Failed to mount /sysroot - zfs on lvm on luks with detached header

I tried to install a fresh system. With encrypted zfs and a detached header and boot on usb. But I can't boot, because the mount of /sysroot is failing.

I tried changing the kernel parameters and different hooks. I can not enter the emergency shell because root seems to be locked, although a password is set for root. So I have only access through a live iso.

journalctl in the chroot replies with no journal.

This is my setup:

sda └─luksCont crypt ├─systemVG-rootLV lvm | └─zfs pool /mnt └─systemVG-swapLV lvm sdc (USB) ├─sdc1 /mnt/efi └─sdc2 /mnt/boot └─luksheader, keyfile 

/etc/mkinitcpio.conf (what I changed)

FILES=(/boot/header.img /boot/key.img) HOOKS=(base systemd autodetect modconf keyboard sd-vconsole block mycustomencrypthook lvm2 zfs filesystems) 

/etc/initcpio/install/mycustomhook

#!/bin/bash build() { local mod add_module dm-crypt if [[ $CRYPTO_MODULES ]]; then for mod in $CRYPTO_MODULES; do add_module "$mod" done else add_all_modules '/crypto/' fi add_binary "cryptsetup" add_binary "dmsetup" add_file "/usr/lib/udev/rules.d/10-dm.rules" add_file "/usr/lib/udev/rules.d/13-dm-disk.rules" add_file "/usr/lib/udev/rules.d/95-dm-notify.rules" add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules" add_runscript } 

/etc/initcpio/hooks/mycustomhook

#!/usr/bin/ash run_hook() { modprobe -a -q dm-crypt >/dev/null 2>&1 modprobe loop [ "${quiet}" = "y" ] && CSQUIET=">/dev/null" echo 'Waiting for USB:' echo ' /efi ' i=1 sp="/-\|" echo -n ' ' while [ ! -L '/dev/disk/by-uuid/3EF6-1EDA' ]; do printf "\b${sp:i++%${#sp}:1}" sleep 1 done printf "\bfound!" echo ' /boot ' i=1 echo -n ' ' while [ ! -L '/dev/disk/by-uuid/1667-253D' ]; do printf "\b${sp:i++%${#sp}:1}" sleep 1 done printf "\bfound!" #mkdir -p /mnt #mount /dev/disk/by-uuid/1667-253D /mnt #cryptsetup open /mnt/key.img lukskey cryptsetup open /boot/key.img luks-key cryptsetup open /dev/disk/by-id/ata-SAMSUNG... --header=/boot/header.img --key-file=/dev/mapper/luks-key enc cryptsetup close luks-key } 

/efi/loader/loader.conf

default archlinux timeout 3 console-mode max editor 1 random-seed-mode with-system-token 

/boot/loader/entries/archlinux.conf

title Arch Linux linux /vmlinuz-5.10-x86_64 initrd /intel-ucode.img initrd /initramfs-5.10-x86_64.img options root=zfs:AUTO #options root=zfs:rpool/ROOT/arch #options root=ZFS=rpool/ROOT/arch #options zfs=rpool/ROOT/arch 

Zfs mounts

zfs get mountpoint rpool mountpoint /mnt local rpool/ROOT mountpoint none local rpool/ROOT/arch mountpoint /mnt local rpool/ROOT/opt mountpoint /mnt/opt local rpool/ROOT/usr mountpoint /mnt/usr local rpool/ROOT/usr/local mountpoint /mnt/usr/local inherited from rpool/ROOT/usr rpool/ROOT/var mountpoint /mnt/var local rpool/ROOT/var/lib mountpoint /mnt/var/lib inherited from rpool/ROOT/var rpool/ROOT/var/lib/systemd mountpoint /mnt/var/lib/systemd inherited from rpool/ROOT/var rpool/ROOT/var/lib/systemd/coredump mountpoint /mnt/var/lib/systemd/coredump inherited from rpool/ROOT/var rpool/ROOT/var/log mountpoint /mnt/var/log inherited from rpool/ROOT/var rpool/ROOT/var/log/journal mountpoint /mnt/var/log/journal inherited from rpool/ROOT/var rpool/home mountpoint /mnt/home inherited from rpool rpool/home/maksim mountpoint /mnt/home/maksim inherited from rpool rpool/home/root mountpoint /mnt/root local 

I’m a bit confuesed why

zfs mount 

shows different output for me from within the chroot

zfs mount (in chroot) rpool/ROOT/arch / 

(in live system)

zfs mount (in live system) rpool/ROOT/opt /mnt/opt rpool/home/root /mnt/root rpool/ROOT/var/log /mnt/var/log rpool/home /mnt/home rpool/ROOT/var/lib/systemd/coredump /mnt/var/lib/systemd/coredump rpool/ROOT/usr/local /mnt/usr/local rpool/home/maksim /mnt/home/maksim rpool/ROOT/var/log/journal /mnt/var/log/journal rpool/ROOT/arch /mnt