Errors when migrating to encrypted nvme

Hey folks, I’ve ran into the following issue trying to set up encrypted nvme, the steps I took were (I’m using V3 image):

1. Set up the LUKS partition (I used the corresponding reform-* script in /usr/sbin).
2. Use the suggested steps printed at the the end of the script on Step 1, which include running reform-migrate
3. Ran reform-boot-config nvme, which complained about the swap partition’s UUID, but seems to have gone through fine.
4. Reboot, which led me to the (initramfs) console.

At this point I’m not sure what can I do. Has anybody got any pointers as to how do I troubleshoot this?

When you say " I used the corresponding reform-* script in /usr/sbin" then do you mean reform-setup-encrypted-nvme? And if yes, did you run the commands that it tells you to run after it’s finished? If yes, then please copypaste the swap UUID warning that you saw so that I can tell you what happened.

The rest of what you said sounds like reform-migrate script might be busted...busybox hangs after trying to initialize trackball/usb 1.1.4 (error -32), and does not hand off to NVMe storage (#22) · Issues · Reform / reform-system-image · GitLab which should be fixed by improve reform-boot-config, reform-display-config and reform-migrate (!13) · Merge requests · Reform / MNT Reform Tools · GitLab

Also, reform-boot-config nvme will set your boot device to /dev/nvme0n1p1 which is not correct if you use encrypted NVMe. As I explained in the issue I linked to above, you don’t have to run reform-boot-config after having run reform-migrate. With the changes in the merge request I linked to above you should no longer get an unbootable system.

If, for some reason, you still want to be able to run reform-boot-config for an encrypted NVMe disk, you can run ROOTPART=/dev/reformvg/root reform-boot-config nvme with the updated reform-boot-config script from the merge request above. Make sure to replace /dev/reformvg/root with the root device of your unlocked partition.

I apologise for the lack of clarity as at the time I had already booted into initramfs and lost the error messages. I have since re-created the situation.

do you mean reform-setup-encrypted-nvme

Correct

did you run the commands that it tells you to run after it’s finished?

Yes.

copypaste the swap UUID warning

Found SD card mounted at /boot.
update-initramfs: Generating /boot/initrd.img-5.17.0-rc4-arm64
cryptsetup: ERROR: Couldn’t resolve device
UUID=b42478ae-c124-497b-b947-7de6839ad4b6
W: initramfs-tools configuration sets RESUME=UUID=b42478ae-c124-497b-b947-7de6839ad4b6
W: but no matching swap device is available.

(The UUID is correct FWIW)

I also remembered that I’ve made the swap partition 2G as opposed to 8G.

So I re did everything with the new reform-migrate script and indeed the booting options seem to have been set properly. I have successfully booted into the system on the SSD. The only caveat was that the swap partition hadn’t been added to /etc/fstab, but after adding it manually it works fine:

/dev/reformvg/swap none swap sw 0 0

Thank you for the help!

Thanks a lot for testing the improved scripts from my MR!

I indeed totally forgot about swap. The script now suggests to add that line to /etc/fstab at the end of reform-setup-encrypted-nvme. To make this all easier, I also pushed two additional commits to that MR which:

• offer to do the setup and run reform-migrate with the right options from within reform-setup-encrypted-nvme improve reform-boot-config, reform-display-config and reform-migrate (!13) · Merge requests · Reform / MNT Reform Tools · GitLab
• preserve swap entries when running reform-boot-config and reform-migrate improve reform-boot-config, reform-display-config and reform-migrate (!13) · Merge requests · Reform / MNT Reform Tools · GitLab