Arch Linux

u53r

Member

Registered: 2024-04-29

Posts: 4

[SOLVED] Unable to use LUKS encrypted root with systemd-boot

Hi everyone,
today I reinstalled Arch, and, for some reasons, I cannot get systemd-boot to work.

My drive has 3 partitions:

• /dev/sda1 -> boot partition

• /dev/sda2 -> root partition

• /dev/sda3 -> swap

My root partition is encrypted with LUKS and I'd like to use systemd-boot as my boot loader.

When I poweron the PC, it doesn't even ask me for a password: it just get stuck:

[ TIME ] Timed out waiting for device /dev/gpt-auto-root

These are my hooks in mkinitcpio.conf:

HOOKS=(base systemd udev autodetect microcode modconf kms keyboard sd-vconsole keymap block sd-encrypt filesystems fsck)

This is my fstab, generated with genfstab -U /mnt

# /dev/mapper/root
UUID=2c401eeb-c779-4dca-b30b-d343cc26ec66       /               ext4            rw,relatime     0 1

# /dev/sda1 LABEL=EFI_BOOT
UUID=501B-091C          /boot           vfat            rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro   0 2

While these are my systemd-boot configuration files:
* loader.conf

timeout 3
console-mode max
default 00-arch-default.conf
loglevel=3 systemd.show_status=auto rd.udev.log_level=3

* 00-arch-default.conf

title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
rd.luks.name=14b829e6-0589-4c96-bd9b-2897a416eebb=root root=/dev/mapper/root
rd.luks.options=password-echo=yes

This is my lsblk -f:

sda                                                                                     
├─sda1   vfat        FAT32 EFI_BOOT 501B-091C                                           
├─sda2   crypto_LUKS 2              1026f0e0-1841-4397-8440-ba13f929016d                
│ └─ROOT ext4        1.0            2c401eeb-c779-4dca-b30b-d343cc26ec66  855,6G     1% /mnt
└─sda3   swap        1              b1ffcfee-258d-4bb1-ba15-4ebdde5c561b                

Do you have any idea? I literally don't know what to try anymore.

Last edited by u53r (2024-09-05 12:28:42)

libertepourmoi

Member

Registered: 2022-03-26

Posts: 10

Re: [SOLVED] Unable to use LUKS encrypted root with systemd-boot

I think there are two issues with your 00-arch-default.conf.

First, the UUID in your rd.luks.name appears nowhere in the output from lsblk. The right UUID should be the one on the line with sda2.

Second, the line(s) that have the options for the kernel command line should start with the word "options".

You should be able to verify this on the wiki pages on dm-crypt and systemd-boot, respectively.

Also, but possibly unrelated, in mkinitcpio.conf, you don't need "udev" when you use "systemd", afaik.

Nikolai5

Member

From: North West, England, UK

Registered: 2024-01-27

Posts: 189

Re: [SOLVED] Unable to use LUKS encrypted root with systemd-boot

Try changing the file to this:

title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options rd.luks.name=[i]UUID[/i]=root root=/dev/mapper/root rw rd.luks.options=password-echo=yes

I'm pretty sure you need to specify the keyword "options" before the rd.luks.name

For the UUID use (run as root / sudo)

blkid

to get the correct UUID for your encrypted device.

---

Desktop: Ryzen 7 1800X | AMD 7800XT | KDE Plasma
MacbookPro-2012 | XFCE

u53r

Member

Registered: 2024-04-29

Posts: 4

Re: [SOLVED] Unable to use LUKS encrypted root with systemd-boot

You were right guys, it was trivial. Just incorrect UUID and lacking of "options" keyword.
I honestly don't know where I took that UUID from.

Also, I discovered that, for some reason

rd.luks.options=password-echo=yes

Shows my password in clear during typing, while

rd.luks.options=password-echo=no

shows nothing at all. To just show dots while typing, I simply omitted that option.

Here's my working configuration, analogue to that suggested by Nikolai5

title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options rd.luks.name=1026f0e0-1841-4397-8440-ba13f929016d=root root=/dev/mapper/root rw