Hi there,
I am trying to change root partition from the SD card into the eMMC module. The eMMC is encrypted and the filesystem is mount on a logical volume formatted in EXT4.
I though I could handle it directly from the SD but I failed, I guess I have to chroot the Debian from a live system, but can I boot from a USB with the SD and the eMMC inserted?
Thanks,
F.
Everything is the same as a standard Linux PC with multiple drives. GRUB controls the boot device and root partition. fstab in that root partition controls mounting device, location, and order.
Thank you, but can I boot a Debian Live from the USB with the SD inserted?
Yes, but only Debian testing since Bookworm is using a 6.1 kernel and the network bits were updated in 6.4.
I have the Mico SD card with the boot instructions. My boots with that flash drive in.
I believe there is something that is not quite right: in Debian in order to have and encrypted LVM partition with inside /, /home , swap you need two partitions: /boot (ext2/3/4) and /boot/efi (vfat) now your image has only /boot/efi and / over btrfs…
In order to achieve what I want I have to create a new partition on the SD card shrinking the btrfs partition or redo the partition scheme on the eMMC creating two partitons one for /boot and the other for the crypt/lvm. If I am going to modify the SD I believe that I am going to change the various UUID position… 
I tried to move the installation from the SD to eMMC but it didn’t work out, the eMMC did not boot but a normal installation does. I’d like to recap my steps perhaps I missed something…
mmcblk0 179:32 0 116.5G 0 disk
├─mmcblk0p1 179:33 0 1G 0 part # /BOOT/EFI
├─mmcblk0p2 179:34 0 1K 0 part # EXTENDED
├─mmcblk0p5 179:37 0 1G 0 part # (LOGICAL) /BOOT
└─mmcblk0p6 179:38 0 114.5G 0 part # (LOGICAL)
└─mmcblk0p6_crypt 253:0 0 114.5G 0 crypt # (ENCRYPTED)
├─lvm-emmc--swap 253:1 0 4G 0 lvm # LVM SWAP
└─lvm-emmc--root 253:2 0 110.5G 0 lvm # LVM / (ROOT)
mmcblk0boot0 179:64 0 4M 1 disk ## This exists and can't be removed
mmcblk0boot1 179:96 0 4M 1 disk ## This exists and can't be removed
CHROOTmkdir -p /mnt/boot/efi
[open] /dev/mmcblk0p6_crypt
vgscan
vgchange -ay
mount /dev/mapper/lvm-emmc--root /mnt
mount /dev/mcblk0p5 /mnt/boot
mount /dev/mcblk0p1 /mnt/boot/efi
rsync -aAXv /boot --exclude=/boot/efi /mnt/
rsync -aAXv /boot/efi /mnt/boot/
rysnc -aAXV / --exclude={"/boot/*","/dev/*","/proc/*","/sys/*","/tmp/*","/run/*","/mnt/*","/media/*","/lost+found","/swapfile"} /mnt
for i in /dev /dev/pts /proc /sys /run: do mount -B $i /mnt$i; done
chroot /mnt
[update] /etc/fstab
[update] /etc/crypttab
initramfs-update -u && update-grub
./lfth.sh bl-flash roc-rk3328-cc mmcblk0 verify
[Y]
"Boot successfully updated"
mmcblk0boot0 179:64 0 4M
mmcblk0boot1 179:96 0 4M
If the default image would have /boot & /boot/efi in two separate partitions I could, perhaps, booting from the SD and dd the / into the encrypted partition formatted in btrfs instead of ext4. Maybe I missed some important steps and therefore I can’t boot from the eMMC…
Have you tried only using libretech flash tool on mmcblk0? Does it boot to u-boot? When you say it doesn’t boot, do you mean doesn’t boot to Linux or doesn’t boot to u-boot?
When I said it doesn’t boot I meant:
However when after I flashed again the image from the SD to the eMMC, Debian started fine.
Based on your reccomendation I am going to wipe off the eMMC and flash the bootloader, and see if at least u-boot runs… And if it works, perhaps I am going to use dd to clone the partition rather than rsync to copy files.
I’ll keep you posted… 
If the bootloader isn’t loading, then you are wiping off the bootloader from the eMMC with one of your steps.
Is the bootloader anything that work at blocks or at files level?
I tried to restore the bootloader after copy and moving all the files but it didn’t boot as well. I got these very same symptoms:
Where should I put more attention in order to avoid breaking the bootloader in your opinion?
Thanks!
Then something is wrong in the process. Using lft to flash the bootloader to eMMC should start u-boot just like with full image writes to eMMC This board looks for the bootloader at sector 1 and is not finding it.
I redid the process again:
- fdisk
- gpt table
- 3 partitions
- 1 512 vfat
- 2 512 ext2
- 3 all lvm
- dd /mmcblk1p1 into /dev/mmcblk0p1
- mount /dev/mmcblk0p2 /mnt & cd /boot & cp -aprv * /mnt & rm -r /mnt/efi & umount /mnt
- encyption + lvm + mkfswap + dd /dev/mmcblk0p3
- if=/dev/mmcblk1p2 of=/dev/mapper/lvm-emmc–root bs=1M status=progress
- btrfs check --readonly /dev/mapper…root
- btrfstune - u /dev/mapper…root
- mount /dev/mapper/lvm-emmc–root /mnt
- mount /dev/mmcblk0p2 /mnt/boot
- mkdir /mount/boot/efi
- mount /dev/mmcblk0p1 /mnt/boot/efi
- modify /etc/fstab
- modify /etc/crypttab
- for i in /dev /dev/pts /proc /sys /run; do mount -B $i /mnt$i; done
- chroot /mnt
- update initramfs & grub
- reboot
- [did not boot]
- git clone…
- cd libre[tap]
- ./lfth.sh bl-flash roc-rk3328-cc mmcblk0 verify [ok]
- [did not boot]
It did not boot, and this time I cloned the partitions and copied just /boot. Now since you stated that when you flash the bootloader it should start not matter what… Perhaps it won’t boot if you have /boot split in /boot (ext2) and /boot/efi (fat16) and it expects the same partition you made /boot/efi (fat16) and / (btrfs). I can’t find any other explanations… 
What is lfth.sh? Did you modify the script? Which eMMC module do you have? Can you take a photo?
Sorry, that was a typo, I meant lft.sh
No I didn’t, I used it square and fair.
I bought the eMMC from your store on Amazon eMMC Module 5.x 128GB.
I tried but I didn’t want to de-assemble the board from the case, from what I can remember it is white and contrasted.
Anyway I want to reiterate that I was able tobright chroot the OS in both the methods: using rsync to copy files as well as cloning the partitions with dd; although I’d definitely preferred get rid off btrfs, which is fine to use when you have to handle multiples storage but becomes annoying when you have to mess with the partitions because it is aware of every btrfs volume and subvolume and therefore you can’t can clone and mount a partition, you need the extra-step to update the UUID to avoid potential data losses.
My knowledge doesn’t go more far than this. If you are able to encrypt system partition please let us know, with btrfs is feasible to create a snapshot of /home and mount it as subvolume for the ones that want the /home separate from /.
I personally stopped this practice on Linux, now I use exclusively ext4 and only /boot, /boot/efi and / as partitions; and if I want to use an advanced filesystem I go directly on FreeBSD and ZFS; and it is a shame that you don’t support FreeBSD since it can run on the Rock64 board which has the same RK3328 SoC of your Renegade board.
All these words to explain that I am basically giving up… 
If DDing a full image works, ./lft.sh should work too. Have you tried wiping the eMMC and just doing lft.sh against the eMMC module and trying to boot into u-boot? You need to copy and paste the actual output of ./lft.sh instead of giving meta summaries that provide no real information.
Don’t understand why you bother modifying an existing image when you are trying to achieve a very odd configuration. Just boot on SD card and bootstrap your own using losetup, fdisk, mkfs, and debootstrap? It’s easier than what you are doing. Or even just do NFS mount.
Pine64 doesn’t do much if any software. FreeBSD is a completely different beast with completely different toolchains. We do one thing and we do it well.
I’ll wipe out the board again and run lht.sh, I should record the session to grab the output or otherwise taking a picture, I don’t know any other method.
I am just trying to encrypt “root” as I would do with any other Debian installation, and as I did a couple of times with BTRFS since the Debian installer doesn’t support subvolumes; and have this partition layout as in my laptop:
# /boot was on /dev/mmcblk0p2 during installation
UUID=643befdd-7011-4e54-afe4-0f5ef7e426a8 /boot ext2 defaults 0 2
# /boot/efi was on /dev/mmcblk0p1 during installation
UUID=F447-1A01 /boot/efi vfat umask=0077 0 1
/dev/mapper/a11bk--vg-swap_1 none swap sw 0 0
This is anything special just a regular Debian installation.
You only need to provide your best selling boards to the various BSD foundations, they will do the job for you and let your boards able to run a BSD system.
Anyway if you know a better method to encrypt the operative system and boot anywhere please instruct me. I am trying to do what I would do on a x86 system, I don’t know any other means to achieve my goal, thanks. 
I made some pictures, unfortunately the quality of my phone is very undesirable.
Here the screenshot where I wiped out the eMMC module, on top there is a brief recap of the former layout partition:
In the second screenshot I flashed the bootloader ; this very script is the same I used all the times:
Afterward I rebooted the board and it properly launched the bootloader:
I can’t figure out why if I have /boot and /boot/efi the bootloader won’t work, this is beyond my knowledge, thanks.
Some updates…
I created the partitions one-to-one, and testing if the bootloader would work, and it worked; then I tested the partitions with the filesystem enabled, always one-to-one, and it worked; then I copied /boot and /efi/boot, always one-to-one, the not only the bootloader worked fine but it also landed in both steps into grub.
At this point the issue is likely to come out when I update the initramfs and grub…
For the next troubleshooting part I am going to copy (not cloning cause I want preserve ext4) /, into the encrypted partition, simply updating crypttab and fstab and:
grub still works;chroot into the emmc and update grub and see if grub still works and if it is able to boot Debian from the encrypted partition.p.s. I didn’t post any screenshot cause everything worked as it was supposed to be.
You got to the u-boot prompt which means the bootloader worked. It is grub that is not working.