Hi Mihail, On Thursday, 27 November 2025 00:08:27 Greenwich Mean Time Mihail Mihov wrote: > Greetings, > > My system's newer kernels have been failing to boot and I don't recall > making any changes to my configuration, but I could be wrong. My setup is > ~amd64, systemd, systemd-boot, sys-kernel/gentoo-kernel, dracut, btrfs (no > subvolumes). > > Recently my system failed to boot and went into the repair shell in the > initramfs I think. After some searching I found that my btrfs root wasn't > being mounted to /sysroot. Doing mount -v -t btrfs -o rw --source > /dev/nvme0n1p3 --target /sysroot and then exit does get me past the repair > shell and the system boots. All my partitions are set up to the DPS > specification, but I also have an /etc/fstab with the same info. > > In the dmesg I found: "[ 1.005402] systemd-gpt-auto-generator[239]: > Partition is Verity protected, but systemd-gpt-auto-generator was compiled > without libcryptsetup support. [ 1.005706] (sd-e[235]: > /usr/lib/systemd/system-generators/systemd-gpt-auto-generator failed with > exit status 1."
It seems you did not enable USE="cryptsetup" when you emerged 'sys-apps/ systemd'? > Shortly after that the initrd-switch-root.service fails, > but that makes sense as /sysroot is empty. I don't understand exactly what > the first error means or what verity protected is and I can't find much > info about it. I think likely it's not the newer kernel, but maybe the > newer systemd causing issues (last kernels are with 258, older one that > boots without the workaround are 257). My systemd indeed doesn't have the > cryptsetup USE flag, but I'd rather understand why it's failing and if I > can fix it without having to just add the use flag. I don't have any > encrypted partitions and I haven't disabled any use flags. Can someone > point me to some information on fixing this? > > Regards, > Mihail I don't use systemd much to know its peculiarities. Block devices can be configured with dm-verity to enable the use of cryptographic hashes, in order to verify their integrity. This ensures there is no data corruption and no one has tried to tamper with the data on the block device. The dm-verity module will need to be enabled in your kernel and its operation is explained here: https://www.kernel.org/doc/Documentation/device-mapper/verity.txt In addition, check you have appropriate modules included in dracut, e.g. systemd-veritysetup, since you use an initrd. If you're interested, you can also read the wiki page on the deployment of dm- verity and the use of cryptsetup: https://wiki.gentoo.org/wiki/Device-mapper#Verity However, from the error message you shared it seems you need to enable USE="cryptsetup" for the 'sys-apps/systemd' package, or globally in your /etc/ portage/make.conf and re-emerge systemd. Others more clued up on systemd should be able to add specific advice if I've missed something.
signature.asc
Description: This is a digitally signed message part.
