You are not logged in.

#1 2022-04-23 08:55:22

HappyArchUser
Member
Registered: 2022-04-23
Posts: 3

[SOLVED] /efi broken after entering wrong SSD (FDE) password

Hello,

on my Arch laptop I use full disc encryption on my Samsung SSD 980 PRO using UEFI and GRUB2. When booting I am prompted to enter the password for the SSD. When I enter the wrong password three times then the prompt says "Invalid Password. HDD is locked.". I am then asked for my BIOS password (which I am always asked) and the BIOS setup opens.

Navigating to "Security" and my SSD, it is labels as locked:

Security Password: YES
Security Enabled: YES
Security Locked: YES
Security Frozen: NO

When I reboot my laptop then I am prompted for my SSD password and then for the BIOS password (so everything as expected) but then I am again in the BIOS setup. The SSD is then not labelled as "locked" anymore. I noticed that instead of "[UEFI NVME: GRUB]" the first boot device is just "[UEFI NVME]".

I could fix this by chrooting and doing the following:

Arch Linux 5.17.1-arch1-1 (tty1)

archiso login: root (automatic login)

To install Arch Linux follow the installation guide:
https://wiki.archlinux.org/title/Installation_guide

For Wi-Fi, authenticate to the wireless network using the iwctl utility.
For mobile broadband (WWAN) modems, connect with the mmcli utility.
Ethernet, WLAN and WWAN interfaces using DHCP should work automatically.

After connecting to the internet, the installation guide can be accessed
via the convenience script Installation_guide.


root@archiso ~ # mount /dev/nvme0n1p2 /mnt
root@archiso ~ # mount /dev/nvme0n1p1 /mnt/efi
root@archiso ~ # arch-chroot /mnt
[root@archiso /]# grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB --removable   # solution is to add --removable
Installing for x86_64-efi platform.
Installation finished. No error reported.
[root@archiso /]# exit
root@archiso ~ # reboot

Why will my /efi partition get damaged, when I enter the wrong SSD password three times in a row? Am I doing anything wrong? And what can I do to prevent this to happen (apart from not entering the wrong password three times in a row)?

Last edited by HappyArchUser (2022-04-23 12:44:42)

Offline

#2 2022-04-23 10:58:14

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 16,186

Re: [SOLVED] /efi broken after entering wrong SSD (FDE) password

It could also just be that NVRAM (which while pointing to bootable binaries on your ESP are stored on the mainboard and are not directly related to the ESP as a partition) entries got removed because from a logical perspective the fact that the device got locked might have temporarily hidden it's presence to the UEFI. The majority of UEFI implementations delete NVRAM entries of devices they are unable to access.

Last edited by V1del (2022-04-23 10:59:14)

Offline

#3 2022-04-23 11:17:44

HappyArchUser
Member
Registered: 2022-04-23
Posts: 3

Re: [SOLVED] /efi broken after entering wrong SSD (FDE) password

V1del wrote:

It could also just be that NVRAM (which while pointing to bootable binaries on your ESP are stored on the mainboard and are not directly related to the ESP as a partition) entries got removed because from a logical perspective the fact that the device got locked might have temporarily hidden it's presence to the UEFI. The majority of UEFI implementations delete NVRAM entries of devices they are unable to access.

Do you have any idea how to verify that this is the problem?

And any idea on how to prevent this?

Offline

#4 2022-04-23 12:23:20

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 16,186

Re: [SOLVED] /efi broken after entering wrong SSD (FDE) password

Check whether the files on your ESP were actually still present before running the install command/check compare output of

efibootmgr -uv

. Afaik there's no general way to prevent this, you can "bypass" this if you invoke the GRUB installation command with the --removable flag added, which will just lead to GRUB's EFI binary getting copied to the EFI fallback path which a UEFI implementation must boot, regardless of whether it has a NVRAM entry or not.

Offline

#5 2022-04-23 12:41:23

HappyArchUser
Member
Registered: 2022-04-23
Posts: 3

Re: [SOLVED] /efi broken after entering wrong SSD (FDE) password

V1del wrote:

Check whether the files on your ESP were actually still present before running the install command/check compare output of

efibootmgr -uv

. Afaik there's no general way to prevent this, you can "bypass" this if you invoke the GRUB installation command with the --removable flag added, which will just lead to GRUB's EFI binary getting copied to the EFI fallback path which a UEFI implementation must boot, regardless of whether it has a NVRAM entry or not.

The output

[root@archiso /]# efibootmgr -uv
BootCurrent: 0001
Timeout: 1 seconds
BootOrder: 0001,0002
Boot0001* UEFI: CNMemorySpaceloop 1.0	PciRoot(0x0)/Pci(0x8,0x1)/Pci(0x0,0x4)/USB(1,0)/CDROM(1,0x175000,0x27298)
Boot0002* UEFI: CNMemorySpaceloop 1.0, Partition 2	PciRoot(0x0)/Pci(0x8,0x1)/Pci(0x0,0x4)/USB(1,0)/HD(2,MBR,0xbf3c4bb4,0x175000,0x27000)

CNMemorySpaceloop is the usb device I booted from. So no other entries left. I tried the --removable flag and it worked! I edited my first post so it also contains the solution.

You've made my day! Thanks a lot!

Offline

Board footer

Powered by FluxBB