Im using parrot os for school and wanted to install it on bare metal, so I attempted, but it came across an error and need help getting past it. I tried searching google and reddit and didn’t find anything that helped. I appreciate it. Basic run down, fresh install of latest parrot os home edition, 4gb unencrypted ext4 /boot, 8gb swap, and 500gb for ext4 with the encrypt box ticked, a typical installation within the parrot gui installer. I shut down after install, restart always hangs up, fresh start, as soon as it gets to where i should enter my password for the encryption, i get the error below. I can confirm the installer itself works as long as I do not encrypt the drive. I admit I may have a unique setup because of the computer I have and the required partitions for the system to function properly, I have a 8gb swap with a 4gb unencrypted partition @ /boot set for ext4 which is required for my security key, and then lastly the remaining ext4 partition @ /root for parrot os. I can run parrot with an unencrypted installation but prefer to have it encrypted by luks through the installtion process. I appreciate any help provided! Errors below
cryptsetup: ERROR: luks-067baafeb-3d1d-4979-a524-01c1f6b13c3f: cryptsetup failed, bad password or options?
/bin/cat: crypto_keyfile.nib: no such file or directory
nothing to read on input
volume group ‘luks’ not found
cannot process volume group luks
gave up waiting for root file system device
common problems
boot args cat /proc/cmdline
check rootdelay= did the system wait long enough?
missing modules cat /proc/modules; ls /dev
ALERT /dev/mapper/luks-067baafeb-3d1d-4979-a524-01c1f6b13c3f does not exist. drop to shell
Hello! As I understand, you tried installing LUKS after the system installation completed? AFAIK that’s really hard. And the error looks like the key for the LUKS partition was missing or the LUKS couldn’t find it. I think this is a very rare situation hence there’s not much information on reddit nor google.
If you can do a reinstall, a fresh LUKS setup with proper setting would be better IMO. Calamares installer also creates full disk encryption (it means the /boot is encrypted too).
Hello. I went through the basic GUI installation process and used the manual partition process, where I assigned the partitions and details listed above.
/boot - unencrypted 4GB ext4 - this is for the pureboot security feature that comes with my computer
/ - this is for the operating system and everything else, encrypted luks, ext4
swap - for swap space, is set to size of ram
These are the requirements from the hardware manufacturer: “The /boot needs to be a separate, unencrypted partition because of the way Pureboot validates the firmware and the contents of /boot.
I’d recommend a 2GB /boot partition (ext4) at the start of the drive, then your root/data partition, and swap at the end (>= size of RAM) if needed/desired.”
That doesnt sound right to be honest. I dont really know about your system requirement (standard verifying boot or something like that) but full disk encryption with /boot (and automation parition ofc) has worked for me on 3 different devices (pc and 2 laptop). i didn’t count any other devices in the past.
But in other hand, Debian installer (the one without the GUI) supports disk encryption without boot. Maybe you should give that a try.
I guess since this problem is not in my knowledge, you can try installation again in the virtual machine to make sure there’s nothing wrong first.
I am testing out a Purism Libre computer with the pureboot / librem key security feature. Its just a nitro key basically, that I sign after installing an OS and updating it.
from their documentation:
PureBoot is Purism’s cutting edge, complete secured boot process and combines a number of technologies including:
[Neutralized and Disabled Intel Management Engine] where only the code absolutely essential for the system to boot is left in the ME.
[Coreboot] the free software BIOS replacement.
A Trusted Platform Module (TPM) chip
[Heads] our tamper-evident boot software that loads from within coreboot and uses the TPM and the user’s own GPG keys to detect tampering within the BIOS, kernel, and GRUB config.
[Librem Key] our USB security token that integrates with Heads [to alert the user to tampering] with an easy “green light good, red light bad” process.
Integration between the Librem Key and LUKS disk encryption so you can unlock your disk with your Librem Key.
So I checked and there is no option for me to use a non GUI installer, lol, theres tons of options like,
ram mode, live mode, persistence, memtest, try, etc, and I tried a few of them cause I never have, only ever used live - which leads to a live instance and from there the installer pops up. It may be perhaps this fashion that is giving an issue.
These are the screenshots from the bios, I am heading to usb boot options and then choose from a list of ISO on the usb, then it shows the different boot options for the ISO, these are the only options I have. I am aware of what you are seeking, the non GUI installation process, dark blue screen, ugly ms dos looking windows, etc. I have not seen that option with the ISO that I have.
Just note I am not attempting to do the last item on this list*
