Is there no way to have 2 or more LUKS encrypted OSs show up in the Grub menu?

Questions about Grub, UEFI,the liveCD and the installer
Forum rules
Before you post please read how to get help
Post Reply
mrniceguy
Level 4
Level 4
Posts: 241
Joined: Fri Apr 26, 2013 5:32 am

Is there no way to have 2 or more LUKS encrypted OSs show up in the Grub menu?

Post by mrniceguy » Tue Aug 13, 2019 11:19 pm

I have spent days looking for instructions on how to get a 2nd LUKS encrypted Mint into the Grub menu. Lots of things come up in search engines, but none of them seem to be for this exact situation. At the Linux Mint Help IRC, they don't know the answer either. It seems that I'm trying to do something that has never been done before and nobody has ever contemplated doing it before. They tried to help me get through 2 sets of instructions here https://askubuntu.com/questions/88384/h ... ng-windows and here http://dpaste.com/1VTQH08 but I couldn't complete them because at step 8 it wants me to install grub AGAIN, on sda, where there's already grub. That will overwrite grub, kicking Xfce (sdb) out of grub, replacing it with MATE. So I can only have 2 OSs in grub at one time. I know that because that already happened before. So I had to start over.

Setup: 3 HDDs in a legacy BIOS PC (Not EFI.) Windows is on sda, encrypted Linux Mint Xfce 19.2 is on sdb, and encrypted Linux Mint MATE 19.2 is on sdc. To me, this seems like an obvious way to use 3 HDDs - put a separate OS on each one, and everything's compartmentalized - you choose whichever one you want at the Grub menu. But maybe it isn't obvious to other people. I installed Windows first. Tested it, no problem. Then I installed Mint Xfce 19.2 on sdb, encrypted with LUKS. Both Windows and Xfce showed up in the Grub menu, no problem.

Then I installed Mint MATE 19.2 encrypted on sdc. It does not show up in the Grub menu. I don't know how to get it into Grub without kicking Xfce out.

sudo update-grub does not work. os-prober does not work. Nothing I've tried works.

I can't believe that nobody has ever wanted to have more than one encrypted OS on their computer. I've seen screenshots of people with 7 or 8 versions of Linux on their computer - are they just not encrypting them? Even if it's a laptop? There has to be a solution.

I installed a program called Grub Customizer, hoping it would offer a simple solution, but it turns out there are no instructions on how to add an OS with Grub Customizer. In the GC GUI, I added the MATE 19.2, got an error:

Code: Select all

error no such device
error: unknown filesystem
error: you need to add the kernel first
No instructions anywhere on how to deal with that error. If I knew how to add the kernel, I probably wouldn't have needed to install Grub Customizer.

fabien85
Level 7
Level 7
Posts: 1574
Joined: Tue Mar 11, 2014 4:30 pm

Re: Is there no way to have 2 or more LUKS encrypted OSs show up in the Grub menu?

Post by fabien85 » Wed Aug 14, 2019 5:40 am

Yeah I think what you are trying to do is still non-standard for the moment.
You will need to understand exactly how a LUKS encrypted system boots. I suggest starting reading this: https://askubuntu.com/questions/293028/ ... 029#293029 where the guy sets up a dual-boot with an encrypted Ubuntu on the same drive as the other OS. It's not what you want, but reading this and trying the instructions e.g. on a virtual machine is a first step to give you a better understanding of what's going on. That will also help you when your system will go boom.

I would know how to do your stuff with refind as the boot manager. You would need to pass the following kernel options

Code: Select all

ro cryptdevice=UUID=sdXY-uuid root=/dev/mapper/mapper-name
where sdXY-uuid is the UUID of the LUKS volume (NOT of the / partition inside the volume), and mapper-name is the name of the mapper of the / partition.

To do it with grub I dont know since I dont use it. I would start with looking at /boot/grub/grub.cfg on both disks and somehow try to merge them. e.g. copy the lines that boot the Xfce system in the grub.cfg of Mate (assuming the Mate grub is the one in control of the boot). Then to get that to keep working, you may need to copy the Xfce lines in /etc/grub.d/40_custom.
I'm pretty sure things will get screwed up everytime you have a kernel update in Xfce and/or a grub update in Mate or Xfce. Good luck.

gm10
Level 19
Level 19
Posts: 9830
Joined: Thu Jun 21, 2018 5:11 pm

Re: Is there no way to have 2 or more LUKS encrypted OSs show up in the Grub menu?

Post by gm10 » Wed Aug 14, 2019 5:57 am

I'm not sure why os-prober wouldn't pick up the other installation but for multi-booting it's usually better to create a static GRUB setup, anyway, see e.g. https://help.ubuntu.com/community/Maint ... rub2Screen.
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

fabien85
Level 7
Level 7
Posts: 1574
Joined: Tue Mar 11, 2014 4:30 pm

Re: Is there no way to have 2 or more LUKS encrypted OSs show up in the Grub menu?

Post by fabien85 » Wed Aug 14, 2019 10:46 am

My guess is that os-prober can only see the decrypted LUKS (say, in the case of the OP, the Mate one if you are booted into Mate), it cannot see what's inside the LUKS of the other drive (say the Xfce drive in the case of the OP) that is still encrypted. So it doesnt see a full Linux system, it just sees the unencrypted /boot on the Xfce drive, and it probably lacks necessary informations, like the mapper name of the / partition inside the LUKS volume and maybe its UUID.
These infos are probably present in the /boot/grub/grub.cfg of Xfce.

One thing worth a try is to boot Mate, mount the LUKS volume of Xfce, entering the password, then run sudo update-grub and see if this time grub has picked up the Xfce system.

mrniceguy
Level 4
Level 4
Posts: 241
Joined: Fri Apr 26, 2013 5:32 am

Re: Is there no way to have 2 or more LUKS encrypted OSs show up in the Grub menu?

Post by mrniceguy » Wed Aug 14, 2019 1:15 pm

fabien85 wrote:
Wed Aug 14, 2019 10:46 am
My guess is that os-prober can only see the decrypted LUKS (say, in the case of the OP, the Mate one if you are booted into Mate), it cannot see what's inside the LUKS of the other drive (say the Xfce drive in the case of the OP) that is still encrypted. So it doesnt see a full Linux system, it just sees the unencrypted /boot on the Xfce drive, and it probably lacks necessary informations, like the mapper name of the / partition inside the LUKS volume and maybe its UUID.
These infos are probably present in the /boot/grub/grub.cfg of Xfce.

One thing worth a try is to boot Mate, mount the LUKS volume of Xfce, entering the password, then run sudo update-grub and see if this time grub has picked up the Xfce system.
Do you mean boot Xfce and mount the LUKS volume of MATE?
I got most of the way through those instructions I posted above. MATE was mounted in tmpvol: https://termbin.com/q6ss I ran sudo update-grub for step 7. I didn't do step 8 because it's telling me to

Code: Select all

Depending on your situation, you might have to reinstall grub:

grub-install /dev/sda
update-grub # In order to find and add windows to grub menu.

Which will replace my XFCE install with MATE. Then I won't be able to boot XFCE. It's the same situation I'm in now, in reverse.

update-grub doesn't work. It doesn't do anything. I've booted the PC and as expected, MATE is still not showing up in grub.

rEFIND looks promising, except I have legacy BIOS. The rEFIND site says it's only for UEFI and EFI. http://www.rodsbooks.com/refind/

It seems there may not be a solution for the issue, I've already spent close to 2 months repurposing that PC and I'm out of time. I have to think of another way to use the third drive. Maybe I'll reformat it and install unencrypted MATE on it - if you don't encrypt it, grub can find it, I've done that before. Apparently you can't tell grub where the 2nd encrypted drive is. It doesn't find it no matter what you do.

User avatar
pbear
Level 8
Level 8
Posts: 2468
Joined: Wed Jun 21, 2017 12:25 pm
Location: San Francisco

Re: Is there no way to have 2 or more LUKS encrypted OSs show up in the Grub menu?

Post by pbear » Wed Aug 14, 2019 11:49 pm

Not done it myself, but I wonder whether you can make this work by setting up sdc to boot independently (bootloader on its MBR), then selecting that drive in BIOS when you want to boot that system.

By the way, if it were me, I'd probably just use the third drive for data and/or backups. You would want to encrypt it, of course. Notably, if you use Veracrypt, the same volumes could be mounted in both Windows and Linux, as it's available for both.
Time flies like an arrow. Fruit flies like a banana.
If your problem has been solved, please edit the thread title.

fabien85
Level 7
Level 7
Posts: 1574
Joined: Tue Mar 11, 2014 4:30 pm

Re: Is there no way to have 2 or more LUKS encrypted OSs show up in the Grub menu?

Post by fabien85 » Thu Aug 15, 2019 4:45 am

+1 on pbear's solution.
If update-grub can't find the other OS, then that's the only thing I see.
I had missed these were Legacy/BIOS installs not UEFI, sorry.

mrniceguy
Level 4
Level 4
Posts: 241
Joined: Fri Apr 26, 2013 5:32 am

Re: Is there no way to have 2 or more LUKS encrypted OSs show up in the Grub menu?

Post by mrniceguy » Fri Aug 16, 2019 2:20 am

pbear wrote:
Wed Aug 14, 2019 11:49 pm
Not done it myself, but I wonder whether you can make this work by setting up sdc to boot independently (bootloader on its MBR), then selecting that drive in BIOS when you want to boot that system.

By the way, if it were me, I'd probably just use the third drive for data and/or backups. You would want to encrypt it, of course. Notably, if you use Veracrypt, the same volumes could be mounted in both Windows and Linux, as it's available for both.
I ran out of time fighting with this. Made sdb encrypted and made sdc unencrypted. No problems booting from grub with that setup.

I was looking for the answer to putting the bootloader on sdb or sdc. Some sites say yes, some say no. I didn't want to have to mess with BIOS. I did try choosing the drive in BIOS a few weeks ago, but it made no difference. There was probably something else I was supposed to do in addition to that.

What do you mean by the same volumes could be mounted in both Windows and Linux with Veracrypt? I actually had a lot of trouble with Veracrypt. I was here asking about it and I also asked in IRC. Asked at the Veracrypt forums too, got no answers. I had installed Veracrypt on the Windows drive. Then had to reinstall Mint on sdb. After Grub ate the Veracrypt bootloader, and for some reason I couldn't login to my encrypted sdb LUKS volume anyway, and the Veracrypt Rescue Disk didn't work, I gave up, reformatted and started over without Veracrypt.

User avatar
pbear
Level 8
Level 8
Posts: 2468
Joined: Wed Jun 21, 2017 12:25 pm
Location: San Francisco

Re: Is there no way to have 2 or more LUKS encrypted OSs show up in the Grub menu?

Post by pbear » Fri Aug 16, 2019 12:07 pm

Actually, I've never used VeraCrypt (or TrueCrypt) to encrypt the system. What I suggested here is using it to encrypt a mere data partition. That's much simpler and more reliable. Also, something I know works for sharing between Windows and Mint because I use it that way.
Time flies like an arrow. Fruit flies like a banana.
If your problem has been solved, please edit the thread title.

Post Reply

Return to “Installation & Boot”