Issue booting an encrypted drive with GRUB[SOLVED]

PurpleAce · 2024-02-14 19:59:24

I'm trying to install arch on a new SSD, using GRUB, encrypting the root drive with this guide: https://wiki.archlinux.org/title/Dm-cry … _partition

When I boot, GRUB says:

Enter passphrase for hd0,msdos2 (d1eddf97-65e9-4c5c-845c-8e1697282bab):

So obviously I enter my password for that drive. no matter what I enter, whether it is the correct password or not, it prints:

error: Invalid passphrase.
error: disk 'cryptouuid/d1eddf9765e94c5c845c8e1697282bab' not found.
Entering rescue mode...

And then it drops me into the grub rescue prompt.
I tried following 7.14 here: https://wiki.archlinux.org/title/GRUB#Troubleshooting but when I type

cryptomount -a

or anything else that should specify to mount the particular drive I want, I get the same password prompt, but it doesn't accept the correct password, or any password as far as I can tell.

My guess is that either grub is trying to access the wrong drive somehow(I have triple checked and I know for certain the UUID is correct), or that the drive's password isn't being stored properly. I have checked my fstab files, and checked the /etc/default/grub, and they seem to be correct from what I can tell. I also changed the hooks in /etc/mkinitcpio.conf, adding the encrypt hook, after which I ran

mkinitcpio -P

. I also tried completely uninstalling and reinstalling grub, but that didn't seem to help either.

Also does anyone know how to change the keyboard layout that grub uses for the rescue terminal and password input? I'm using a dvorak keyboard and the default seems to be qwerty so I have to reference back to a different keyboard to be able to type commands in.

Last edited by PurpleAce (2024-02-16 16:32:20)

PurpleAce · 2024-02-14 20:06:57

I should add that when I use

cryptsetup open /dev/sda2 root

in the install medium, it accepts my password just fine, which makes me think it's something with grub rather than LUKS.

frostschutz · 2024-02-14 20:34:26

grub only support pbkdf2 keys. argon2 keys won't work. check with cryptsetup luksDump.

if you have an unencrypted boot partition then grub doesn't have to handle encryption at all (even if it works, it's slow).

PurpleAce · 2024-02-15 20:17:46

My root drive is argon2id. My boot is unencrypted. I'm guessing I'm gonna have to change to a pbkdf2 key in that case, and see what happens.

PurpleAce · 2024-02-15 20:19:22

How do I change that

frostschutz · 2024-02-15 21:29:48

If your /boot (kernel, initramfs) is unencrypted, I'd recommend disabling grub cryptodisk support in /etc/default/grub altogether (you'll have to re-run grub-install and possibly redo the grub.cfg as well).

You can use `cryptsetup luksAddKey --pbkdf pbkdf2` (to add a pbkdf2 key) or luksConvertKey to convert an existing one. I recommend adding; this way you can test the new key and make sure it works, before removing any old keys. (It's easy to lock yourself out when messing with the LUKS keys. If in doubt, backup the whole header.)

PurpleAce · 2024-02-16 04:15:14

Alright, thanks a lot. I'll take a stab at it tomorrow

PurpleAce · 2024-02-16 16:31:31

That seems to have fixed things
Thank you.

Arch Linux

#1 2024-02-14 19:59:24

Issue booting an encrypted drive with GRUB[SOLVED]

#2 2024-02-14 20:06:57

Re: Issue booting an encrypted drive with GRUB[SOLVED]

#3 2024-02-14 20:34:26

Re: Issue booting an encrypted drive with GRUB[SOLVED]

#4 2024-02-15 20:17:46

Re: Issue booting an encrypted drive with GRUB[SOLVED]

#5 2024-02-15 20:19:22

Re: Issue booting an encrypted drive with GRUB[SOLVED]

#6 2024-02-15 21:29:48

Re: Issue booting an encrypted drive with GRUB[SOLVED]

#7 2024-02-16 04:15:14

Re: Issue booting an encrypted drive with GRUB[SOLVED]

#8 2024-02-16 16:31:31

Re: Issue booting an encrypted drive with GRUB[SOLVED]

Board footer