You are not logged in.

#1 2021-10-09 15:17:12

Chad Rosswick
Member
Registered: 2021-06-27
Posts: 36

GRUB Shell after entering LUKS 2 password

I have set up my root partition as a LUKS 2 encrypted partition and configured my GRUB like this: https://wiki.archlinux.org/title/GRUB/T … early_boot (With luks2 in the mod list instead of luks2)
Now after I enter the password for my grub partition I get thrown into a basic grub shell (Not grub rescue so the password is correct)

I have tried
    insmod normal
    normal
but I just get thrown into another shell.

I've also tried setting the prefix to either ($root)/grub and ($root)/boot/grub

How do I make the boot menu show up after the password is input?

Offline

#2 2021-10-09 15:59:34

Ammako
Member
Registered: 2021-07-16
Posts: 267

Re: GRUB Shell after entering LUKS 2 password

But did you properly set up your boot partition and GRUB for LUKS2? GRUB will not load a LUKS2 boot partition without extra steps currently.

https://wiki.archlinux.org/title/GRUB#LUKS2

Last edited by Ammako (2021-10-09 16:00:10)

Offline

#3 2021-10-09 16:24:20

Chad Rosswick
Member
Registered: 2021-06-27
Posts: 36

Re: GRUB Shell after entering LUKS 2 password

Ammako wrote:

But did you properly set up your boot partition and GRUB for LUKS2? GRUB will not load a LUKS2 boot partition without extra steps currently.

My boot partition is not encrypted. And yes I followed that link too. The only thing that is different there is using the luks2 module instead of luks

I now tried inputting a wrong password and I still get the grub shell without an error. ls doesn't show a crypt0 device. When I do cryptomount -a and enter the correct password I get the error wrong password. I have the correct keyboard layout loaded though and if I enter the password in the shell it is correct. The arch wiki also says to check if the sha module is the correct bit length and yes, the gcry_sha256 matches the sha256 hash on the partition

Offline

#4 2021-10-09 18:00:49

Ammako
Member
Registered: 2021-07-16
Posts: 267

Re: GRUB Shell after entering LUKS 2 password

What is your installation actually like? Do you actually need to manually configure the core image?

If you're not encrypting your boot partition, you don't need to do anything special to grub. All grub does is load the kernel and initramfs, and the latter handles loading and, if necessary, decrypting the root partition. grub shouldn't be relevant here.

Last edited by Ammako (2021-10-09 18:05:40)

Offline

#5 2021-10-09 18:36:47

Chad Rosswick
Member
Registered: 2021-06-27
Posts: 36

Re: GRUB Shell after entering LUKS 2 password

My root partition is encrypted.  And GRUB needs to decrypt it in order to load the kernel I think

Offline

#6 2021-10-09 20:49:32

Ammako
Member
Registered: 2021-07-16
Posts: 267

Re: GRUB Shell after entering LUKS 2 password

Chad Rosswick wrote:

My root partition is encrypted.  And GRUB needs to decrypt it in order to load the kernel I think

Kernel resides in /boot, alongside initramfs.

Note that "EFI partition" and "boot partition" are not the same thing. Some will mount EFI partition at /boot depending on the setup but they are different things (confusing, I know.) EFI partition can't be encrypted, boot partition can be. It's not required to even have a boot partition at all, if you only have encrypted root + ESP, then your /boot directory might be on the encrypted partition (unless you are mounting EFI at /boot in which case your grub config, kernel, and initramfs Should™ reside there unencrypted.)

If /boot is encrypted, then GRUB needs to be properly set up to handle unlocking a LUKS2 boot partition.

So, I reiterate... what is your setup like?

Last edited by Ammako (2021-10-09 20:53:03)

Offline

#7 2021-10-09 20:54:06

Chad Rosswick
Member
Registered: 2021-06-27
Posts: 36

Re: GRUB Shell after entering LUKS 2 password

Ah ok. /boot is on my root partition so it needs to be decrypted.
The problem is that GRUB for some reason can't do it because it still says wrong password if I input the right one

Offline

Board footer

Powered by FluxBB