You are not logged in.

Pages: 1

#1 2025-05-06 00:39:12

lattis
Member
Registered: 2025-05-05
Posts: 2

[SOLVED] Boot hangs after encryption password using UKI

I am loosely following along with this blog post: https://walian.co.uk/arch-install-with- … mages.html
The goal is to eventually be able to create a UKI that I can sign with Secureboot.
My setup is similar to what is linked in the blog-post, but I am using ext4 (instead of btrfs), and lvm2.

I am currently on the step right before Secure Boot with TPM2 Unlocking where I am trying to reboot my system with the UKI and decrypt it, but when I enter my password the system hangs (it freezes on the password prompt, so I can still see the prompt, but after I press enter nothing happens).

The only thing I can think of as to why it is broken is either
    1) systemd-boot can't load my rootfs because of lvm
    2) there is something wrong with how I am configuring my kernel parameters
I can decrypt my rootfs just fine when opening it with cryptsetup.

I will include what (might?) be relevant information.

I am making the UKI with mkinitcpio and editing /etc/kernel/cmdline

rd.luks.name=78be1bec-2df4-440e-9452-ede622fffc07=root root=/dev/cryptfs/root rw quiet
resume=/swapfile

The UUID matches what I get when I run

cryptsetup luksDump /dev/nvme1n1p2
# spits out UUID=78be1bec-2df4-440e-9452-ede622fffc07

My /etc/fstab generated with genfstab:

# /dev/mapper/cryptfs-root
UUID=f33e1629-7d1c-474f-be2e-55bd33aebf19  /  ext4  rw,relatime  0 1

# /dev/nvme1n1p1 LABEL=EFI
UUID=5007-EA0A  /efi  vfat  rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro  0 2

# /swapfile
/swapfile  none  swap  defaults  0  0

Running lsblk looks like:

nvme1n1p2
  - cryptlvm
    - cryptfs-root

where my volume group is cryptfs and my logical volume is root.

My /etc/mkinitcpio.d/linux.preset:

ALL_config="/etc/mkinitcpio.conf"
ALL_kver="/boot/vmlinuz-linux"
ALL_microcode=(/boot/*-ucode.img)

PRESETS=('default' 'fallback')

#default_config="/etc/mkinitcpio.conf"
#default_image="/boot/initramfs-linux.img"
default_uki="/efi/EFI/Linux/arch-linux.efi"
default_options="--splash /usr/share/systemd/bootctl/splash-arch.bmp"

#fallback_config="/etc/mkinitcpio.conf"
#fallback_image="/boot/initramfs-linux-fallback.img"
fallback_uki="/efi/EFI/Linux/arch-linux-fallback.efi"
fallback_options="-S autodetect"

And my /etc/mkinitcpio.conf:

HOOKS=(base systemd autodetect microcode modconf kms keyboard sd-vconsole sd-encrypt block lvm2 filesystems resume fsck)

If anyone has any ideas, all help is appreciated. I can also provide more information if I am missing anything important.

Last edited by lattis (2025-05-06 05:31:47)

Offline

#2 2025-05-06 05:29:53

lattis
Member
Registered: 2025-05-05
Posts: 2

Re: [SOLVED] Boot hangs after encryption password using UKI

As is typically the case, I figured out the issue after an excessive amount of hair-pulling.
I had incorrectly set up the resume for the swapfile, and that was causing me to be unable to load into my root filesystem because the swapfile isn't contained within its own partition.
The resume kernel parameter must point to the proper device, which in my case was my root logical volume.

Offline

Pages: 1

Board footer

Powered by FluxBB