BLKID1 rw add_efi_memmap rootfstype=$FILESYSTEM quiet $NVIDIA_MODESET" 
EOF
    fi

        execute_modules
}

#linux

threaded - newest

just_another_person@lemmy.world on 20 Jul 15:20 next collapse

LMAO what in the world is this? Are you AI bot nonsense?

721_bipsty@lemmy.ml on 20 Jul 16:39 collapse

weakly written code?

th3raid0r@tucson.social on 20 Jul 19:10 collapse

Don’t know why the other poster is giving you such grief there. It’s important to note that when you encrypt your root partition that you can’t view it from refind. It doesn’t have a mechanism to decrypt the contents it finds.

The way to address this is to ensure that you’re using a Unified Kernel Image. Essentially, a full image of your Linux boot image that lives on your EFI partition. Keep in mind it can’t get to your personal data until it decrypts your root disk, but at least you can get things booting.

So, you should take the time to switch to a UKI boot process.

I recommend disabling secure Boot and encryption first and Getting the UKI Boot working through refind. Then add secure boot using sbctl. Then re-encrypt your discs. Since secure boot is all set up at this point, you should be able to back your decryption with your systems TPM chip.

Here’s the page on unified kernel images.

wiki.archlinux.org/title/Unified_kernel_image