Please add "[SOLVED]" to the thread title for the benefit of others.
]]>Try this (untested -- I don't use encryption):
# efibootmgr -d /dev/sdX -p Y -c -L "Arch Linux" -l /vmlinuz-linux -u "cryptdevice=UUID=<UUID>:<mapped-name> root=UUID=<luks-UUID> rw initrd=/initramfs-linux.img"
You're a star - that works perfectly.
I wondered about lifting that syntax from "$esp/loader/entries/arch-encrypted.conf" in my last instalation but stupidly thought it was gummiboot-specific.
I'm as surprised that I couldn't find your solution on the web as I am that so few people seem interested in using UEFI firmware in this way. It seems like PC hardware has at last "grown up", with a versatile firmware that must have been a long time in collaborative development - something akin to Sun's OpenBoot - but the community's response has been to create another raft of boot loaders to sit on top of it. Maybe I'm missing something.
Thanks very much for your help.
]]># efibootmgr -d /dev/sdX -p Y -c -L "Arch Linux" -l /vmlinuz-linux -u "cryptdevice=UUID=<UUID>:<mapped-name> root=UUID=<luks-UUID> rw initrd=/initramfs-linux.img"
The wiki got me to a basic four-partition install okay, and then after a small amount of pain I managed to get a build booted okay from gummiboot and with with root, swap and home luks-encrypted.
What I'm trying to do now is boot directly from the UEFI using an appropriate firmware entry, ie with something like what's described in the EFISTUB Wiki page:
# efibootmgr -d /dev/sdX -p Y -c -L "Arch Linux" -l /vmlinuz-linux -u "root=/dev/sda2 rw initrd=/initramfs-linux.img"
...but I've been unable to achieve this with luks-encrypted partitions. Has anyone here had any success? Is there a "-u" parameter in the above command that will achieve this? I've certainly not found anything online explaining how this can be done, so maybe I'm being unrealistic and expecting too much.
]]>