[SOLVED]Where to add encrypted root config for Grub bootloader

Mona5 · 2023-11-08 10:42:01

Hello
this is my second fresh install of arch and i wanted to have it Encrypted, well however a noob like me wasn't able to make to the end in first try so sorry to ask this
in the wiki Dm-crypt/Encrypting_an_entire_system it's written

Configuring the boot loader
In order to unlock the encrypted root partition at boot, the following kernel parameters need to be set by the boot loader:
cryptdevice=UUID=device-UUID:cryptlvm root=/dev/MyVolGroup/root

But the problem is where i have to add this part i mean grub bootloader file before installing i have to edit it in "/etc/default/grub" but there isn't a place to add this line do i have to add this part after installing and after grub-mkconfig and edit it inside grub.cfg i mean it's say don't edit it

i saw a code in /etc/default/grub that i UNcomment it ,it was

# Uncomment to enable booting from LUKS encrypted devices
GRUB_ENABLE_CRYPTODISK=y

however in this file i didn't see a place to add that code
lsblk output:

sda                                                                             
├─sda1
│    crypto 2             0da3a0eb-e582-49d2-9cac-0ead06fece66                  
│ └─luks-0da3a0eb-e582-49d2-9cac-0ead06fece66
│    LVM2_m LVM2          u4734S-5Wy7-kplG-eZuS-9HgF-g1DV-eQ05qc                
│   ├─LinuxInstall-swap
│   │  swap   1             901133af-bef5-48fa-8225-c94ef9de917d                  
│   └─LinuxInstall-LinuxPart
│      ext4   1.0           bcf9029e-7ffe-4513-82b1-da6ce1de1889                  
├─sda2
│    vfat   FAT32         1614-E91D

i have my old arch install after /dev/sda2 i wanted to use it if this install failed

Do i have to add something else?

or maybe i have to add it inside /etc/mkinitcpio.conf
thank you for Reading

Last edited by Mona5 (2023-11-09 05:02:14)

ranurag · 2023-11-08 12:38:00

what you want to be encrypted root partition or boot partition?.

I only mention here the configuration setup the preceding are well define in the arch wiki.

For "Root" partition:
1. fstab - ( mention your created mkfs.ext4 uuid for root partition. )

2. /etc/default/grub ( see the adding kernel parameter in arch wiki).
(device_name -> /dev/mapper/device_name)

GRUB_CMDLINE_LINUX="cryptdevice=UUID=<your_crypt_device_uuid>:<device_name> root=UUID=<your_root_partition_uuid>"

GRUB_ENABLE_CRYPTODISK=y

3. /etc/mkinitcpio.conf --( kindly check this step in arch wiki as mention there config will vary with the type of system you are using like systemd or syslinux.)

HOOKS = (......... encrypt .........)

4. mkinitcpio -P

5. grub-mkconfig -o /boot/grub/grub.cfg

For other partitions use crypttab. (again see the full info in arch wiki)

You should also search through internet where are various blogs are available with code examples.

Mona5 wrote:

...... a noob like me .......

Mona5 wrote:

..... so sorry to ask this .....

It's ok, this community's heart is soo big. (I have tried it )

Mona5 · 2023-11-09 04:54:25

Thank you very much ranurag
your help saved my install
i didn't have good access to net yesterday and only skimmed wiki for point of interest sorry i think i missed that part about where to put the code inside grub
but thanks to you and archwiki i was able to make it and yesterday i fix it, my problem was grub configure part i didn't know to where to put cryptdevice config

ranurag wrote:

It's ok, this community's heart is soo big. (I have tried it tongue)

The only thing I am able to say is thank you very much ranurag

Arch Linux

#1 2023-11-08 10:42:01

[SOLVED]Where to add encrypted root config for Grub bootloader

#2 2023-11-08 12:38:00

Re: [SOLVED]Where to add encrypted root config for Grub bootloader

#3 2023-11-09 04:54:25

Re: [SOLVED]Where to add encrypted root config for Grub bootloader

Board footer