Arch Linux

i6n8pn3g

Member

Registered: 2023-09-17

Posts: 5

Unable to boot after installing full disk encryption arch linux

I am getting this error when I try to boot a freshly installed Arch Linux with yubikey-full-disk-encryption grub2 improved for the luks2 support, I think I did something wrong when installing it. What could the issue be?

error: no such cryptodisk found, perhaps a needed disk or cryptodisk module is not loaded.
error: disk 'crypto0' not found.
Unknown command 'normal'
error: disk 'crypto0' not found.
Entering rescue mode...
grub rescue>

NAME                       MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
loop0                        7:0    0 682.6M  1 loop  
sda                          8:0    1  14.3G  0 disk  
├─sda1                       8:1    1   789M  0 part  
└─sda2                       8:2    1    15M  0 part  
nvme0n1                    259:0    0   1.8T  0 disk  
├─nvme0n1p1                259:3    0     8G  0 part  /boot/efi
└─nvme0n1p2                259:4    0   1.8T  0 part  
  └─encrypt                254:0    0   1.8T  0 crypt 
    ├─encrypt-boot         254:1    0     8G  0 lvm   /boot
    ├─encrypt-swap         254:2    0    96G  0 lvm   [SWAP]
    ├─encrypt-root         254:3    0   256G  0 lvm   /
    ├─encrypt-var          254:4    0   256G  0 lvm   /var
    └─encrypt-home         254:5    0   512G  0 lvm   /home

jonno2002

Member

Registered: 2016-11-21

Posts: 689

Re: Unable to boot after installing full disk encryption arch linux

how did you install the system ? which guide did you follow ?

ameyngangal

Member

From: India

Registered: 2023-03-02

Posts: 6

Re: Unable to boot after installing full disk encryption arch linux

Hello,
The error states that it is not able to find the disk

Most likely because the actual name of the disk (from your post) is encrypt and NOT crypto0

I've not used yubikey encryption ever, but I've used standard LUKS2 with systemd-boot as well as GRUB

Also, please note I'm using BTRFS subvolumes, not LVM like you. Hence, some of my configurations might be different.
But my answer might give you places to check for issues and a general idea.

I'll recommend checking at 2 places

1. Check /etc/default/grub

There should be a line like this

GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=UUID=6986743f-41b3-4ca2-8822-f00f31bc0dc8:encryptedDeviceName:allow-discards root=/dev/mapper/encryptedDeviceName .. "

Notice the string encryptedDeviceName in my example above? That needs to be the name of the encrypted device you've setup. In your case - encrypt

You might have accidentally copy pasted whatever was in the guide/tutorial you followed

Additionally, if there are any strings like /dev/mapper/someDeviceName, that someDeviceName should be encrypt in your case

Now, in the same file, check if these lines exist and add them if they don't

GRUB_PRELOAD_MODULES="part_gpt part_msdos luks"
.. other options ..
GRUB_ENABLE_CRYPTODISK=y

2. Check /etc/mkinitcpio.conf

There would be a line like this

HOOKS=(base udev keyboard autodetect keymap modconf block encrypt filesystems fsck resume)

Make sure there's an encrypt present in the HOOKS array

If not, add it before filesystems

(You don't need to copy other hooks from my config, just make sure encrypt is present)

If this change was required, run the below command once to generate the initial ramdisk

$ sudo mkinitcpio -P

And then you can reboot and check if you're able to get in

Last edited by ameyngangal (2023-09-17 21:40:48)