Basically vanilla install of hardened, following the Handbook (*) genkernal --luks --btrfs all Using the output of lsmod in the chroot environment, I have painstakingly gone through the kernelconfig in /etc/kernels, the modules included in the initramfs, and identified that some critical components are missing. For example, the cipher (in this case, twofish). There are more, though I am struggling with the way to interpret the association between the kernel switches and the modules, and to identify which are necessary for boot. 1) I am attaching lsmod output labeled, to the best of my ability, with "y" or "m" for how the component was built, and "i" for presence in the initramfs. 2) I am also including genkerne's kernelconfig in /etc/kernels, which I've separated by columns into builtins and modules (non-activated switches removed). 3) I am including emerge --info (*) Only non-vanilla element is that I want to run a BtrFS RAID-1 in LUKS. The only way to do that is to open two LUKS disks at boot. So, I employed this patch to genkernel: https://bugs.gentoo.org/694778 =============== I am unable to sign up for the wiki as the capcha necessitates a working system, so I will mention here: From this part of the install instructions, I was concluding that what I am reporting is a bug: https://wiki.gentoo.org/wiki/Handbook:AMD64/Full/Installation#Alternative:_Using_genkernel "If a manual configuration looks too daunting, then using genkernel is recommended. It will configure and build the kernel automatically." On the other hand, from the Note at the top of this page: https://wiki.gentoo.org/wiki/Genkernel It appears that I am to assume that installs will necessitate manual kernel configuration. If so, that should be made clear in the Handbook. I would suggest it start with genkernel, then introduce --menuconfig (which is unmentioned at present), and link to the genkernel page. That latter should probably offer links, perhaps outside, discussing the nitty-gritty of kernel configs. Then, introduce manual kernel configuration with make/make install as an alternative, instead of leading off with it. Reproducible: Always Steps to Reproduce: 1. Follow the wiki directions for doing the install of a hardened gentoo 2. Use genkernel --btrfs --luks all, with the genkernel patch (https://bugs.gentoo.org/694778) 3. Finish the install & try to reboot. Actual Results: On boot, when asked to put in my password for the first disk, I found the following error (note the spaces): device-mapper: reload ioctl on <spaces> failed: No such file or directory" I am told this is almost certainly a missing module. Expected Results: A bootable system.
Created attachment 676921 [details] emerge --info
Created attachment 676924 [details] genkernel's /etc/kernels kernelconfig - 2 columns =y | =m
Created attachment 676927 [details] lsmod labled "i" (in initramfs) "y" (builtin) "m" (built as module)
*** Bug 758173 has been marked as a duplicate of this bug. ***
I am not sure if I really understand your bug report. If this is about missing twofish support: Yes, genkernel doesn't support twofish cipher. That means that no option in genkernel will enable twofish cipher and modules_load doesn't know any twofish modules which will cause genkernel to not add any twofish module to initramfs even if you have enabled twofish ciphers in your kernel config. If you want to use it now, either built-in twofish into your kernel or tell genkernel which modules it should add, i.e. add AMODULES_CRYPTO="<your modules>" to your genkernel.conf.
@Thomas - thank you for your input. It appears my confusion has been over the status of genkernel as an alternative for those of us not familiar with manual kernel configuration. I am gathering now that it isn't meant it to be. So I'm trying to educate myself in this rather daunting area!
Closing as INVALID as explained in comment #5.
