Too stoopid for luks

arch_user9998 · 2024-10-13 00:12:20

Hello community,
I am seeking your help since my brain is too small to correctly configure grub to work with my encrypted luks drive.

I just setup arch linux for the first time today after dabbling in fedora and debian for the past years.

Here is the full write-down of what I did to gt where I am with my system: https://gist.github.com/Akorian/7f3e7f3 … 889f654910

- In short, I formated my drive nvme01 into p1 for efi and p2 for /
- I set up luks for nvme01p2
- I installed base system and other apps
- i generated my fstab
- in chroot
- i set up grub hooks in `/etc/mkinitcpio.conf` and important settings in `/etc/default/grub`
```
HOOKS=(base udev autodetect modconf block encrypt filesystems keyboard fsck)
```
- I created a new initramfs: `mkinitcpio -P`
```
GRUB_CMDLINE_LINUX="cryptdevice=UUID=luksUUID:cryptroot root=/dev/mapper/cryptroot"
GRUB_PRELOAD_MODULES="part_gpt part_msdos cryptodisk luks"
GRUB_ENABLE_CRYPTODISK=y
```
- i ran `grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB`
- I ran `grub-mkconfig -o /boot/grub/grub.cfg`

I rebooted and after entering my passphrase I go tthe following error:
```
error: Invalid passphrase.
error: disk `cryptouuid/<myluksuuid>` not found.
Entering rescue mode...
```

I searched the wiki and googled for some time now but I can't find or comprehend a solution. I hope someone here can help.

Also if it helps, during the installation of the initramfs I was told that I might have missing firmware for a number of modules namely:
xhci_pci, quat_420xx, ast, wd719x, qula12280, bfa, qla2xxx, qed, aic94xx and qat420

Scimmia · 2024-10-13 00:22:29

I don't see the keymap mkinitcpio hook, so it will be using the default, which is probably why your passphrase isn't working.

arch_user9998 · 2024-10-13 00:33:39

My passphrase only consists of common characters that are the same on most normal keymaps. (eg de, us)
If that is what you mean.
But i also dont k ow what you mean with keymap mkinitcpio hook as from my understanding you vhange the keymap only via some files.

Last edited by arch_user9998 (2024-10-13 00:35:23)

frostschutz · 2024-10-13 01:41:30

if your /boot is not encrypted, set GRUB_ENABLE_CRYPTODISK to n and reinstall grub.

if your /boot is encrypted, you must use a pbkdf2 key. argon2 keys are not supported by Grub and will yield Invalid passphrase errors.

You can check your keyslots algorithms in luksDump. You can add a key with luksAddKey --pbkdf=pbkdf2 or luksConvertKey an existing one

arch_user9998 · 2024-10-13 09:36:02

So I only have two partitions. One for / where also /boot is located and one for efi.
But i dont want to encrypt my /boot since that seems generally like more work. I only want a passphrase to unlock my device and not some key.
Because of that I suppose I must start over and create a seperate /boot partition.
Will update when I had time to do that later today.

frostschutz · 2024-10-13 10:59:30

unencrypted /boot makes things easier in any case.

if your efi partition is large enough, you could also use that

arch_user9998 · 2024-10-13 13:12:16

Yes, I started over again and this time, creating an unencrypted boot partition, made everything work.
I was able to boot into arch and log in ^^

If anyone is interested in all setup setps I did, I documented them here for later refrence: https://gist.github.com/Akorian/7f3e7f3 … 889f654910

Last edited by arch_user9998 (2024-10-14 06:45:01)

Arch Linux

#1 2024-10-13 00:12:20

Too stoopid for luks

#2 2024-10-13 00:22:29

Re: Too stoopid for luks

#3 2024-10-13 00:33:39

Re: Too stoopid for luks

#4 2024-10-13 01:41:30

Re: Too stoopid for luks

#5 2024-10-13 09:36:02

Re: Too stoopid for luks

#6 2024-10-13 10:59:30

Re: Too stoopid for luks

#7 2024-10-13 13:12:16

Re: Too stoopid for luks

Board footer