Hello, 1. INITIAL SITUATION: WORKS (no dm-integrity at all)
I have a Debian bookwork uptodate system that boots correctly with kernel 6.1.0-21-amd64. It is setup like this: - /dev/nvme1n1p1 is /boot/efi - /dev/nvme0n1p2 and /dev/nvme1n1p2 are the two LVM physical volumes - a volume group, vg1 is built with those PVs vg1 has a few LVs that have been created in RAID1 LVM mode: lvdisplay | egrep 'Path|Mirrored' LV Path /dev/vg1/root <-- this is / Mirrored volumes 2 LV Path /dev/vg1/swap Mirrored volumes 2 LV Path /dev/vg1/scratch Mirrored volumes 2 LV Path /dev/vg1/docker Mirrored volumes 2 As said, this boots without any issue. 2. ADDING dm-integrity WHILE BOOTED: works! Now, while booted, I can add dm-integrity to one of the volumes, let's say /dev/vg1/docker (this LV has absolutely no link with the boot process, except obviously it is listed in /etc/fstab -- it also fails the same way if even the swap is dm-integrit enabled, or /): lvconvert --raidintegrity y --raidintegritymode bitmap vg1/docker and wait a bit til the integrity is setup with lvs -a (100%) Obviously, this creates and uses a few rimage/rmeta sub LVs. Then I did this (after having boot issues): echo dm_integrity >> /etc/initramfs-tools/modules update-initramfs -u This did not change the below issue: 3. grub BOOT FAILS IF ANY LV HAS dm-integrity, EVEN IF NOT LINKED TO / if I reboot now, grub2 complains about rimage issues, clear the screen and then I am at the grub2 prompt. Booting is only possible with Debian rescue, disabling the dm-integrity on the above volume and rebooting. Note that you still can see the rimage/rmeta sub LVs (lvs -a), they are not deleted! (but no dm-integrity is activated). 4. update-grub GIVES WARNINGS Now, if I try to start update-grub while booted AND having enabled dm-integrity on the vg1/docker volume, I get: # update-grub Generating grub configuration file ... Found linux image: /boot/vmlinuz-6.1.0-21-amd64 Found initrd image: /boot/initrd.img-6.1.0-21-amd64 error: unknown node 'docker_rimage_0'. [ ... many ... ] /usr/sbin/grub-probe: error: disk `lvmid/xLE0OV-wQy7-88H9-yKCz-4DUQ-Toce-h9rQvk/FzCf1C-95eB-7B0f-DSrF-t1pg-66qp-hmP3nZ' not found. error: unknown node 'docker_rimage_0'. [ ... many ... ] [ this repeats a few times ] Found linux image: /boot/vmlinuz-6.1.0-10-amd64 Found initrd image: /boot/initrd.img-6.1.0-10-amd64 Found memtest86+ 64bit EFI image: /boot/memtest86+x64.efi Warning: os-prober will not be executed to detect other bootable partitions. [ there are none ] Systems on them will not be added to the GRUB boot configuration. Check GRUB_DISABLE_OS_PROBER documentation entry. Adding boot menu entry for UEFI Firmware Settings ... done Any idea what could be the problem? Any way to just make grub2 ignore the rimage (sub)volumes at setup and boot time? (I could live with / aka vg1/root not using dm-integrity, as long as the data/docker/etc volumes are integrity-protected) ? Or how to make grub 100% compatible with a vg1/root using dm-integrity (that would be obviously the final goal!) Thank you for any pointers!
