You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2021-10-27 02:38:34
- fsociety3765
- Member
- Registered: 2021-10-27
- Posts: 2
Configure Boot Sequence?
Hi all,
I have tried searching for an answer to this all over with various terminology but have been unable to find an answer.
I have Arch installed and running with BTRFS, disk encryption, and Grub. Currently, when Arch boots up, Grub loads, shows the Grub boot menu, loads the kernel and initial ramdisk, and then starts running through the hooks until it gets to the encrypt hook, at which point it pauses and asks me for the password to decrypt the disk.
How can I configure the order in which these events happen? If there a specific wiki for this that I can reference?
I am coming from Manjaro with the same setup ie BTRFS, disk encryption, and Grub. The boot sequence with Manjaro differs in that the first thing that happens is it asks for the password to decrypt the disk, then proceeds to load the Grub bootloader.
I prefer the way it works with Manjaro and would like to configure my Arch install the same, if possible.
Thanks,
FS
Offline
#2 2021-10-27 03:05:48
- V1del
- Forum Moderator
- Registered: 2012-10-16
- Posts: 25,104
Re: Configure Boot Sequence?
Your configuration differs in the minimum in so far that GRUB actually has access to the kernels therefore does not need to decrypt anything and it is only relevant once you actually try to boot said kernel. You'd potentially need to change your entire setup around so that GRUB is the one to decrypt the disk because it needs to find the kernel images. Which would mandate LUKS1 afaik which might mean you need to redo everything.
Offline
#3 2021-10-27 07:56:07
- Raynman
- Member
- Registered: 2011-10-22
- Posts: 1,539
Re: Configure Boot Sequence?
GRUB should support LUKS2 now, but only with pbkdf2 key derivation and cryptsetup defaults to argon2 for LUKS2.
Offline
#4 2021-10-27 20:43:32
- Ammako
- Member
- Registered: 2021-07-16
- Posts: 267
Re: Configure Boot Sequence?
Your current setup implies that you have a separate /boot partition with an encrypted root on another partition. It should be as simple as just encrypting your /boot partition with LUKS1 and GRUB_ENABLE_CRYPTODISK=y in grub config. You can leave your root partition as LUKS2. Note you'll need to reinstall grub (and re-generate grub config) after enabling the cryptodisk=y option.
You could of course use LUKS2 instead, but this necessitates a decent bit of manual tinkering to get working at the moment: https://wiki.archlinux.org/title/GRUB#LUKS2
Last edited by Ammako (2021-10-27 20:46:40)
Offline
#5 2021-10-27 21:15:41
- fsociety3765
- Member
- Registered: 2021-10-27
- Posts: 2
Re: Configure Boot Sequence?
Your current setup implies that you have a separate /boot partition with an encrypted root on another partition. It should be as simple as just encrypting your /boot partition with LUKS1 and GRUB_ENABLE_CRYPTODISK=y in grub config. You can leave your root partition as LUKS2. Note you'll need to reinstall grub (and re-generate grub config) after enabling the cryptodisk=y option.
You could of course use LUKS2 instead, but this necessitates a decent bit of manual tinkering to get working at the moment: https://wiki.archlinux.org/title/GRUB#LUKS2
Thank you for the advice. I will have a play with setting up LUKS1 on the /boot partition.
Offline
#6 2021-10-27 21:26:43
- Ammako
- Member
- Registered: 2021-07-16
- Posts: 267
Re: Configure Boot Sequence?
Note: we're speaking /boot partition, not EFI system partition. If your /boot directory is on your EFI system partition (AKA you are mounting ESP at /boot), you can *not* encrypt it, and depending on your partition setup, you might need to redo some stuff if you want to split your EFI system partition and /boot directory into separate partitions.
Last edited by Ammako (2021-10-27 21:29:31)
Offline
Pages: 1