You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2024-12-02 10:01:25
- ruonim
- Member
- Registered: 2016-08-12
- Posts: 13
grub config problem with encrypted drive
This is mine setup
/boot - encrypted
/efi - unecrypted
Booting via motherboard works for:
\EFI\Linux\arch-linux-zen.efi
\EFI\Linux\arch-linux-fallback.efi
\EFI\Microsoft\Boot\bootmgfw.efi
but Grub doesnt work.
\EFI\GRUB\grubx64.efi
i copied grub files from boot to efi. So i got alongside grubx64.efi grub.cfg
When selecting grub. Grub starts to ask for password for encrypoted disk and drops to rescue shell.
I want it to stop asking for password becouse luks2 drive will be unecverypted anyway by chainloaded linux efi file.
I disabled cryptodisk support in /etc/default/grub.
Offline
#2 2024-12-02 10:17:31
- ReDress
- Member
- From: Nairobi
- Registered: 2024-11-30
- Posts: 248
Re: grub config problem with encrypted drive
When selecting grub. Grub starts to ask for password for encrypoted disk and drops to rescue shell.
I want it to stop asking for password becouse luks2 drive will be unecverypted anyway by chainloaded linux efi file.I disabled cryptodisk support in /etc/default/grub.
My guess, a very random one is that Linux is still configured with the hook(or whatever they call them), somewhere.
Maybe `mkinitcpio`? Wouldn't know much beyond that.
Offline
#3 2025-08-19 12:33:23
- ruonim
- Member
- Registered: 2016-08-12
- Posts: 13
Re: grub config problem with encrypted drive
Its solved. Yoiu need to remount paths or it will complain.
Anyway i stoped using grub and just doing efistubs.
Offline
#4 2025-08-19 16:35:17
- cryptearth
- Member
- Registered: 2024-02-03
- Posts: 2,104
Re: grub config problem with encrypted drive
first: thanks for reply after a solution was found instead of have it fall into limbo
second: please mark the topic as solved by edit the title of your initial post
as for the issue:
when not given by --boot-directory grub defaults to /boot/grub/grub.cfg for its config
as your /boot is encrypted grub first has to ask for the passphrase for it to even read its config
one option: give --boot-directory=/efi to grub-install - this way the grub.efi will be build in a way to look at the unecrypted /efi/grub/grub.cfg for its config
there're other options - but no matter which bootloader you use it has to be able to read its config - and as uefi demands an unencrypted fat32 esp anyway I recommend to place a bootloaders config on the esp as well
btw: encrypting your OS doesn't make much sense when it's auto-unlocked by some key in the initrd/uki - it's equivalent to hanging a key next to the lock it unlocks and hope for no-one noticing it
Offline
Pages: 1