[dm-crypt] Kernel panic, cannot mount root fs on unknown block (hd0, 0)

vaskez at airmail.cc vaskez at airmail.cc
Mon Sep 22 00:50:27 CEST 2014


Several times I have set up virtual machines to test the cryptsetup 
software. I can create and remove the encrypted volumes just fine and 
mount them, however whenever I am finished setting up my system and 
reboot, my kernel panics, ends, then says that it cannot mount root fs 
on unknown block (hd0,0). I am sure that it is not a misconfiguration 
with the kernel, as I have built kernels for unencrypted systems and 
they have booted fine. Some information:

The encrypted volumes are created with:
cryptsetup -y -v -c serpent-xts-plain -s 512 -h sha512 create dmname 
device

Previous partition layouts was like such:
/dev/sda1 +b   Linux                  100M  (/boot) (not encrypted)
/dev/sda2      Linux Swap / Solaris   2G    (swap)
/dev/sda3      Linux                  10G   (root)
/dev/sda4      Extended
/dev/sda5      Linux                  2G    (/var)
/dev/sda6      Linux                  6G    (/home)

This last time the layout was like such:
/dev/sda1 +b    Linux                 100M  (/boot) (not encrypted)
/dev/sda2       Linux LVM             2G    (swap)
/dev/sda3       Linux LVM             10G   (root)
/dev/sda4       Extended
/dev/sda5       Linux LVM             2G    (/var)
/dev/sda6       Linux LVM             6G    (/home)

The distribution I am using is Gentoo with a custom (to test at one 
time) and modified i386_defconfig (every other time) kernel patched with 
GRSecurity.

This last time installing cryptsetup I made sure to install packages in 
a specific order, like installing cryptsetup before grub legacy and 
still got the same error. I had set root (hd0,0) in grub command line 
and setup (hd0) on the command line. At one time I had tested setup on 
(hd0,0), still the same error. When issuing grub-install /dev/sda in 
bash, it will say that df cannot read filesystems and that it cannot 
read a device map file, so I had to install grub in grub command shell.

I install cryptsetup from portage with USE="-thin" emerge -avtq 
cryptsetup. -thin does not install thin provisioning tools and the boost 
sys utils which I assume are very big because they take very long to 
install.

After installing cryptsetup, I configure /etc/crypttab (which does not 
exist) as follows:
swap   /dev/mapper/swap   /dev/urandom    
swap,cipher=serpent-xts-plain,size=512,hash=sha512
root   /dev/mapper/swap   none            
root,cipher=serpent-xts-plain,size=512,hash=sha512
var    /dev/mapper/swap   none            
var,cipher=serpent-xts-plain,size=512,hash=sha512
home   /dev/mapper/swap   none            
home,cipher=serpent-xts-plain,size=512,hash=sha512

/etc/fstab looks like:
/dev/sda1           /boot       ext2   noauto,noatime      0 2
/dev/mapper/swap    none        swap   sw                  0 0
/dev/mapper/root    /           ext4   defaults,relatime   0 1
/dev/mapper/var     /var        ext4   defaults,relatime   0 1
/dev/mapper/home    /home       ext4   defaults,relatime   0 0
/dev/cdrom          /mnt/cdrom  auto   noauto,user         0 0

I append the output of dmsetup tables to /etc/dmtab as the file says to 
do, and then configure /etc/conf.d/dmcrypt to the following lines:
target=swap
source='/dev/sda2'
key='/dev/urandom'
options='-c serpent-xts-plain -s 512 -h sha512'

target=root
source='/dev/sda3'
options='-c serpent-xts-plain -s 512 -h sha512'

target=var
source='/dev/sda5'
options='-c serpent-xts-plain -s 512 -h sha512'

target=home
source='/dev/sda6'
options='-c serpent-xts-plain -s 512 -h sha512'

I also add lvm and dmcrypt to the boot runlevel. Kernel parameters are 
set as follows:
kernel /boot/kernel cryptdevice=/dev/sda3:root 
crypto=sha512:serpent-xts-plain:512:0 root=/dev/mapper/root quiet

I have shifted and removed parts of these options in various ways 
possibly 15 or more different ways and nothing has worked.

After all of this none of it works. I reboot and get a kernel panic, and 
then it says: VFS: root fs cannot be mounted on unknown block (hd0,0). 
And yes I have set LVM and DM_CRYPT options etc in the kernel.


More information about the dm-crypt mailing list