Ubuntu
grub2 package

How to install grub to /dev/sda3 (=/boot = ext2) when MBR, sda1 & sda2 are windoze & Ubuntu (12.04) is LUKS encrypted?

Asked by Chris Evans

I have to continue to use some windoze s'ware for work and where a few things just aren't available in FLOSS. I've come across from years with Debian on "servers" via Debian on a Dell laptop to try to set up Truecrypt encrypted Windoze 7 and dual boot Ubuntu 12.04 on a Toshiba Satellite L750-170. (I came to Ubuntu as its hardware awareness seems a bit better than Debian.) However, I'm having a nightmare time with this and most advice on the www seems out of date and not to work.

What I've done:
1) shrunk the main windoze 7 (home premium 64 for what that's worth) partition (/dev/sda2) inside windoze and ditched the D: (sda3) partition it had.
2) done umpteen installations of Ubuntu (started with 11.10 and then kubuntu, ended with 12.04 beta2 alternate) and have succeeded fine in creating 2Gb /dev/sda3 as /boot (ext2) and the rest of the disc (about 500Gb) as an encrypted volume that LVM partitions into a 12Gb swap and the rest as / and if I install the grub to multiboot in the MBR as it wants, all is fine but that won't coexist with Truecrypt encrypting the windoze installation.
3) I do the truecrypt and try to install grub to /dev/sda3 : NO go, seems nothing will achieve it.
4) I then to a complete reinstall of ubuntu, only difference is making the /boot partition a logical one (so /dev/sda5) ... no difference, seems that grub simply won't install there.
5) in desperation I install grub to a USB drive /dev/sdb in its MBR. Seems that grub looks good there with an entry for windoze (which I confess I didn't try) and for ubuntu but the ubuntu one just hangs with black screen. I think it's failing to link up with me so I can input the passphrase for the LUKS encrypted LVM but I admit I don't know that, just guessing.

Has someone achieved this? I'd have thought it was a pretty common set up for moderately security conscious people who have to keep a foot in the windoze camp. Would hugely appreciate advice from someone who has achieved it.

Question information

Language:
English Edit question
Status:
Expired
For:
Ubuntu grub2 Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Sam_ (and-sam) said : 		#1

As moderately security considered I'd not have MS-Win on the same machine. :-)
If it doesn't go on to a partition, let it be stubbern and try by reinstalling to move it.
https://help.ubuntu.com/community/Grub2#Changing_or_Moving_GRUB_2
https://help.ubuntu.com/community/Boot-Repair

Maybe option 'cryptdevice' helps.
https://wiki.archlinux.org/index.php/GRUB2#Root_Encryption

Revision history for this message
Sam_ (and-sam) said : 		#2

Some findings.
#6
http://ubuntuforums.org/showthread.php?t=1559318

#32
http://ubuntuforums.org/showthread.php?s=3ae0aa3d7022ef28fa1d0a3833b5092d&t=1229541&page=4

.... "workaround". We will use Truecrypt boot loader to load GRUB and not GRUB to load Truecrypt
https://www.facebook.com/note.php?note_id=430909170632

Revision history for this message
Chris Evans (chrishold) said : 		#3

Thanks Sam, I've seen all of those I think and I can vouch for the fact that grub2 in 12.04 really won't install a working grub boot loader in my ext2 /boot (/dev/sda3 or /dev/sda5 depending whether I did it as primary or logical). In the installation step through it flat out refuses, if I go back and use rescue I get the warning about grub not recommending installation to partitions and it does install something (you can use --force) but that something doesn't work and I think that's because the grub installer isn't able to recognise the ubuntu root file system in the encrypted LVM.

Revision history for this message
Sam_ (and-sam) said : 		#4

When using --force option the warning is expected (also mentioned in the third link by BalaBit).
For 12.04 maybe consider to report a bug.
https://help.ubuntu.com/community/ReportingBugs

GNU.org also a support section.
https://savannah.gnu.org/bugs/?group=grub

Revision history for this message
Chris Evans (chrishold) said : 		#5

Thanks Sam. As I say, I know the warning thing (! have you done all this? Surely someone out there has and has the answers?) I have no problem with the warning, it's that I'm told the warning is just a warning and the installation should work but ... it doesn't!

Other two points are on the nail and I guess I should submit a bug against Ubuntu or Grub or both. Searching the Ubuntu bugs it does look as if others have had and reported problems with grub failing to install to partitions but it looks as if I need to teach myself quite a bit more about "naked" bits of linux in the rescue system and also about how to get information from those sessions "out" from the essentially flatlining machine. OK. I see another weekend going down the tubes on this with a USB drive plugged in and mounted on which to store things while I dig around. Aargh!!!

Thanks. Anyone else out there have any other ideas about this? Anyone succeeded in getting 12.04 to do a grub installation to a partition instead of the MBR? TIA, Chris

Revision history for this message
Chris Evans (chrishold) said : 		#6

OK. I can add some more to this but I don't have a solution yet. In case it'll help people finding this with google etc., the precise events after hitting Esc to skip the passphrase entry for the Truecrypt mount of windoze is:
"Error: No bootable partition found".

I found super grub2 disk (www.supergrubdisk.org) and that allows you to do some searching for operating systems. First I told it to be alert to LUKS partitions (that's a toggle "Enable GRUB2's LVM support" in the super grub2 disk top menu) then I asked it to look for operating systems. All it finds is the Truecrypt encrypted windoze7 on /dev/sda2 (the only bootable partition). Then I ask it to find grub.cfg files and it correctly finds one on /dev/sda5 and it loads the grub2 menu from that. If I opt for the first linux line things hang. I suspect that it's an IO problem as I'm sure the machine hasn't shut down, I think it's probably locked up unable to open the LUKS encrypted volume. I've tried typing the passphrase into the darkness and I'm 99% sure I've done that right and nothing happens. If I go for the recovery mode it works fine getting me into /root on the encrypted LUKS (after prompting for the passphrase of course).

I tried adding another "Boot" flag to the /dev/sda5 with cfdisk but that doesn't change anything (are only primary partitions bootable or detectable as Truecrypt hands off the search for a bootloader? Suppose I could do yet another reinstall of Ubuntu and set that to primary to test that but I'd rather not waste another few hours doing that!

The fact that the recovery option boots fine but the "plain linux" one doesn't has got me thinking about the differences between the two. Here are the grub.cfg lines:
if [ "$linux_gfx_mode" != "text" ]; then load_video; fi
menuentry 'Ubuntu, with Linux 3.2.0-20-generic-pae' --class ubuntu --class gnu-linux --class gnu --class os {
 recordfail
 set gfxpayload=$linux_gfx_mode
 insmod gzio
 insmod part_msdos
 insmod ext2
 set root='(hd0,msdos5)'
 search --no-floppy --fs-uuid --set=root b373189d-0999-47a6-a925-0fe6d2511e49
 linux /vmlinuz-3.2.0-20-generic-pae root=/dev/mapper/sda5_crypt-root ro quiet splash vt.handoff=7
 initrd /initrd.img-3.2.0-20-generic-pae
}
menuentry 'Ubuntu, with Linux 3.2.0-20-generic-pae (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os {
 recordfail
 insmod gzio
 insmod part_msdos
 insmod ext2
 set root='(hd0,msdos5)'
 search --no-floppy --fs-uuid --set=root b373189d-0999-47a6-a925-0fe6d2511e49
 echo 'Loading Linux 3.2.0-20-generic-pae ...'
 linux /vmlinuz-3.2.0-20-generic-pae root=/dev/mapper/sda5_crypt-root ro single nomodeset
 echo 'Loading initial ramdisk ...'
 initrd /initrd.img-3.2.0-20-generic-pae
}

I did a bit of hunting around and thought that I could simply remove "quiet splash vt.handoff=7" from the first menu entry and I can and sure enough I now find myself being prompted for the passphrase and if I give it I get a single user login prompt and I can login as myself (chris) but I'm still in a line/curses window not Gnome2.

I feel I'm creeping in the right direction but the full answer is still out of reach. Two issues:
1) how do I get to be able to find the bootloader on /dev/sda5 when I duck past Truecrypt (answer to that may be to use a primary partition, i.e. /dev/sda3, and set it bootable but I'm a bit reluctant to do another complete reinstall to find out)
2) how do I get into Gnome having got in to a terminal?

Revision history for this message
Sam_ (and-sam) said : 		#7

Standard sessions are Unity and Unity-2d based on Gnome3.4 with gtk-3-4.
Gnome2 is dead, users install alternatively gnome-session-fallback, Mate or other desktop environments.

Ubuntu uses as session manager lightdm with unity-greeter (alternatively lightdm-gtk-greeter).
http://www.webupd8.org/2012/02/unity-greeter-gets-new-session-chooser.html

Try:
sudo service lightdm start

Revision history for this message
Chris Evans (chrishold) said : 		#8

Sorry "Gnome2" was a slip. It was just whatever the latest Gnome is that I was wanting, clearly Gnome3.4.

OK, I've taken this rather tortuous path to log in as an ordinary user via Super Grub2 Disk and tried:
   sudo service lightdm start
that gives me "lightdm: unrecognized service"
and it's the same with each of:
  lightdm-gtk-greeter
  unity
  unity-2d

It's very frustrating to find myself quite near to a very good system but actually comprehensively locked out. I've filed a bug against debian-installer: 979971

Revision history for this message
Launchpad Janitor (janitor) said : 		#9

This question was expired because it remained in the 'Open' state without activity for the last 15 days.