Surface Pro 4 Win10 + Manjaro on uSD

At installation choose the swap partition and moount it as swap.
Okay, I don't let installer make partitions. I make partitions ready before installation and I use manual or expert or advanced or... method.

1 Like

Screenshot%20from%202019-04-22%2022-05-41
This should work, in terms of having the /dev/sdb-drive formatted as GPT, mounting nvme0n1p1 as /boot/efi(not /boot, right?).

Also, you may notice the two LUKS partitions. This changed from linuxswap and ext4 for the red and orange partitions, respectively after selecting they should be encrypted.

Please tell me you have done this.
Before installation.

1 Like

I have! :muscle:
The screenshot's first line under the partition diagrams says "Create new GPT partition table on /dev/sdb..." :slight_smile:

I just booted from the new installation. Seems much smoother. Still boot into grub recovery, however. Going to try log into my Windows OS and check if I can catch any error messages...

Use gparted! Not the installer.

1 Like

do you still want encryption?
If you want encryption, I cannot help. Because I don't do encryption.
Wipe the drive, like totally.
Make partitions ready, without encryption.
Then only install.

2 Likes

Oh. Everything seems to be working, though. Did I just risk ruining my computer or is it ruined and did I not notice it yet? :sweat_smile:

As far as my boot-experience so far, some interesting points:

  • Simply powering on the pc, I still end up in grub recover, but I took a screenshot of the error:
error: no such cryptodisk found.
error: disk `cryptouuid/d4c943...754' not found. # let me know if the full uuid is relevant to have
Entering rescue mode...
grub rescue>
  • I can get to the Manjaro GRUB just fine when I boot into UEFI en select the Manjaro boot entry. It will ask me to decrypt the drive before entering GRUB.
  • The Manjaro GRUB lists both my Manjaro and Windows installations
  • Manjaro boots just fine
  • Windows boots just fine (but Bitlocker will want to be manually unlocked with a recovery key the first time).

I'm afraid encryption is mandatory for my work. Also, personally, I don't do unencrypted devices on-the-go (e.g. laptops).

Manjaro packages are currently installing, so I'm not going to do any sudo cp-ing right now, but here is the output you asked for:

efibootmgr -v
BootCurrent: 0004
Timeout: 0 seconds
BootOrder: 0004,0005,0001,0002,0000
Boot0000* Internal Storage	FvVol(a881d567-6cb0-4eee-8435-2e72d33e45b5)/FvFile(50670071-478f-4be7-ad13-8754f379c62f)SDD.
Boot0001* USB Storage	FvVol(a881d567-6cb0-4eee-8435-2e72d33e45b5)/FvFile(50670071-478f-4be7-ad13-8754f379c62f)USB.
Boot0002* PXE Network	FvVol(a881d567-6cb0-4eee-8435-2e72d33e45b5)/FvFile(50670071-478f-4be7-ad13-8754f379c62f)PXE.
Boot0003* SurfaceFrontPage	FvVol(a881d567-6cb0-4eee-8435-2e72d33e45b5)/FvFile(4042708a-0f2d-4823-ac60-0d77b3111889)VOL+.
Boot0004* Manjaro	HD(1,GPT,7626a74d-7e69-4adf-815b-b06a09f2d6a3,0x800,0x82000)/File(\EFI\Manjaro\grubx64.efi)
Boot0005* Windows Boot Manager	HD(1,GPT,7626a74d-7e69-4adf-815b-b06a09f2d6a3,0x800,0x82000)/File(\EFI\manjaro\grubx64.efi)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}....................
cat /etc/fstab 
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a device; this may
# be used with UUID= as a more robust way to name devices that works even if
# disks are added and removed. See fstab(5).
#
# <file system>             <mount point>  <type>  <options>  <dump>  <pass>
UUID=5634-9BBE                            /boot/efi      vfat    defaults,noatime 0 2
/dev/mapper/luks-21afa5e5-ad82-4a87-94b1-88fd69cd21b0 swap           swap    defaults,noatime 0 2
/dev/mapper/luks-d4c943e7-6eb0-46ae-b85c-7327618dc754 /              ext4    defaults,noatime 0 1
sudo parted -l
Model: Generic- USB3.0 CRW -SD (scsi)
Disk /dev/sda: 128GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags: 

Number  Start   End     Size    File system  Name  Flags
 1      1049kB  12,9GB  12,9GB
 2      12,9GB  128GB   115GB


Model: Unknown (unknown)
Disk /dev/nvme0n1: 256GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags: 

Number  Start   End    Size    File system  Name                          Flags
 1      1049kB  274MB  273MB   fat32        EFI system partition          boot, esp
 2      274MB   408MB  134MB                Microsoft reserved partition  msftres
 3      408MB   253GB  253GB                Basic data partition          msftdata
 4      253GB   256GB  2716MB  ntfs         Basic data partition          hidden, diag
sudo blkid
/dev/nvme0n1p1: LABEL="SYSTEM" UUID="5634-9BBE" TYPE="vfat" PARTLABEL="EFI system partition" PARTUUID="7626a74d-7e69-4adf-815b-b06a09f2d6a3"
/dev/nvme0n1p3: TYPE="BitLocker" PARTLABEL="Basic data partition" PARTUUID="6e617b82-d5cc-4917-b4a2-606bc524c7d7"
/dev/nvme0n1p4: LABEL="Windows RE tools" UUID="74FE98D8FE989448" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="028ad5f4-c354-45e7-9a4b-989e87efb94d"
/dev/sda1: UUID="21afa5e5-ad82-4a87-94b1-88fd69cd21b0" TYPE="crypto_LUKS" PARTUUID="762d8178-62bd-4ea4-9f0e-19882743890b"
/dev/sda2: UUID="d4c943e7-6eb0-46ae-b85c-7327618dc754" TYPE="crypto_LUKS" PARTUUID="546120ec-e8cb-4b0d-880e-48dec5b7f6d3"
/dev/mapper/luks-d4c943e7-6eb0-46ae-b85c-7327618dc754: UUID="bccdf1c7-d0f0-45ff-a0ab-df028a2c5d87" TYPE="ext4"
/dev/mapper/luks-21afa5e5-ad82-4a87-94b1-88fd69cd21b0: UUID="5cb97911-3a00-4ee6-ac12-296ec0d1be2a" TYPE="swap"
/dev/nvme0n1: PTUUID="3f5ee74a-05e8-4a8d-a2ab-1b907b6ac19e" PTTYPE="gpt"
/dev/nvme0n1p2: PARTLABEL="Microsoft reserved partition" PARTUUID="a1e3226c-6fc1-4b66-b627-d36a3a9298c7"

You're on luks encryption.
If it works, fine.
Please print out (later) the boot entry of manjaro
Just the first entry will do.
Let me know also where you need to enter password for encryption. Before grub menu? And after entering entry? Once? Or twice?

Good night.

1 Like

Great line of questioning! Seems you have something in mind. I like it.
As I said in the post earlier, it will ask for decryption password before GRUB. The first install it also asked as second time after selecting the Manjaro installation. The second boot (after booting to Windows 10 for a second), it only asked for a password once, before GRUB.

I'll get back to you after sudo cp /boot/grub/x86_64-efi/core.efi /boot/efi/EFI/boot/bootx64.efi.

Okay. Got it.
Reminder. Need first menuentry of Manjaro at grub.cfg.
I (I mean @AgentS :laughing:) need this to write out a grub prompt entry to boot a broken bootloader of a luks encrypted system.

Cheers, take care, good night.

[EDIT] - When petsam have this ready, can you test it out for us?
We'll have you get the install media, start to the boot menu.
Go to prompt, at prompt type in commands.
Tell us at which part (or parts) you have to enter password.
And tell us if it boots to your installed Manjaro OS.
Assuring you it is a non-destructive testing; no harm or change will happen to your system.

1 Like

I sudo cp'd the .efi like you suggested and did a reboot. Reporting back:

  • a straight boot still gets
  • boot entry of Manjaro (is this what you mean?):
BootCurrent: 0004
Timeout: 0 seconds
BootOrder: 0004,0005,0001,0002,0000
Boot0000* Internal Storage	FvVol(a881d567-6cb0-4eee-8435-2e72d33e45b5)/FvFile(50670071-478f-4be7-ad13-8754f379c62f)SDD.
Boot0001* USB Storage	FvVol(a881d567-6cb0-4eee-8435-2e72d33e45b5)/FvFile(50670071-478f-4be7-ad13-8754f379c62f)USB.
Boot0002* PXE Network	FvVol(a881d567-6cb0-4eee-8435-2e72d33e45b5)/FvFile(50670071-478f-4be7-ad13-8754f379c62f)PXE.
Boot0003* SurfaceFrontPage	FvVol(a881d567-6cb0-4eee-8435-2e72d33e45b5)/FvFile(4042708a-0f2d-4823-ac60-0d77b3111889)VOL+.
Boot0004* Manjaro	HD(1,GPT,7626a74d-7e69-4adf-815b-b06a09f2d6a3,0x800,0x82000)/File(\EFI\Manjaro\grubx64.efi)
Boot0005* Windows Boot Manager	HD(1,GPT,7626a74d-7e69-4adf-815b-b06a09f2d6a3,0x800,0x82000)/File(\EFI\manjaro\grubx64.efi)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}....................

Also, my /etc/default/grub:

GRUB_DEFAULT=saved
GRUB_TIMEOUT=5
GRUB_TIMEOUT_STYLE=menu
GRUB_DISTRIBUTOR='Manjaro'
GRUB_CMDLINE_LINUX_DEFAULT="quiet cryptdevice=UUID=d4c943e7-6eb0-46ae-b85c-7327618dc754:luks-d4c943e7-6eb0-46ae-b85c-7327618dc754 root=/dev/mapper/luks-d4c943e7-6eb0-46ae-b85c-7327618dc754 resume=/dev/mapper/luks-d4c943e7-6eb0-46ae-b85c-7327618dc754"
GRUB_CMDLINE_LINUX=""

# If you want to enable the save default function, uncomment the following
# line, and set GRUB_DEFAULT to saved.
GRUB_SAVEDEFAULT=true

# Preload both GPT and MBR modules so that they are not missed
GRUB_PRELOAD_MODULES="part_gpt part_msdos"

# Uncomment to enable booting from LUKS encrypted devices
#GRUB_ENABLE_CRYPTODISK=y

# Uncomment to use basic console
GRUB_TERMINAL_INPUT=console

# Uncomment to disable graphical terminal
#GRUB_TERMINAL_OUTPUT=console

# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command 'videoinfo'
GRUB_GFXMODE=auto

# Uncomment to allow the kernel use the same resolution used by grub
GRUB_GFXPAYLOAD_LINUX=keep

# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
#GRUB_DISABLE_LINUX_UUID=true

# Uncomment to disable generation of recovery mode menu entries
GRUB_DISABLE_RECOVERY=true

# Uncomment and set to the desired menu colors.  Used by normal and wallpaper
# modes only.  Entries specified as foreground/background.
GRUB_COLOR_NORMAL="light-gray/black"
GRUB_COLOR_HIGHLIGHT="green/black"

# Uncomment one of them for the gfx desired, a image background or a gfxtheme
#GRUB_BACKGROUND="/usr/share/grub/background.png"
GRUB_THEME="/usr/share/grub/themes/manjaro/theme.txt"

# Uncomment to get a beep at GRUB start
#GRUB_INIT_TUNE="480 440 1"
GRUB_ENABLE_CRYPTODISK=y

Where I find this line particularly interesting:

GRUB_CMDLINE_LINUX_DEFAULT="quiet cryptdevice=UUID=d4c943e7-6eb0-46ae-b85c-7327618dc754:luks-d4c943e7-6eb0-46ae-b85c-7327618dc754 root=/dev/mapper/luks-d4c943e7-6eb0-46ae-b85c-7327618dc754 resume=/dev/mapper/luks-d4c943e7-6eb0-46ae-b85c-7327618dc754"

That UUID mentioned is the one in the error message when I do a straight boot without manual boot entry selection from UEFI.

Again, thanks for all your help! It's (been/ still is) a great learning experience for me!

I need the manjaro entry of /boot/grub/grub.cfg.
Just the first entry will do.
Thanks. And you're welcome.

Sure, I already jumped into the rabbit hole. No turning back.

This the part you require?

### BEGIN /etc/grub.d/10_linux ###
menuentry 'Manjaro Linux' --class manjaro --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-bccdf1c7-d0f0-45ff-a0ab-df028a2c5d87' {
	savedefault
	load_video
	set gfxpayload=keep
	insmod gzio
	insmod part_gpt
	insmod cryptodisk
	insmod luks
	insmod gcry_rijndael
	insmod gcry_rijndael
	insmod gcry_sha256
	insmod ext2
	cryptomount -u d4c943e76eb046aeb85c7327618dc754
	set root='cryptouuid/d4c943e76eb046aeb85c7327618dc754'
	if [ x$feature_platform_search_hint = xy ]; then
	  search --no-floppy --fs-uuid --set=root --hint='cryptouuid/d4c943e76eb046aeb85c7327618dc754'  bccdf1c7-d0f0-45ff-a0ab-df028a2c5d87
	else
	  search --no-floppy --fs-uuid --set=root bccdf1c7-d0f0-45ff-a0ab-df028a2c5d87
	fi
	linux	/boot/vmlinuz-4.19-x86_64 root=UUID=bccdf1c7-d0f0-45ff-a0ab-df028a2c5d87 rw  quiet cryptdevice=UUID=d4c943e7-6eb0-46ae-b85c-7327618dc754:luks-d4c943e7-6eb0-46ae-b85c-7327618dc754 root=/dev/mapper/luks-d4c943e7-6eb0-46ae-b85c-7327618dc754 resume=/dev/mapper/luks-d4c943e7-6eb0-46ae-b85c-7327618dc754
	initrd	/boot/intel-ucode.img /boot/initramfs-4.19-x86_64.img
}

For good measure, although you did not ask for it, two screenshots (sorry, no text...)

Screenshot%20from%202019-04-22%2023-53-07

  • The error upon 'straight boot' w/o selecting boot entry from UEFI
  • Note the UUID appears in the grub.cfg and /etc/default/grub files too

Screenshot%20from%202019-04-22%2023-53-35

  • The prompt for decrypting before I enter GRUB

I've only been asked for decrypting once the last couple boots (before GRUB).
On first boot after installing, I got asked twice: 1.) before grub, 2.) after selecting Manjaro from GRUB menu, before booting Manjaro.

Okay. Got all we need.
I'll ping you here on this topic when ready.
I'll take my time and I estimate it will be about 20 hours from now.
And you can take your time too after receiving my ping. No urgency.
I think there will be 2 or 3 tests (boots) from a livecd boot menu.
Tests A, B and C.
I'll alert petsam as well.

Cheers.

2 Likes

That's great. Wondering; are you contributing to Manjaro? Is that why you want to test things?

My day is over, work tomorrow. Signing out soon. Cheers!

Calamares have currently an issue with LUKS encryption, because of LUKS versions (1 and 2).


I don't know the current state of this on each Live installer image.
You should state the exact ISO installer image name, so others that may help know what you have used.
Also read the discussion on the 18.04 RC

2 Likes

Interesting reads, thanks.

To answer your request:

The installer's image name is manjaro-gnome-18.0.4-stable-x86_64.iso. If you need I can include the .sig file I used to verify the ISO.

Ping @infallible_haibt @AgentS

From my point of view, everyone here is contributing and that includes you.
The problem is the expectation of a quid pro quo. But let's leave this heavy stuff to the wise women to determine what's good capitalism and what's bad socialism. We simple folks just have to think for ourselves what's right and what's wrong.

Right, let's get on it.

@AgentS, please go through the commands below, let me know if there's anything you think we should add or change. Thanks.

@infallible_haibt, just a reminder
Start up 18.04 livecd in uefi.
Do not boot up to live OS, but press ‘c’ at the menu and we’ll get to the grub prompt (grub>).
At all times, whenever you are asked to input the password, please indicate which command you are required to do so.
If error, always print out output error message with the input command.

##################################################
TEST A

grub> search.file /etc/manjaro-release

please print out output

grub> search.file /etc/manjaro-release root
grub> echo $root

please print out output

grub> probe -u $root --set=abc
grub> echo $abc

please print out output
If output is 'd4c943e7-6eb0-46ae-b85c-7327618dc754'
Continue (No need to stop here to report, just continue, report later)

grub> configfile /boot/grub/grub.cfg

DONE
Does it boot?
####################################################

TEST B
Boot up again livecd to livecd boot menu and go to grub prompt.

grub> insmod cryptodisk
grub> insmod luks
grub> insmod gcry_rijndael
grub> insmod gcry_rijndael
grub> insmod gcry_sha256



grub> search.file /etc/manjaro-release  root
grub> probe -u $root --set=abc


grub> cryptomount -u $abc
grub> set root='cryptouuid/$abc'


grub> linux   /boot/vmlinuz-4.19-x86_64 root=/dev/mapper/luks-$abc rw cryptdevice=UUID=$abc:luks-$abc root=/dev/mapper/luks-$abc 
grub> initrd  /boot/initramfs-4.19-x86_64.img
grub> boot

DONE
Does it boot?

#####################################################

I'll probably be able to get to this tonight (CEST). How do I print the output though? I'm not that familiar with grub.
Is there some sort of echo $root > somefile.txtconstruct in grub? What would be the right location to print to? Since it is a Live Boot USB.

Yes, you're right.
Copy down then. The output should not be too long. As for the uuid part, write down the uuid 'd4c943e7-6eb0-46ae-b85c-7327618dc754' and when that echo command comes up, just tell us if output of uuid is correct.

Thanks. No need for screen shot. Just write down and tell us.

Forum kindly sponsored by